]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9d2662e)
Fixed bug #75774 imap_append HeapCorruction
authorAnatol Belski <ab@php.net>
Fri, 12 Jan 2018 16:13:18 +0000 (17:13 +0100)
committerAnatol Belski <ab@php.net>
Fri, 12 Jan 2018 16:13:18 +0000 (17:13 +0100)
ext/imap/php_imap.c patch | blob | history
ext/imap/tests/bug75774.phpt [new file with mode: 0644] patch | blob

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 3e5b49e0d78758d14940aa690be00734f3cf87f1..acde3ba6295fd2d87b0a5d42890b36858e0e2664 100644 (file)
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1312,18 +1312,18 @@ PHP_FUNCTION(imap_append)
        zend_string *folder, *message, *internal_date = NULL, *flags = NULL;
        pils *imap_le_struct;
        STRING st;
-       zend_string* regex;
-       pcre_cache_entry *pce;                          /* Compiled regex */
-       zval *subpats = NULL;                           /* Parts (not used) */
-       int global = 0;
 
        if (zend_parse_parameters(ZEND_NUM_ARGS(), "rSS|SS", &streamind, &folder, &message, &flags, &internal_date) == FAILURE) {
                return;
        }
 
-       regex  = zend_string_init("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/", sizeof("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/") - 1, 0);
 
        if (internal_date) {
+               zend_string *regex  = zend_string_init("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/", sizeof("/[0-3][0-9]-((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))-[0-9]{4} [0-2][0-9]:[0-5][0-9]:[0-5][0-9] [+-][0-9]{4}/") - 1, 0);
+               pcre_cache_entry *pce;                          /* Compiled regex */
+               zval *subpats = NULL;                           /* Parts (not used) */
+               int global = 0;
+
                /* Make sure the given internal_date string matches the RFC specifiedformat */
                if ((pce = pcre_get_compiled_regex_cache(regex))== NULL) {
                        zend_string_free(regex);
@@ -1340,7 +1340,6 @@ PHP_FUNCTION(imap_append)
                }
        }
 
-       zend_string_free(regex);
        if ((imap_le_struct = (pils *)zend_fetch_resource(Z_RES_P(streamind), "imap", le_imap)) == NULL) {
                RETURN_FALSE;
        }
diff --git a/ext/imap/tests/bug75774.phpt b/ext/imap/tests/bug75774.phpt
new file mode 100644 (file)
index 0000000..ba08ab0
--- /dev/null
+++ b/ext/imap/tests/bug75774.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #75774 imap_append HeapCorruction
+--SKIPIF--
+<?php
+extension_loaded('imap') or die('skip imap extension not available in this build');
+?>
+--FILE--
+<?php
+
+$fn = __DIR__ . DIRECTORY_SEPARATOR . "foo75774";
+$var1=fopen($fn, "w");
+
+imap_append($var1, "", "", "", "");
+
+fclose($var1);
+unlink($fn);
+
+?>
+==DONE==
+--EXPECTF--
+Warning: imap_append(): internal date not correctly formatted in %s on line %d
+
+Warning: imap_append(): supplied resource is not a valid imap resource in %s on line %d
+==DONE==
Unnamed repository; edit this file 'description' to name the repository.