1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Author: Rasmus Lerdorf <rasmus@php.net> |
14 +----------------------------------------------------------------------+
15 */
16
17 #include <stdlib.h>
18 #include <ctype.h>
19 #include <stdio.h>
20 #include <time.h>
21 #include "php.h"
22 #include "ext/standard/info.h"
23 #include "ext/standard/php_string.h"
24 #include "ext/standard/basic_functions.h"
25 #include "ext/date/php_date.h"
26 #include "zend_smart_str.h"
27
28 #ifdef HAVE_SYSEXITS_H
29 # include <sysexits.h>
30 #endif
31 #ifdef HAVE_SYS_SYSEXITS_H
32 # include <sys/sysexits.h>
33 #endif
34
35 #if PHP_SIGCHILD
36 # include <signal.h>
37 #endif
38
39 #include "php_syslog.h"
40 #include "php_mail.h"
41 #include "php_ini.h"
42 #include "exec.h"
43
44 #ifdef PHP_WIN32
45 # include "win32/sendmail.h"
46 #endif
47
48 #define SKIP_LONG_HEADER_SEP(str, pos) \
49 if (str[pos] == '\r' && str[pos + 1] == '\n' && (str[pos + 2] == ' ' || str[pos + 2] == '\t')) { \
50 pos += 2; \
51 while (str[pos + 1] == ' ' || str[pos + 1] == '\t') { \
52 pos++; \
53 } \
54 continue; \
55 } \
56
57 extern zend_long php_getuid(void);
58
59 typedef enum {
60 NO_HEADER_ERROR,
61 CONTAINS_LF_ONLY,
62 CONTAINS_CR_ONLY,
63 CONTAINS_CRLF,
64 CONTAINS_NULL
65 } php_mail_header_value_error_type;
66
php_mail_build_headers_check_field_value(zval * val)67 static php_mail_header_value_error_type php_mail_build_headers_check_field_value(zval *val)
68 {
69 size_t len = 0;
70 zend_string *value = Z_STR_P(val);
71
72 /* https://tools.ietf.org/html/rfc2822#section-2.2.1 */
73 /* https://tools.ietf.org/html/rfc2822#section-2.2.3 */
74 while (len < value->len) {
75 if (*(value->val+len) == '\r') {
76 if (*(value->val+len+1) != '\n') {
77 return CONTAINS_CR_ONLY;
78 }
79
80 if (value->len - len >= 3
81 && (*(value->val+len+2) == ' ' || *(value->val+len+2) == '\t')) {
82 len += 3;
83 continue;
84 }
85
86 return CONTAINS_CRLF;
87 }
88 /**
89 * The RFC does not allow using LF alone for folding. However, LF is
90 * often treated similarly to CRLF, and there are likely many user
91 * environments that use LF for folding.
92 * Therefore, considering such an environment, folding with LF alone
93 * is allowed.
94 */
95 if (*(value->val+len) == '\n') {
96 if (value->len - len >= 2
97 && (*(value->val+len+1) == ' ' || *(value->val+len+1) == '\t')) {
98 len += 2;
99 continue;
100 }
101 return CONTAINS_LF_ONLY;
102 }
103 if (*(value->val+len) == '\0') {
104 return CONTAINS_NULL;
105 }
106 len++;
107 }
108 return NO_HEADER_ERROR;
109 }
110
111
php_mail_build_headers_check_field_name(zend_string * key)112 static bool php_mail_build_headers_check_field_name(zend_string *key)
113 {
114 size_t len = 0;
115
116 /* https://tools.ietf.org/html/rfc2822#section-2.2 */
117 while (len < key->len) {
118 if (*(key->val+len) < 33 || *(key->val+len) > 126 || *(key->val+len) == ':') {
119 return FAILURE;
120 }
121 len++;
122 }
123 return SUCCESS;
124 }
125
126
127 static void php_mail_build_headers_elems(smart_str *s, zend_string *key, zval *val);
128
php_mail_build_headers_elem(smart_str * s,zend_string * key,zval * val)129 static void php_mail_build_headers_elem(smart_str *s, zend_string *key, zval *val)
130 {
131 switch(Z_TYPE_P(val)) {
132 case IS_STRING:
133 if (php_mail_build_headers_check_field_name(key) != SUCCESS) {
