Fix GH-7902: mb_send_mail may delimit headers with LF only

cmb69 · cmb69 · commit 03816fba46d5 · 2022-01-18T13:08:08.000+01:00
Email headers are supposed to be separated with CRLF. Period. We introduce a `CRLF` macro for better comprehensibility right away. Closes GH-7907.
diff --git a/NEWS b/NEWS
@@ -14,6 +14,9 @@ PHP                                                                        NEWS
 - FPM:
   . Fixed memory leak on invalid port. (David Carlier)
 
+- MBString:
+  . Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb)
+
 - Sockets:
   . Fixed ext/sockets build on Haiku. (David Carlier)
 
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
@@ -3270,6 +3270,8 @@ PHP_FUNCTION(mb_decode_numericentity)
 		continue;											\
 	}
 
+#define CRLF "\r\n"
+
 static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t str_len)
 {
 	const char *ps;
@@ -3601,7 +3603,7 @@ PHP_FUNCTION(mb_send_mail)
 			|| orig_str.encoding->no_encoding == mbfl_no_encoding_pass) {
 		orig_str.encoding = mbfl_identify_encoding(&orig_str, MBSTRG(current_detect_order_list), MBSTRG(current_detect_order_list_size), MBSTRG(strict_detection));
 	}
-	pstr = mbfl_mime_header_encode(&orig_str, &conv_str, tran_cs, head_enc, "\n", sizeof("Subject: [PHP-jp nnnnnnnn]"));
+	pstr = mbfl_mime_header_encode(&orig_str, &conv_str, tran_cs, head_enc, CRLF, sizeof("Subject: [PHP-jp nnnnnnnn]" CRLF) - 1);
 	if (pstr != NULL) {
 		subject_buf = subject = (char *)pstr->val;
 	}
@@ -3640,14 +3642,14 @@ PHP_FUNCTION(mb_send_mail)
 		n = ZSTR_LEN(str_headers);
 		mbfl_memory_device_strncat(&device, p, n);
 		if (n > 0 && p[n - 1] != '\n') {
-			mbfl_memory_device_strncat(&device, "\n", 1);
+			mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);
 		}
 		zend_string_release_ex(str_headers, 0);
 	}
 
 	if (!zend_hash_str_exists(&ht_headers, "MIME-VERSION", sizeof("MIME-VERSION") - 1)) {
 		mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER1, sizeof(PHP_MBSTR_MAIL_MIME_HEADER1) - 1);
-		mbfl_memory_device_strncat(&device, "\n", 1);
+		mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);
 	}
 
 	if (!suppressed_hdrs.cnt_type) {
@@ -3658,7 +3660,7 @@ PHP_FUNCTION(mb_send_mail)
 			mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER3, sizeof(PHP_MBSTR_MAIL_MIME_HEADER3) - 1);
 			mbfl_memory_device_strcat(&device, p);
 		}
-		mbfl_memory_device_strncat(&device, "\n", 1);
+		mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);
 	}
 	if (!suppressed_hdrs.cnt_trans_enc) {
 		mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER4, sizeof(PHP_MBSTR_MAIL_MIME_HEADER4) - 1);
@@ -3667,9 +3669,10 @@ PHP_FUNCTION(mb_send_mail)
 			p = "7bit";
 		}
 		mbfl_memory_device_strcat(&device, p);
-		mbfl_memory_device_strncat(&device, "\n", 1);
+		mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);
 	}
 
+	mbfl_memory_device_unput(&device);
 	mbfl_memory_device_unput(&device);
 	mbfl_memory_device_output('\0', &device);
 	str_headers = zend_string_init((char *)device.buffer, strlen((char *)device.buffer), 0);
@@ -3707,6 +3710,7 @@ PHP_FUNCTION(mb_send_mail)
 }
 
 #undef SKIP_LONG_HEADER_SEP_MBSTRING
+#undef CRLF
 #undef MAIL_ASCIIZ_CHECK_MBSTRING
 #undef PHP_MBSTR_MAIL_MIME_HEADER1
 #undef PHP_MBSTR_MAIL_MIME_HEADER2
diff --git a/ext/mbstring/tests/gh7902.phpt b/ext/mbstring/tests/gh7902.phpt
@@ -0,0 +1,32 @@
+--TEST--
+GH-7902 (mb_send_mail may delimit headers with LF only)
+--SKIPIF--
+<?php
+if (!extension_loaded("mbstring")) die("skip mbstring extension not available");
+?>
+--INI--
+sendmail_path={MAIL:{PWD}/gh7902.eml}
+--FILE--
+<?php
+mb_internal_encoding("UTF-8");
+mb_language("uni");
+$to = "omittedvalidaddress@example.com";
+$subject = "test mail";
+$message = "body of testing php mail";
+$header["Mime-Version"] = "1.0";
+$header["Content-Type"] = "text/html; charset=UTF-8";
+$header["From"] = "omittedvalidaddress2@example.com";
+$header["X-Mailer"] = "PHP/" . phpversion();
+mb_send_mail($to, $subject, $message, $header);
+
+$stream = fopen(__DIR__ . "/gh7902.eml", "rb");
+$eml = stream_get_contents($stream);
+fclose($stream);
+var_dump(preg_match_all('/(?<!\r)\n/', $eml));
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . "/gh7902.eml");
+?>
+--EXPECT--
+int(0)

