From: slim at inbox dot lv
Operating system: linux
PHP version: 5.2.6
PHP Bug Type: IMAP related
Bug description: imap_open function does not check arguments to present.
Description:
------------
"imap_open" function does not check arguments for non-empty values.
Empty arguments crash c-client (as c-client-2006k) with
"php-cgi: IMAP toolkit crash: Unable to look up user name" followed by
php-cgi crash as well.
Reproduce code:
---------------
<?php
echo 'start ';
if ( ($link = imap_open($dsn, $username, $password, $flags)) === false )
{
echo 'cannt open';
}
echo ' finish';
?>
Expected result:
----------------
"imap_open" function should return FALSE in case of missing or empty any
of REQUIRED arg.
Actual result:
--------------
#0 0xb23b5402 in __kernel_vsyscall ()
#1 0xb195c601 in raise () from /lib/libc.so.6
#2 0xb195de5c in abort () from /lib/libc.so.6
#3 0x08395881 in fatal ()
#4 0x0839ccce in myusername_full ()
#5 0x0839ce7c in myhomedir ()
#6 0x083fb667 in mh_path ()
#7 0x083fbf8a in mh_isvalid ()
#8 0x083fca02 in mh_valid ()
#9 0x083a2b98 in mail_valid ()
#10 0x083b0d1b in mail_open ()
#11 0x08157783 in php_imap_do_open (ht=4, return_value=0x8ba2a48,
return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1, persistent=0)
at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/ext/imap/php_imap.c:804
#12 0x08157923 in zif_imap_open (ht=4, return_value=0x8ba2a48,
return_value_ptr=0x0, this_ptr=0x0,
return_value_used=1) at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/ext/imap/php_imap.c:825
#13 0x0833b134 in zend_do_fcall_common_helper_SPEC
(execute_data=0xbc55be40)
at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/Zend/zend_vm_execute.h:200
#14 0x08340d95 in ZEND_DO_FCALL_SPEC_CONST_HANDLER
(execute_data=0xbc55be40)
at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/Zend/zend_vm_execute.h:1679
#15 0x0833ac79 in execute (op_array=0x8b9a568)
at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/Zend/zend_vm_execute.h:92
#16 0x08313b59 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/Zend/zend.c:1134
#17 0x082bbfe9 in php_execute_script (primary_file=0xbc560270)
at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/main/main.c:2007
#18 0x08394dec in main (argc=1, argv=0xbc560364)
at
/var/tmp/portage/dev-lang/php-5.2.6-r2/work/php-5.2.6/sapi/cgi/cgi_main.c:1919
--
Edit bug report at http://bugs.php.net/?id=45466&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=45466&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=45466&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=45466&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=45466&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=45466&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=45466&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=45466&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=45466&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=45466&r=support
Expected behavior: http://bugs.php.net/fix.php?id=45466&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=45466&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=45466&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=45466&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45466&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=45466&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=45466&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=45466&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=45466&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=45466&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=45466&r=mysqlcfg
