-
Notifications
You must be signed in to change notification settings - Fork 0
/
php-5.2.17-mail-header.patch
67 lines (66 loc) · 3.34 KB
/
php-5.2.17-mail-header.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
--- php-5.2.17/ext/standard/mail.c.original 2009-02-25 23:46:16.000000000 +0800
+++ php-5.2.17/ext/standard/mail.c 2009-02-25 23:46:56.000000000 +0800
@@ -201,6 +201,49 @@
char *sendmail_path = INI_STR("sendmail_path");
char *sendmail_cmd = NULL;
+ /* Patched by Giam Teck Choon */
+ /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
+ /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
+ char *headers2=NULL;
+
+ // add a header in the form
+ // X-PHP-Script: <server_name><php_self> for [<forwarded_for>,]<remote-addr>
+ while(1) {
+ zval **server, **remote_addr, **forwarded_for, **php_self, **server_name;
+
+ if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &server)==FAILURE)
+ break;
+ if (Z_TYPE_PP(server)!=IS_ARRAY)
+ break;
+ if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &remote_addr) == FAILURE)
+ break;
+ if (zend_hash_find(Z_ARRVAL_PP(server), "HTTP_X_FORWARDED_FOR", sizeof("HTTP_X_FORWARDED_FOR"), (void **) &forwarded_for) == FAILURE)
+ forwarded_for=NULL;
+ if (zend_hash_find(Z_ARRVAL_PP(server), "PHP_SELF", sizeof("PHP_SELF"), (void **) &php_self) == FAILURE)
+ break;
+ if (zend_hash_find(Z_ARRVAL_PP(server), "SERVER_NAME", sizeof("SERVER_NAME"), (void **) &server_name) == FAILURE)
+ break;
+ headers2 = emalloc(32+Z_STRLEN_PP(server_name)+Z_STRLEN_PP(php_self)
+ +(forwarded_for?Z_STRLEN_PP(forwarded_for)+2:0)
+ +Z_STRLEN_PP(remote_addr));
+ strcpy(headers2, "X-PHP-Script: ");
+ strcat(headers2, Z_STRVAL_PP(server_name));
+ if (strchr(Z_STRVAL_PP(php_self), '\n') != NULL || strchr(Z_STRVAL_PP(php_self), '\r') != NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Newline found in PHP_SELF variable which might cause possible injection '%s'", Z_STRVAL_PP(php_self));
+ }
+ else {
+ strcat(headers2, Z_STRVAL_PP(php_self));
+ }
+ strcat(headers2, " for ");
+ if (forwarded_for) {
+ strcat(headers2, Z_STRVAL_PP(forwarded_for));
+ strcat(headers2, ", ");
+ }
+ strcat(headers2, Z_STRVAL_PP(remote_addr));
+ break;
+ }
+ /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
+
if (!sendmail_path) {
#if (defined PHP_WIN32 || defined NETWARE)
/* handle old style win smtp sending */
@@ -246,6 +289,14 @@
#endif
fprintf(sendmail, "To: %s\n", to);
fprintf(sendmail, "Subject: %s\n", subject);
+ /* Patched by Giam Teck Choon */
+ /* start add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
+ /* Many thanks to Stefan Esser from hardened-php.net to report a security issue regarding PHP_SELF in headers thus I have included an extra check for \n and \r string */
+ if (headers2 != NULL) {
+ fprintf(sendmail, "%s\n", headers2);
+ efree(headers2);
+ }
+ /* end add additional headers with self tweaking with reference to Steve Bennett's PHP mail() header patch at http://www.lancs.ac.uk/~steveb/php-mail-header-patch/ */
if (headers != NULL) {
fprintf(sendmail, "%s\n", headers);
}