xref: /PHP-8.4/win32/sendmail.c (revision d98c4b6e)
1 /*
2  *    PHP Sendmail for Windows.
3  *
4  *  This file is rewritten specifically for PHPFI.  Some functionality
5  *  has been removed (MIME and file attachments).  This code was
6  *  modified from code based on code written by Jarle Aase.
7  *
8  *  This class is based on the original code by Jarle Aase, see below:
9  *  wSendmail.cpp  It has been striped of some functionality to match
10  *  the requirements of phpfi.
11  *
12  *  Very simple SMTP Send-mail program for sending command-line level
13  *  emails and CGI-BIN form response for the Windows platform.
14  *
15  *  The complete wSendmail package with source code can be located
16  *  from http://www.jgaa.com
17  *
18  */
19 
20 #include "php.h"				/*php specific */
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <winsock2.h>
24 #include "time.h"
25 # include <Ws2tcpip.h>
26 #include <string.h>
27 #include <math.h>
28 #include <malloc.h>
29 #include <winbase.h>
30 #include "sendmail.h"
31 #include "php_ini.h"
32 
33 #include "php_win32_globals.h"
34 
35 #include "ext/pcre/php_pcre.h"
36 #include "ext/standard/php_string.h"
37 #include "ext/date/php_date.h"
38 
39 #define SENDMAIL_DEBUG 0
40 
41 /*enum
42    {
43    DO_CONNECT = WM_USER +1
44    };
45  */
46 
47 /* '*error_message' has to be passed around from php_mail() */
48 #define SMTP_ERROR_RESPONSE_SPEC	"SMTP server response: %s"
49 /* Convenient way to handle error messages from the SMTP server.
50    response is ecalloc()d in Ack() itself and efree()d here
51    because the content is in *error_message now */
52 #define SMTP_ERROR_RESPONSE(response)	{ \
53 											if (response && error_message) { \
54 												*error_message = ecalloc(1, sizeof(SMTP_ERROR_RESPONSE_SPEC) + strlen(response)); \
55 												snprintf(*error_message, sizeof(SMTP_ERROR_RESPONSE_SPEC) + strlen(response), SMTP_ERROR_RESPONSE_SPEC, response); \
56 												efree(response); \
57 											} \
58 										}
59 #define SMTP_SKIP_SPACE(str)	{ while (isspace(*str)) { str++; } }
60 
61 
62 char seps[] = " ,\t\n";
63 char *php_mailer = "PHP 7 WIN32";
64 
65 /* Error messages */
66 static char *ErrorMessages[] =
67 {
68 	{"Success"}, /* 0 */
69 	{"Bad arguments from form"}, /* 1 */
70 	{"Unable to open temporary mailfile for read"},
71 	{"Failed to Start Sockets"},
72 	{"Failed to Resolve Host"},
73 	{"Failed to obtain socket handle"}, /* 5 */
74 	{"Failed to connect to mailserver, verify your \"SMTP\" setting in php.ini"},
75 	{"Failed to Send"},
76 	{"Failed to Receive"},
77 	{"Server Error"},
78 	{"Failed to resolve the host IP name"}, /* 10 */
79 	{"Out of memory"},
80 	{"Unknown error"},
81 	{"Bad Message Contents"},
82 	{"Bad Message Subject"},
83 	{"Bad Message destination"}, /* 15 */
84 	{"Bad Message Return Path"},
85 	{"Bad Mail Host"},
86 	{"Bad Message File"},
87 	{"\"sendmail_from\" not set in php.ini or custom \"From:\" header missing"},
88 	{"Mailserver rejected our \"sendmail_from\" setting"}, /* 20 */
89 	{"Error while trimming mail header with PCRE, please file a bug report at https://github.com/php/php-src/issues"} /* 21 */
90 };
91 
92 /* This pattern converts all single occurrences of \n (Unix)
93  * without a leading \r to \r\n and all occurrences of \r (Mac)
94  * without a trailing \n to \r\n
95  * Thx to Nibbler from ircnet/#linuxger
96  */
97 #define PHP_WIN32_MAIL_UNIFY_PATTERN	"/(\r\n?)|\n/"
98 #define PHP_WIN32_MAIL_UNIFY_REPLACE	"\r\n"
99 
100 /* This pattern removes \r\n from the start of the string,
101  * \r\n from the end of the string and also makes sure every line
102  * is only wrapped with a single \r\n (thus reduces multiple
103  * occurrences of \r\n between lines to a single \r\n) */
104 #define PHP_WIN32_MAIL_RMVDBL_PATTERN	"/^\r\n|(\r\n)+$/m"
105 #define PHP_WIN32_MAIL_RMVDBL_REPLACE	""
106 
107 /* This pattern escapes \n. inside the message body. It prevents
108  * premature end of message if \n.\n or \r\n.\r\n is encountered
109  * and ensures that \n. sequences are properly displayed in the
110  * message body. */
111 #define PHP_WIN32_MAIL_DOT_PATTERN	"\n."