134 zend_value_error("Header name \"%s\" contains invalid characters", ZSTR_VAL(key));
135 return;
136 }
137
138 php_mail_header_value_error_type error_type = php_mail_build_headers_check_field_value(val);
139 switch (error_type) {
140 case NO_HEADER_ERROR:
141 break;
142 case CONTAINS_LF_ONLY:
143 zend_value_error("Header \"%s\" contains LF character that is not allowed in the header", ZSTR_VAL(key));
144 return;
145 case CONTAINS_CR_ONLY:
146 zend_value_error("Header \"%s\" contains CR character that is not allowed in the header", ZSTR_VAL(key));
147 return;
148 case CONTAINS_CRLF:
149 zend_value_error("Header \"%s\" contains CRLF characters that are used as a line separator and are not allowed in the header", ZSTR_VAL(key));
150 return;
151 case CONTAINS_NULL:
152 zend_value_error("Header \"%s\" contains NULL character that is not allowed in the header", ZSTR_VAL(key));
153 return;
154 default:
155 // fallback
156 zend_value_error("Header \"%s\" has invalid format, or contains invalid characters", ZSTR_VAL(key));
157 return;
158 }
159 smart_str_append(s, key);
160 smart_str_appendl(s, ": ", 2);
161 smart_str_appends(s, Z_STRVAL_P(val));
162 smart_str_appendl(s, "\r\n", 2);
163 break;
164 case IS_ARRAY:
165 php_mail_build_headers_elems(s, key, val);
166 break;
167 default:
168 zend_type_error("Header \"%s\" must be of type array|string, %s given", ZSTR_VAL(key), zend_zval_value_name(val));
169 }
170 }
171
172
php_mail_build_headers_elems(smart_str * s,zend_string * key,zval * val)173 static void php_mail_build_headers_elems(smart_str *s, zend_string *key, zval *val)
174 {
175 zend_string *tmp_key;
176 zval *tmp_val;
177
178 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(val), tmp_key, tmp_val) {
179 if (tmp_key) {
180 zend_type_error("Header \"%s\" must only contain numeric keys, \"%s\" found", ZSTR_VAL(key), ZSTR_VAL(tmp_key));
181 break;
182 }
183 ZVAL_DEREF(tmp_val);
184 if (Z_TYPE_P(tmp_val) != IS_STRING) {
185 zend_type_error("Header \"%s\" must only contain values of type string, %s found", ZSTR_VAL(key), zend_zval_value_name(tmp_val));
186 break;
187 }
188 php_mail_build_headers_elem(s, key, tmp_val);
189 } ZEND_HASH_FOREACH_END();
190 }
191
192 #define PHP_MAIL_BUILD_HEADER_CHECK(target, s, key, val) \
193 do { \
194 if (Z_TYPE_P(val) == IS_STRING) { \
195 php_mail_build_headers_elem(&s, key, val); \
196 } else if (Z_TYPE_P(val) == IS_ARRAY) { \
197 if (zend_string_equals_literal_ci(key, target)) { \
198 zend_type_error("Header \"%s\" must be of type string, array given", target); \
199 break; \
200 } \
201 php_mail_build_headers_elems(&s, key, val); \
202 } else { \
203 zend_type_error("Header \"%s\" must be of type array|string, %s given", ZSTR_VAL(key), zend_zval_value_name(val)); \
204 } \
205 } while(0)
206
php_mail_build_headers(HashTable * headers)207 PHPAPI zend_string *php_mail_build_headers(HashTable *headers)
208 {
209 zend_ulong idx;
210 zend_string *key;
211 zval *val;
212 smart_str s = {0};
213
214 ZEND_HASH_FOREACH_KEY_VAL(headers, idx, key, val) {
215 if (!key) {
216 zend_type_error("Header name cannot be numeric, " ZEND_LONG_FMT " given", idx);
217 break;
218 }
219 ZVAL_DEREF(val);
220 /* https://tools.ietf.org/html/rfc2822#section-3.6 */
221 if (zend_string_equals_literal_ci(key, "orig-date")) {
