From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 30 Mar 2007 00:28:58 +0000 (+0000)
Subject: Fixed MOPB-34-2007:PHP mail() Header Injection Through Subject and To
X-Git-Tag: php-5.2.2RC1~76
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=86ca439a5d27249f4190daef40a9de029de8a159;p=php

Fixed MOPB-34-2007:PHP mail() Header Injection Through Subject and To
Parameters
---

diff --git a/ext/standard/mail.c b/ext/standard/mail.c
index 6c5f3ec9cf..08f0a121c7 100644
--- a/ext/standard/mail.c
+++ b/ext/standard/mail.c
@@ -48,8 +48,8 @@
 
 #define SKIP_LONG_HEADER_SEP(str, pos)										\
 	if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) {	\
-		pos += 3;											\
-		while (str[pos] == ' ' || str[pos] == '\t') {							\
+		pos += 2;											\
+		while (str[pos + 1] == ' ' || str[pos + 1] == '\t') {							\
 			pos++;											\
 		}												\
 		continue;											\