ID: 42862 Updated by: [EMAIL PROTECTED] Reported By: Maylein at ub dot uni-heidelberg dot de -Status: Assigned +Status: Closed Bug Type: IMAP related Operating System: * PHP Version: 5.2.6 Assigned To: pajoye New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-10-14 18:48:06] [EMAIL PROTECTED] Also, what is the requirement for using rfc822_output_address_list - what is minimal c-client lib version that has it supported? ------------------------------------------------------------------------ [2008-10-14 00:38:06] [EMAIL PROTECTED] Looking at the current code, it looks like there's no actual overflow, but rfc822_write_address is limited so the abort happens. I am not seeing code path that would lead to rfc822_write_address writing more data than buffer size, unless I misunderstand how _php_imap_address_size works. Is this impression correct? If so, we still need to fix it since abort() is a nasty things, but it doesn't seem to be a security issue. ------------------------------------------------------------------------ [2008-07-21 21:48:00] [EMAIL PROTECTED] I will give it some love while working on the imap lib. ------------------------------------------------------------------------ [2008-07-08 18:27:11] david at blue-labs dot org please fix 008_imap-bufferoverflows.patch to include the typedef for RFC822BUFFER. /* Output buffering for RFC [2]822 */ typedef long (*soutr_t) (void *stream,char *string); typedef struct rfc822buffer { soutr_t f; /* I/O flush routine */ void *s; /* stream for I/O routine */ char *beg; /* start of buffer */ char *cur; /* current buffer pointer */ char *end; /* end of buffer */ } RFC822BUFFER; ------------------------------------------------------------------------ [2008-06-24 10:54:50] hoffie at gentoo dot org This is CVE-2008-2829. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/42862 -- Edit this bug report at http://bugs.php.net/?id=42862&edit=1