222 PHP_MAIL_BUILD_HEADER_CHECK("orig-date", s, key, val);
223 } else if (zend_string_equals_literal_ci(key, "from")) {
224 PHP_MAIL_BUILD_HEADER_CHECK("from", s, key, val);
225 } else if (zend_string_equals_literal_ci(key, "sender")) {
226 PHP_MAIL_BUILD_HEADER_CHECK("sender", s, key, val);
227 } else if (zend_string_equals_literal_ci(key, "reply-to")) {
228 PHP_MAIL_BUILD_HEADER_CHECK("reply-to", s, key, val);
229 } else if (zend_string_equals_literal_ci(key, "to")) {
230 zend_value_error("The additional headers cannot contain the \"To\" header");
231 } else if (zend_string_equals_literal_ci(key, "cc")) {
232 PHP_MAIL_BUILD_HEADER_CHECK("cc", s, key, val);
233 } else if (zend_string_equals_literal_ci(key, "bcc")) {
234 PHP_MAIL_BUILD_HEADER_CHECK("bcc", s, key, val);
235 } else if (zend_string_equals_literal_ci(key, "message-id")) {
236 PHP_MAIL_BUILD_HEADER_CHECK("message-id", s, key, val);
237 } else if (zend_string_equals_literal_ci(key, "references")) {
238 PHP_MAIL_BUILD_HEADER_CHECK("references", s, key, val);
239 } else if (zend_string_equals_literal_ci(key, "in-reply-to")) {
240 PHP_MAIL_BUILD_HEADER_CHECK("in-reply-to", s, key, val);
241 } else if (zend_string_equals_literal_ci(key, "subject")) {
242 zend_value_error("The additional headers cannot contain the \"Subject\" header");
243 } else {
244 if (Z_TYPE_P(val) == IS_STRING) {
245 php_mail_build_headers_elem(&s, key, val);
246 } else if (Z_TYPE_P(val) == IS_ARRAY) {
247 php_mail_build_headers_elems(&s, key, val);
248 } else {
249 zend_type_error("Header \"%s\" must be of type array|string, %s given", ZSTR_VAL(key), zend_zval_value_name(val));
250 }
251 }
252
253 if (EG(exception)) {
254 smart_str_free(&s);
255 return NULL;
256 }
257 } ZEND_HASH_FOREACH_END();
258
259 /* Remove the last \r\n */
260 if (s.s) s.s->len -= 2;
261 smart_str_0(&s);
262
263 return s.s;
264 }
265
266
267 /* {{{ Send an email message */
PHP_FUNCTION(mail)268 PHP_FUNCTION(mail)
269 {
270 char *to=NULL, *message=NULL;
271 char *subject=NULL;
272 zend_string *extra_cmd=NULL;
273 zend_string *headers_str = NULL;
274 HashTable *headers_ht = NULL;
275 size_t to_len, message_len;
276 size_t subject_len, i;
277 char *to_r, *subject_r;
278
279 ZEND_PARSE_PARAMETERS_START(3, 5)
280 Z_PARAM_PATH(to, to_len)
281 Z_PARAM_PATH(subject, subject_len)
282 Z_PARAM_PATH(message, message_len)
283 Z_PARAM_OPTIONAL
284 Z_PARAM_ARRAY_HT_OR_STR(headers_ht, headers_str)
285 Z_PARAM_PATH_STR(extra_cmd)
286 ZEND_PARSE_PARAMETERS_END();
287
288 if (headers_str) {
289 if (strlen(ZSTR_VAL(headers_str)) != ZSTR_LEN(headers_str)) {
290 zend_argument_value_error(4, "must not contain any null bytes");
291 RETURN_THROWS();
292 }
293 headers_str = php_trim(headers_str, NULL, 0, 2);
294 } else if (headers_ht) {
295 headers_str = php_mail_build_headers(headers_ht);
296 if (EG(exception)) {
297 RETURN_THROWS();
298 }
299 }
300
301 if (to_len > 0) {
302 to_r = estrndup(to, to_len);
303 for (; to_len; to_len--) {
304 if (!isspace((unsigned char) to_r[to_len - 1])) {
305 break;
306 }
307 to_r[to_len - 1] = '\0';
308 }
309 for (i = 0; to_r[i]; i++) {
310 if (iscntrl((unsigned char) to_r[i])) {
311 /* According to RFC 822, section 3.1.1 long headers may be separated into
312 * parts using CRLF followed at least one linear-white-space character ('\t' or ' ').