112 #define PHP_WIN32_MAIL_DOT_REPLACE	"\n.."
113 
114 /* This function is meant to unify the headers passed to to mail()
115  * This means, use PCRE to transform single occurrences of \n or \r in \r\n
116  * As a second step we also eliminate all \r\n occurrences which are:
117  * 1) At the start of the header
118  * 2) At the end of the header
119  * 3) Two or more occurrences in the header are removed so only one is left
120  *
121  * Returns NULL on error, or the new char* buffer on success.
122  * You have to take care and efree() the buffer on your own.
123  */
php_win32_mail_trim_header(const char * header)124 static zend_string *php_win32_mail_trim_header(const char *header)
125 {
126 	zend_string *result, *result2;
127 	zend_string *replace;
128 	zend_string *regex;
129 
130 	if (!header) {
131 		return NULL;
132 	}
133 
134 	replace = zend_string_init(PHP_WIN32_MAIL_UNIFY_REPLACE, strlen(PHP_WIN32_MAIL_UNIFY_REPLACE), 0);
135 	regex = zend_string_init(PHP_WIN32_MAIL_UNIFY_PATTERN, sizeof(PHP_WIN32_MAIL_UNIFY_PATTERN)-1, 0);
136 
137 	result = php_pcre_replace(regex,
138 				  NULL, header, strlen(header),
139 				  replace,
140 				  -1,
141 				  NULL);
142 
143 	zend_string_release_ex(replace, 0);
144 	zend_string_release_ex(regex, 0);
145 
146 	if (NULL == result) {
147 		return NULL;
148 	}
149 
150 	replace = zend_string_init(PHP_WIN32_MAIL_RMVDBL_PATTERN, strlen(PHP_WIN32_MAIL_RMVDBL_PATTERN), 0);
151 	regex = zend_string_init(PHP_WIN32_MAIL_RMVDBL_PATTERN, sizeof(PHP_WIN32_MAIL_RMVDBL_PATTERN)-1, 0);
152 
153 	result2 = php_pcre_replace(regex,
154 				   result, ZSTR_VAL(result), ZSTR_LEN(result),
155 				   replace,
156 				  -1,
157 				  NULL);
158 	zend_string_release_ex(replace, 0);
159 	zend_string_release_ex(regex, 0);
160 	zend_string_release_ex(result, 0);
161 
162 	return result2;
163 }
164 
165 //*********************************************************************
166 // Name:  TSendMail
167 // Input:   1) host:    Name of the mail host where the SMTP server resides
168 //                      max accepted length of name = 256
169 //          2) appname: Name of the application to use in the X-mailer
170 //                      field of the message. if NULL is given the application
171 //                      name is used as given by the GetCommandLine() function
172 //                      max accepted length of name = 100
173 // Output:  1) error:   Returns the error code if something went wrong or
174 //                      SUCCESS otherwise.
175 //
176 //  See SendText() for additional args!
