mirror of
https://github.com/php/php-src.git
synced 2024-12-18 14:30:35 +08:00
Fix #73203: passing additional_parameters causes mail to fail
We make sure that there's no unsigned underflow, which happened for `y==0`.
This commit is contained in:
parent
703c247c7d
commit
e72165bb86
3
NEWS
3
NEWS
@ -2,6 +2,9 @@ PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
?? ??? 2016, PHP 5.6.28
|
||||
|
||||
- Standard:
|
||||
. Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
|
||||
|
||||
13 Oct 2016, PHP 5.6.27
|
||||
|
||||
- Core:
|
||||
|
@ -372,7 +372,7 @@ PHPAPI char *php_escape_shell_cmd(char *str)
|
||||
}
|
||||
cmd[y] = '\0';
|
||||
|
||||
if (y - 1 > cmd_max_len) {
|
||||
if (y > cmd_max_len + 1) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Escaped command exceeds the allowed length of %d bytes", cmd_max_len);
|
||||
efree(cmd);
|
||||
return NULL;
|
||||
@ -459,7 +459,7 @@ PHPAPI char *php_escape_shell_arg(char *str)
|
||||
#endif
|
||||
cmd[y] = '\0';
|
||||
|
||||
if (y - 1 > cmd_max_len) {
|
||||
if (y > cmd_max_len + 1) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Escaped argument exceeds the allowed length of %d bytes", cmd_max_len);
|
||||
efree(cmd);
|
||||
return NULL;
|
||||
|
24
ext/standard/tests/mail/bug73203.phpt
Normal file
24
ext/standard/tests/mail/bug73203.phpt
Normal file
@ -0,0 +1,24 @@
|
||||
--TEST--
|
||||
Bug #73203 (passing additional_parameters causes mail to fail)
|
||||
--DESCRIPTION--
|
||||
We're not really interested in testing mail() here, but it is currently the
|
||||
only function besides mb_send_mail() which allows to call php_escape_shell_cmd()
|
||||
with an empty string. Therefore we don't check the resulting email, but only
|
||||
verify that the call succeeds.
|
||||
--INI--
|
||||
sendmail_path=cat >/dev/null
|
||||
mail.add_x_header = Off
|
||||
--SKIPIF--
|
||||
<?php
|
||||
if (substr(PHP_OS, 0, 3) === 'WIN') die('skip won\'t run on Windows');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump(
|
||||
mail('test@example.com', 'subject', 'message', 'From: lala@example.com', '')
|
||||
);
|
||||
?>
|
||||
===DONE===
|
||||
--EXPECT--
|
||||
bool(true)
|
||||
===DONE===
|
Loading…
Reference in New Issue
Block a user