313 * To prevent these separators from being replaced with a space, we use the
314 * SKIP_LONG_HEADER_SEP to skip over them. */
315 SKIP_LONG_HEADER_SEP(to_r, i);
316 to_r[i] = ' ';
317 }
318 }
319 } else {
320 to_r = to;
321 }
322
323 if (subject_len > 0) {
324 subject_r = estrndup(subject, subject_len);
325 for (; subject_len; subject_len--) {
326 if (!isspace((unsigned char) subject_r[subject_len - 1])) {
327 break;
328 }
329 subject_r[subject_len - 1] = '\0';
330 }
331 for (i = 0; subject_r[i]; i++) {
332 if (iscntrl((unsigned char) subject_r[i])) {
333 SKIP_LONG_HEADER_SEP(subject_r, i);
334 subject_r[i] = ' ';
335 }
336 }
337 } else {
338 subject_r = subject;
339 }
340
341 zend_string *force_extra_parameters = zend_ini_str_ex("mail.force_extra_parameters", strlen("mail.force_extra_parameters"), false, NULL);
342 if (force_extra_parameters) {
343 extra_cmd = php_escape_shell_cmd(force_extra_parameters);
344 } else if (extra_cmd) {
345 extra_cmd = php_escape_shell_cmd(extra_cmd);
346 }
347
348 if (php_mail(to_r, subject_r, message, headers_str && ZSTR_LEN(headers_str) ? ZSTR_VAL(headers_str) : NULL, extra_cmd ? ZSTR_VAL(extra_cmd) : NULL)) {
349 RETVAL_TRUE;
350 } else {
351 RETVAL_FALSE;
352 }
353
354 if (headers_str) {
355 zend_string_release_ex(headers_str, 0);
356 }
357
358 if (extra_cmd) {
359 zend_string_release_ex(extra_cmd, 0);
360 }
361 if (to_r != to) {
362 efree(to_r);
363 }
364 if (subject_r != subject) {
365 efree(subject_r);
366 }
367 }
368 /* }}} */
369
370
php_mail_log_crlf_to_spaces(char * message)371 static void php_mail_log_crlf_to_spaces(char *message) {
372 /* Find all instances of carriage returns or line feeds and
373 * replace them with spaces. Thus, a log line is always one line
374 * long
375 */
376 char *p = message;
377 while ((p = strpbrk(p, "\r\n"))) {
378 *p = ' ';
379 }
380 }
381
php_mail_log_to_syslog(char * message)382 static void php_mail_log_to_syslog(char *message) {
383 /* Write 'message' to syslog. */
384 #ifdef HAVE_SYSLOG_H
385 php_syslog(LOG_NOTICE, "%s", message);
386 #endif
387 }
388
389
php_mail_log_to_file(char * filename,char * message,size_t message_size)390 static void php_mail_log_to_file(char *filename, char *message, size_t message_size) {
391 /* Write 'message' to the given file. */
392 uint32_t flags = REPORT_ERRORS | STREAM_DISABLE_OPEN_BASEDIR;
393 php_stream *stream = php_stream_open_wrapper(filename, "a", flags, NULL);
394 if (stream) {
395 php_stream_write(stream, message, message_size);
396 php_stream_close(stream);
397 }
398 }
399
400
php_mail_detect_multiple_crlf(const char * hdr)401 static int php_mail_detect_multiple_crlf(const char *hdr) {
402 /* This function detects multiple/malformed multiple newlines. */
403
404 if (!hdr || !strlen(hdr)) {
405 return 0;
406 }
407
408 /* Should not have any newlines at the beginning. */
409 /* RFC 2822 2.2. Header Fields */
410 if (*hdr < 33 || *hdr > 126 || *hdr == ':') {
411 return 1;
412 }
413
414 while(*hdr) {
415 if (*hdr == '\r') {
416 if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || (*(hdr+1) == '\n' && (*(hdr+2) == '\0' || *(hdr+2) == '\n' || *(hdr+2) == '\r'))) {
417 /* Malformed or multiple newlines. */
418 return 1;
419 } else {
420 hdr += 2;
421 }
422 } else if (*hdr == '\n') {
423 if (*(hdr+1) == '\0' || *(hdr+1) == '\r' || *(hdr+1) == '\n') {
