Hi,
In the cyrus_connect() php function, the Cyrus function
imclient_connect() is called, and its return value is checked for
0, -1 or -2. There is a problem with that however:
a) imclient_connect() returns in fact 0, -1, -2 OR the value of
errno (if something outside of imclient_connect()'s scope failed).
This can and will happen if you pass it a valid hostname where
no IMAP server is listening.
From the man page:
imclient_connect()
Connects the client server to the host. If successful,
it returns 0 and sets the imclient argument to a
pointer to an imclient struct. The imclient struct
represents the current connection, flags, and
callbacks. On failure, the current errno is returned if
---------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
a system call failed, -1 is returned if the host name
was not found, and -2 is returned if the service name
was not found.
b) conn can be uninitialized if the return value is not 0, -1 or -2,
but it WILL be used in ZEND_REGISTER_RESOURCE, and will be
dereferenced at the end of PHP_FUNCTION(cyrus_connect).
Find a patch which tries to be more conservative about pointers, plus
it checks the errno-branch of imclient_connect()'s return.
Martin
Martin.Kraemer@Fujitsu-Siemens.com | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
Hi,
Thank you for the patch. Cyrus extension is now in PECL
(http://pecl.php.net/) and I'm the primary maintainer of it.
I think the problems you pointed out were already addressed and
fixed in CVS. Please check out the source at
http://cvs.php.net/cvs.php/pecl/cyrus/ and send me a patch
if you still think something is missing then.
Regards,
Moriyoshi
Hi,
In the cyrus_connect() php function, the Cyrus function
imclient_connect() is called, and its return value is checked for
0, -1 or -2. There is a problem with that however:a) imclient_connect() returns in fact 0, -1, -2 OR the value of
errno (if something outside of imclient_connect()'s scope failed).
This can and will happen if you pass it a valid hostname where
no IMAP server is listening.
From the man page:
imclient_connect()
Connects the client server to the host. If successful,
it returns 0 and sets the imclient argument to a
pointer to an imclient struct. The imclient struct
represents the current connection, flags, and
callbacks. On failure, the current errno is returned if
---------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
a system call failed, -1 is returned if the host name
was not found, and -2 is returned if the service name
was not found.b) conn can be uninitialized if the return value is not 0, -1 or -2,
but it WILL be used in ZEND_REGISTER_RESOURCE, and will be
dereferenced at the end of PHP_FUNCTION(cyrus_connect).Find a patch which tries to be more conservative about pointers, plus
it checks the errno-branch of imclient_connect()'s return.Martin
Martin.Kraemer@Fujitsu-Siemens.com | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
<cyrus.c.diff