177 //*********************************************************************
TSendMail(const char * host,int * error,char ** error_message,const char * headers,const char * Subject,const char * mailTo,const char * data,char * mailCc,char * mailBcc,char * mailRPath)178 PHPAPI int TSendMail(const char *host, int *error, char **error_message,
179 			  const char *headers, const char *Subject, const char *mailTo, const char *data,
180 			  char *mailCc, char *mailBcc, char *mailRPath)
181 {
182 	int ret;
183 	char *RPath = NULL;
184 	zend_string *headers_lc = NULL, *headers_trim = NULL; /* headers_lc is only created if we've a header at all */
185 	const char *pos1 = NULL, *pos2 = NULL;
186 
187 	if (host == NULL) {
188 		*error = BAD_MAIL_HOST;
189 		return FAILURE;
190 	} else if (strlen(host) >= HOST_NAME_LEN) {
191 		*error = BAD_MAIL_HOST;
192 		return FAILURE;
193 	} else {
194 		strcpy(PW32G(mail_host), host);
195 	}
196 
197 	if (headers) {
198 		char *pos = NULL;
199 
200 		/* Use PCRE to trim the header into the right format */
201 		if (NULL == (headers_trim = php_win32_mail_trim_header(headers))) {
202 			*error = W32_SM_PCRE_ERROR;
203 			return FAILURE;
204 		}
205 
206 		/* Create a lowercased header for all the searches so we're finally case
207 		 * insensitive when searching for a pattern. */
208 		headers_lc = zend_string_tolower(headers_trim);
209 	}
210 
211 	/* Fall back to sendmail_from php.ini setting */
212 	if (mailRPath && *mailRPath) {
213 		RPath = estrdup(mailRPath);
214 	} else if (INI_STR("sendmail_from")) {
215 		RPath = estrdup(INI_STR("sendmail_from"));
216 	} else if (headers_lc) {
217 		int found = 0;
218 		const char *lookup = ZSTR_VAL(headers_lc);
219 
220 		while (lookup) {
221 			pos1 = strstr(lookup, "from:");
222 
223 			if (!pos1) {
224 				break;
225 			} else if (pos1 != ZSTR_VAL(headers_lc) && *(pos1-1) != '\n') {
226 				if (strlen(pos1) >= sizeof("from:")) {
227 					lookup = pos1 + sizeof("from:");
228 					continue;
229 				} else {
230 					break;
231 				}
232 			}
233 
234 			found = 1;
235 
236 			/* Real offset is memaddress from the original headers + difference of
237 			 * string found in the lowercase headers + 5 characters to jump over
238 			 * the from: */
239 			pos1 = headers + (pos1 - lookup) + 5;
240 			if (NULL == (pos2 = strstr(pos1, "\r\n"))) {
241 				RPath = estrndup(pos1, strlen(pos1));
242 			} else {
243 				RPath = estrndup(pos1, pos2 - pos1);
244 			}
245 
246 			break;
247 		}
248 
249 		if (!found) {
250 			if (headers) {
251 				zend_string_release(headers_trim);
252 				zend_string_release(headers_lc);
253 			}
254 			*error = W32_SM_SENDMAIL_FROM_NOT_SET;
255 			return FAILURE;
256 		}
257 	}
258 
259 	/* attempt to connect with mail host */
260 	*error = MailConnect();
261 	if (*error != 0) {
262 		if (RPath) {
263 			efree(RPath);
264 		}
265 		if (headers) {
266 			zend_string_release(headers_trim);
267 			zend_string_release(headers_lc);
268 		}
269 		/* 128 is safe here, the specifier in snprintf isn't longer than that */
270 		*error_message = ecalloc(1, HOST_NAME_LEN + 128);
271 		snprintf(*error_message, HOST_NAME_LEN + 128,
272 			"Failed to connect to mailserver at \"%s\" port " ZEND_ULONG_FMT ", verify your \"SMTP\" "
273 			"and \"smtp_port\" setting in php.ini or use ini_set()",
274 			PW32G(mail_host), !INI_INT("smtp_port") ? 25 : INI_INT("smtp_port"));
275 		return FAILURE;
276 	} else {
277 		ret = SendText(RPath, Subject, mailTo, mailCc, mailBcc, data, headers ? ZSTR_VAL(headers_trim) : NULL, headers ? ZSTR_VAL(headers_lc) : NULL, error_message);
278 		TSMClose();
279 		if (RPath) {
280 			efree(RPath);
281 		}
282 		if (headers) {
283 			zend_string_release(headers_trim);
284 			zend_string_release(headers_lc);
285 		}
286 		if (ret != SUCCESS) {
287 			*error = ret;
288 			return FAILURE;
289 		}
290 		return SUCCESS;
291 	}
292 }
293 
294 //*********************************************************************
295 // Name:  TSendMail::~TSendMail
296 // Input:
297 // Output:
298 // Description: DESTRUCTOR
299 // Author/Date:  jcar 20/9/96
300 // History:
301 //*********************************************************************
TSMClose(void)302 PHPAPI void TSMClose(void)
303 {
304 	Post("QUIT\r\n");
305 	Ack(NULL);
306 	/* to guarantee that the cleanup is not made twice and
307 	   compromise the rest of the application if sockets are used
308 	   elsewhere
309 	*/
310 
311 	shutdown(PW32G(mail_socket), 0);
312 	closesocket(PW32G(mail_socket));
313 }
314 
315 
316 //*********************************************************************
317 // Name:  char *GetSMErrorText
318 // Input:   Error index returned by the member functions
319 // Output:  pointer to a string containing the error description
320 // Description:
321 // Author/Date:  jcar 20/9/96
322 // History:
323 //*********************************************************************
GetSMErrorText(int index)324 PHPAPI char *GetSMErrorText(int index)
325 {
326 	if (MIN_ERROR_INDEX <= index && index < MAX_ERROR_INDEX) {
327 		return (ErrorMessages[index]);
328 
329 	} else {
330 		return (ErrorMessages[UNKNOWN_ERROR]);
331 
332 	}
333 }
334 
335 /* strtok_r like, but recognizes quoted-strings */
find_address(char * list,char ** state)336 static char *find_address(char *list, char **state)
337 {
338 	bool in_quotes = 0;
339 	char *p = list;
340 
341 	if (list == NULL) {
342 		if (*state == NULL) {
343 			return NULL;
344 		}
345 		p = list = *state;
346 	}
347 	*state = NULL;
348 	while ((p = strpbrk(p, ",\"\\")) != NULL) {
349 		if (*p == '\\' && in_quotes) {
350 			if (p[1] == '\0') {
351 				/* invalid address; let SMTP server deal with it */
352 				break;
353 			}
354 			p++;
355 		} else if (*p == '"') {
356 			in_quotes = !in_quotes;
357 		} else if (*p == ',' && !in_quotes) {
358 			*p = '\0';
359 			*state = p + 1;
360 			break;
361 		}
362 		p++;
363 	}
364 	return list;
365 }
366 
367 //*********************************************************************
368 // Name:  SendText
369 // Input:       1) RPath:   return path of the message
370 //                                  Is used to fill the "Return-Path" and the
371 //                                  "X-Sender" fields of the message.
372 //                  2) Subject: Subject field of the message. If NULL is given
373 //                                  the subject is set to "No Subject"
374 //                  3) mailTo:  Destination address
375 //                  4) data:        Null terminated string containing the data to be send.
376 //                  5,6) headers of the message. Note that the second
377 //                  parameter, headers_lc, is actually a lowercased version of
378 //                  headers. The should match exactly (in terms of length),
379 //                  only differ in case
380 // Output:      Error code or SUCCESS
381 // Description:
382 // Author/Date:  jcar 20/9/96
383 // History:
384 //*********************************************************************
SendText(char * RPath,const char * Subject,const char * mailTo,char * mailCc,char * mailBcc,const char * data,const char * headers,char * headers_lc,char ** error_message)385 static int SendText(char *RPath, const char *Subject, const char *mailTo, char *mailCc, char *mailBcc, const char *data,
386 			 const char *headers, char *headers_lc, char **error_message)
387 {
388 	int res;
389 	char *p;
390 	char *tempMailTo, *token, *token_state;
391 	const char *pos1, *pos2;
392 	char *server_response = NULL;
393 	char *stripped_header  = NULL;
394 	zend_string *data_cln;
395 
396 	/* check for NULL parameters */
397 	if (data == NULL)
398 		return (BAD_MSG_CONTENTS);
399 	if (mailTo == NULL)
400 		return (BAD_MSG_DESTINATION);
401 	if (RPath == NULL)
402 		return (BAD_MSG_RPATH);
403 
404 	/* simple checks for the mailto address */
405 	/* have ampersand ? */
406 	/* mfischer, 20020514: I commented this out because it really
407 	   seems bogus. Only a username for example may still be a
408 	   valid address at the destination system.