424 /* Malformed or multiple newlines. */
425 return 1;
426 } else {
427 hdr += 2;
428 }
429 } else {
430 hdr++;
431 }
432 }
433
434 return 0;
435 }
436
437
438 /* {{{ php_mail */
php_mail(const char * to,const char * subject,const char * message,const char * headers,const char * extra_cmd)439 PHPAPI bool php_mail(const char *to, const char *subject, const char *message, const char *headers, const char *extra_cmd)
440 {
441 FILE *sendmail;
442 char *sendmail_path = INI_STR("sendmail_path");
443 char *sendmail_cmd = NULL;
444 char *mail_log = INI_STR("mail.log");
445 const char *hdr = headers;
446 char *ahdr = NULL;
447 #if PHP_SIGCHILD
448 void (*sig_handler)() = NULL;
449 #endif
450
451 #define MAIL_RET(val) \
452 if (ahdr != NULL) { \
453 efree(ahdr); \
454 } \
455 return val; \
456
457 if (mail_log && *mail_log) {
458 char *logline;
459
460 spprintf(&logline, 0, "mail() on [%s:%d]: To: %s -- Headers: %s -- Subject: %s", zend_get_executed_filename(), zend_get_executed_lineno(), to, hdr ? hdr : "", subject);
461
462 if (hdr) {
463 php_mail_log_crlf_to_spaces(logline);
464 }
465
466 if (!strcmp(mail_log, "syslog")) {
467 php_mail_log_to_syslog(logline);
468 } else {
469 /* Add date when logging to file */
470 char *tmp;
471 time_t curtime;
472 zend_string *date_str;
473 size_t len;
474
475
476 time(&curtime);
477 date_str = php_format_date("d-M-Y H:i:s e", 13, curtime, 1);
478 len = spprintf(&tmp, 0, "[%s] %s%s", date_str->val, logline, PHP_EOL);
479
480 php_mail_log_to_file(mail_log, tmp, len);
481
482 zend_string_free(date_str);
483 efree(tmp);
484 }
485
486 efree(logline);
487 }
488
489 if (EG(exception)) {
490 MAIL_RET(false);
491 }
492
493 char *line_sep = PG(mail_mixed_lf_and_crlf) ? "\n" : "\r\n";
494
495 if (PG(mail_x_header)) {
496 const char *tmp = zend_get_executed_filename();
497 zend_string *f;
498
499 f = php_basename(tmp, strlen(tmp), NULL, 0);
500
501 if (headers != NULL && *headers) {
502 spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s%s%s", php_getuid(), ZSTR_VAL(f), line_sep, headers);
503 } else {
504 spprintf(&ahdr, 0, "X-PHP-Originating-Script: " ZEND_LONG_FMT ":%s", php_getuid(), ZSTR_VAL(f));
505 }
506 hdr = ahdr;
507 zend_string_release_ex(f, 0);
508 }
509
510 if (hdr && php_mail_detect_multiple_crlf(hdr)) {
511 php_error_docref(NULL, E_WARNING, "Multiple or malformed newlines found in additional_header");
512 MAIL_RET(false);
513 }
514
515 if (!sendmail_path) {
516 #ifdef PHP_WIN32
517 int tsm_err;
518 char *tsm_errmsg = NULL;
519
520 /* handle old style win smtp sending */
521 if (TSendMail(INI_STR("SMTP"), &tsm_err, &tsm_errmsg, hdr, subject, to, message, NULL, NULL, NULL) == FAILURE) {
522 if (tsm_errmsg) {
523 php_error_docref(NULL, E_WARNING, "%s", tsm_errmsg);
524 efree(tsm_errmsg);
525 } else {
526 php_error_docref(NULL, E_WARNING, "%s", GetSMErrorText(tsm_err));
527 }
528 MAIL_RET(false);
529 }
530 MAIL_RET(true);
531 #else
532 MAIL_RET(false);
533 #endif
534 }
535 if (extra_cmd != NULL) {
536 spprintf(&sendmail_cmd, 0, "%s %s", sendmail_path, extra_cmd);
537 } else {
538 sendmail_cmd = sendmail_path;
539 }
540
541 #if PHP_SIGCHILD
542 /* Set signal handler of SIGCHLD to default to prevent other signal handlers
543 * from being called and reaping the return code when our child exits.
