From: Ilia Alshanetsky Date: Wed, 21 Jul 2004 21:57:13 +0000 (+0000) Subject: MFH: Fixed bug #29209 (imap_fetchbody() doesn't check message index). X-Git-Tag: php-4.3.9RC1~30 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cc47667fb05d6097fc006385bcb8706f663819c1;p=php MFH: Fixed bug #29209 (imap_fetchbody() doesn't check message index). --- diff --git a/NEWS b/NEWS index 504bf36380..24bce305fb 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,8 @@ PHP 4 NEWS for doing performance stats without warnings in server-log. (Uwe Schindler) - Fixed bug #29226 (ctype_* functions missing validation of numeric string representations). (Ilia) +- Fixed bug #29209 (imap_fetchbody() doesn't check message index). (Ilia, + tony2001 at phpclub dot net) - Fixed bug #29116 (Zend constant warning uses memory after free). (Marcus, jdolecek at NetBSD dot org) - Fixed bug #29114 (Potential double free in php_stat). (Sara) diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 8f9adda0bb..ff00060d5c 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -181,6 +181,12 @@ ZEND_GET_MODULE(imap) /* True globals, no need for thread safety */ static int le_imap; +#define PHP_IMAP_CHECK_MSGNO(msgindex) \ + if ((msgindex < 1) || ((unsigned) msgindex > imap_le_struct->imap_stream->nmsgs)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Bad message number"); \ + RETURN_FALSE; \ + } \ + /* {{{ mail_close_it */ static void mail_close_it(zend_rsrc_list_entry *rsrc TSRMLS_DC) @@ -1485,10 +1491,7 @@ PHP_FUNCTION(imap_headerinfo) convert_to_string_ex(defaulthost); } - if (!Z_LVAL_PP(msgno) || Z_LVAL_PP(msgno) < 1 || (unsigned) Z_LVAL_PP(msgno) > imap_le_struct->imap_stream->nmsgs) { - php_error(E_WARNING, "%s(): Bad message number", get_active_function_name(TSRMLS_C)); - RETURN_FALSE; - } + PHP_IMAP_CHECK_MSGNO(Z_LVAL_PP(msgno)); if (mail_fetchstructure(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), NIL)) { cache = mail_elt(imap_le_struct->imap_stream, Z_LVAL_PP(msgno)); @@ -1737,10 +1740,8 @@ PHP_FUNCTION(imap_fetchstructure) } else { msgindex = Z_LVAL_PP(msgno); } - if ((msgindex < 1) || ((unsigned) msgindex > imap_le_struct->imap_stream->nmsgs)) { - php_error(E_WARNING, "%s(): Bad message number", get_active_function_name(TSRMLS_C)); - RETURN_FALSE; - } + + PHP_IMAP_CHECK_MSGNO(msgindex); mail_fetchstructure_full(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), &body , myargc == 3 ? Z_LVAL_PP(flags) : NIL); @@ -1775,6 +1776,8 @@ PHP_FUNCTION(imap_fetchbody) convert_to_long_ex(flags); } + PHP_IMAP_CHECK_MSGNO(Z_LVAL_PP(msgno)); + body = mail_fetchbody_full(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), Z_STRVAL_PP(sec), &len, myargc==4 ? Z_LVAL_PP(flags) : NIL); if (!body) { @@ -2478,10 +2481,7 @@ PHP_FUNCTION(imap_fetchheader) msgindex = Z_LVAL_PP(msgno); } - if ((msgindex < 1) || ((unsigned) msgindex > imap_le_struct->imap_stream->nmsgs)) { - php_error(E_WARNING, "%s(): Bad message number", get_active_function_name(TSRMLS_C)); - RETURN_FALSE; - } + PHP_IMAP_CHECK_MSGNO(msgindex); RETVAL_STRING(mail_fetchheader_full(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), NIL, NIL, (myargc == 3 ? Z_LVAL_PP(flags) : NIL)), 1); }