Original file line number	Diff line number	Diff line change
`@@ -3270,6 +3270,8 @@ PHP_FUNCTION(mb_decode_numericentity)`
`3270`	`3270`	`continue; \`
`3271`	`3271`	`}`
`3272`	`3272`
	`3273`	`+#define CRLF "\r\n"`
	`3274`	`+`
`3273`	`3275`	`static int _php_mbstr_parse_mail_headers(HashTable ht, const char str, size_t str_len)`
`3274`	`3276`	`{`
`3275`	`3277`	`const char *ps;`
`@@ -3601,7 +3603,7 @@ PHP_FUNCTION(mb_send_mail)`
`3601`	`3603`	`\|\| orig_str.encoding->no_encoding == mbfl_no_encoding_pass) {`
`3602`	`3604`	`orig_str.encoding = mbfl_identify_encoding(&orig_str, MBSTRG(current_detect_order_list), MBSTRG(current_detect_order_list_size), MBSTRG(strict_detection));`
`3603`	`3605`	`}`
`3604`		`- pstr = mbfl_mime_header_encode(&orig_str, &conv_str, tran_cs, head_enc, "\n", sizeof("Subject: [PHP-jp nnnnnnnn]"));`
	`3606`	`+ pstr = mbfl_mime_header_encode(&orig_str, &conv_str, tran_cs, head_enc, CRLF, sizeof("Subject: [PHP-jp nnnnnnnn]" CRLF) - 1);`
`3605`	`3607`	`if (pstr != NULL) {`
`3606`	`3608`	`subject_buf = subject = (char *)pstr->val;`
`3607`	`3609`	`}`
`@@ -3640,14 +3642,14 @@ PHP_FUNCTION(mb_send_mail)`
`3640`	`3642`	`n = ZSTR_LEN(str_headers);`
`3641`	`3643`	`mbfl_memory_device_strncat(&device, p, n);`
`3642`	`3644`	`if (n > 0 && p[n - 1] != '\n') {`
`3643`		`- mbfl_memory_device_strncat(&device, "\n", 1);`
	`3645`	`+ mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);`
`3644`	`3646`	`}`
`3645`	`3647`	`zend_string_release_ex(str_headers, 0);`
`3646`	`3648`	`}`
`3647`	`3649`
`3648`	`3650`	`if (!zend_hash_str_exists(&ht_headers, "MIME-VERSION", sizeof("MIME-VERSION") - 1)) {`
`3649`	`3651`	`mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER1, sizeof(PHP_MBSTR_MAIL_MIME_HEADER1) - 1);`
`3650`		`- mbfl_memory_device_strncat(&device, "\n", 1);`
	`3652`	`+ mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);`
`3651`	`3653`	`}`
`3652`	`3654`
`3653`	`3655`	`if (!suppressed_hdrs.cnt_type) {`
`@@ -3658,7 +3660,7 @@ PHP_FUNCTION(mb_send_mail)`
`3658`	`3660`	`mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER3, sizeof(PHP_MBSTR_MAIL_MIME_HEADER3) - 1);`
`3659`	`3661`	`mbfl_memory_device_strcat(&device, p);`
`3660`	`3662`	`}`
`3661`		`- mbfl_memory_device_strncat(&device, "\n", 1);`
	`3663`	`+ mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);`
`3662`	`3664`	`}`
`3663`	`3665`	`if (!suppressed_hdrs.cnt_trans_enc) {`
`3664`	`3666`	`mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER4, sizeof(PHP_MBSTR_MAIL_MIME_HEADER4) - 1);`
`@@ -3667,9 +3669,10 @@ PHP_FUNCTION(mb_send_mail)`
`3667`	`3669`	`p = "7bit";`
`3668`	`3670`	`}`
`3669`	`3671`	`mbfl_memory_device_strcat(&device, p);`
`3670`		`- mbfl_memory_device_strncat(&device, "\n", 1);`
	`3672`	`+ mbfl_memory_device_strncat(&device, CRLF, sizeof(CRLF)-1);`
`3671`	`3673`	`}`
`3672`	`3674`
	`3675`	`+ mbfl_memory_device_unput(&device);`
`3673`	`3676`	`mbfl_memory_device_unput(&device);`
`3674`	`3677`	`mbfl_memory_device_output('\0', &device);`
`3675`	`3678`	`str_headers = zend_string_init((char )device.buffer, strlen((char )device.buffer), 0);`
`@@ -3707,6 +3710,7 @@ PHP_FUNCTION(mb_send_mail)`
`3707`	`3710`	`}`
`3708`	`3711`
`3709`	`3712`	`#undef SKIP_LONG_HEADER_SEP_MBSTRING`
	`3713`	`+#undef CRLF`
`3710`	`3714`	`#undef MAIL_ASCIIZ_CHECK_MBSTRING`
`3711`	`3715`	`#undef PHP_MBSTR_MAIL_MIME_HEADER1`
`3712`	`3716`	`#undef PHP_MBSTR_MAIL_MIME_HEADER2`