544 * The original handler needs to be restored after pclose() */
545 sig_handler = (void *)signal(SIGCHLD, SIG_DFL);
546 if (sig_handler == SIG_ERR) {
547 sig_handler = NULL;
548 }
549 #endif
550
551 #ifdef PHP_WIN32
552 sendmail = popen_ex(sendmail_cmd, "wb", NULL, NULL);
553 #else
554 /* Since popen() doesn't indicate if the internal fork() doesn't work
555 * (e.g. the shell can't be executed) we explicitly set it to 0 to be
556 * sure we don't catch any older errno value. */
557 errno = 0;
558 sendmail = popen(sendmail_cmd, "w");
559 #endif
560 if (extra_cmd != NULL) {
561 efree (sendmail_cmd);
562 }
563
564 if (sendmail) {
565 #ifndef PHP_WIN32
566 if (EACCES == errno) {
567 php_error_docref(NULL, E_WARNING, "Permission denied: unable to execute shell to run mail delivery binary '%s'", sendmail_path);
568 pclose(sendmail);
569 #if PHP_SIGCHILD
570 /* Restore handler in case of error on Windows
571 Not sure if this applicable on Win but just in case. */
572 if (sig_handler) {
573 signal(SIGCHLD, sig_handler);
574 }
575 #endif
576 MAIL_RET(false);
577 }
578 #endif
579 fprintf(sendmail, "To: %s%s", to, line_sep);
580 fprintf(sendmail, "Subject: %s%s", subject, line_sep);
581 if (hdr != NULL) {
582 fprintf(sendmail, "%s%s", hdr, line_sep);
583 }
584 fprintf(sendmail, "%s%s%s", line_sep, message, line_sep);
585 int ret = pclose(sendmail);
586
587 #if PHP_SIGCHILD
588 if (sig_handler) {
589 signal(SIGCHLD, sig_handler);
590 }
591 #endif
592
593 #ifdef PHP_WIN32
594 if (ret == -1)
595 #else
596 #if defined(EX_TEMPFAIL)
597 if ((ret != EX_OK)&&(ret != EX_TEMPFAIL))
598 #elif defined(EX_OK)
599 if (ret != EX_OK)
600 #else
601 if (ret != 0)
602 #endif
603 #endif
604 {
605 MAIL_RET(false);
606 } else {
607 MAIL_RET(true);
608 }
609 } else {
610 php_error_docref(NULL, E_WARNING, "Could not execute mail delivery program '%s'", sendmail_path);
611 #if PHP_SIGCHILD
612 if (sig_handler) {
613 signal(SIGCHLD, sig_handler);
614 }
615 #endif
616 MAIL_RET(false);
617 }
618
619 MAIL_RET(true); /* never reached */
620 }
621 /* }}} */
622
623 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(mail)624 PHP_MINFO_FUNCTION(mail)
625 {
626 char *sendmail_path = INI_STR("sendmail_path");
627
628 #ifdef PHP_WIN32
629 if (!sendmail_path) {
630 php_info_print_table_row(2, "Internal Sendmail Support for Windows", "enabled");
631 } else {
632 php_info_print_table_row(2, "Path to sendmail", sendmail_path);
633 }
634 #else
635 php_info_print_table_row(2, "Path to sendmail", sendmail_path);
636 #endif
637 }
638 /* }}} */
639