409 	if (strchr(mailTo, '@') == NULL)
410 		return (BAD_MSG_DESTINATION);
411 	*/
412 
413 	snprintf(PW32G(mail_buffer), sizeof(PW32G(mail_buffer)), "HELO %s\r\n", PW32G(mail_local_host));
414 
415 	/* in the beginning of the dialog */
416 	/* attempt reconnect if the first Post fail */
417 	if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
418 		int err = MailConnect();
419 		if (0 != err) {
420 			return (FAILED_TO_SEND);
421 		}
422 
423 		if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
424 			return (res);
425 		}
426 	}
427 	if ((res = Ack(&server_response)) != SUCCESS) {
428 		SMTP_ERROR_RESPONSE(server_response);
429 		return (res);
430 	}
431 
432 	SMTP_SKIP_SPACE(RPath);
433 	FormatEmailAddress(PW32G(mail_buffer), RPath, "MAIL FROM:<%s>\r\n");
434 	if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
435 		return (res);
436 	}
437 	if ((res = Ack(&server_response)) != SUCCESS) {
438 		SMTP_ERROR_RESPONSE(server_response);
439 		return W32_SM_SENDMAIL_FROM_MALFORMED;
440 	}
441 
442 	tempMailTo = estrdup(mailTo);
443 	/* Send mail to all rcpt's */
444 	token = find_address(tempMailTo, &token_state);
445 	while (token != NULL)
446 	{
447 		SMTP_SKIP_SPACE(token);
448 		FormatEmailAddress(PW32G(mail_buffer), token, "RCPT TO:<%s>\r\n");
449 		if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
450 			efree(tempMailTo);
451 			return (res);
452 		}
453 		if ((res = Ack(&server_response)) != SUCCESS) {
454 			SMTP_ERROR_RESPONSE(server_response);
455 			efree(tempMailTo);
456 			return (res);
457 		}
458 		token = find_address(NULL, &token_state);
459 	}
460 	efree(tempMailTo);
461 
462 	if (mailCc && *mailCc) {
463 		tempMailTo = estrdup(mailCc);
464 		/* Send mail to all rcpt's */
465 		token = find_address(tempMailTo, &token_state);
466 		while (token != NULL)
467 		{
468 			SMTP_SKIP_SPACE(token);
469 			FormatEmailAddress(PW32G(mail_buffer), token, "RCPT TO:<%s>\r\n");
470 			if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
471 				efree(tempMailTo);
472 				return (res);
473 			}
474 			if ((res = Ack(&server_response)) != SUCCESS) {
475 				SMTP_ERROR_RESPONSE(server_response);
476 				efree(tempMailTo);
477 				return (res);
478 			}
479 			token = find_address(NULL, &token_state);
480 		}
481 		efree(tempMailTo);
482 	}
483 	/* Send mail to all Cc rcpt's */
484 	else if (headers && (pos1 = strstr(headers_lc, "cc:")) && ((pos1 == headers_lc) || (*(pos1-1) == '\n'))) {
485 		/* Real offset is memaddress from the original headers + difference of
486 		 * string found in the lowercase headers + 3 characters to jump over
487 		 * the cc: */
488 		pos1 = headers + (pos1 - headers_lc) + 3;
489 		if (NULL == (pos2 = strstr(pos1, "\r\n"))) {
490 			tempMailTo = estrndup(pos1, strlen(pos1));
491 		} else {
492 			char *pos3;
493 			while (pos2[2] == ' ' || pos2[2] == '\t') {
494 				pos3 = strstr(pos2 + 2, "\r\n");
495 				if (pos3 != NULL) {
496 					pos2 = pos3;
497 				} else {
498 					pos2 += strlen(pos2);
499 					break;
500 				}
501 			}
502 			tempMailTo = estrndup(pos1, pos2 - pos1);
503 		}
504 
505 		token = find_address(tempMailTo, &token_state);
506 		while (token != NULL)
507 		{
508 			SMTP_SKIP_SPACE(token);
509 			FormatEmailAddress(PW32G(mail_buffer), token, "RCPT TO:<%s>\r\n");
510 			if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
511 				efree(tempMailTo);
512 				return (res);
513 			}
514 			if ((res = Ack(&server_response)) != SUCCESS) {
515 				SMTP_ERROR_RESPONSE(server_response);
516 				efree(tempMailTo);
517 				return (res);
518 			}
519 			token = find_address(NULL,&token_state);
520 		}
521 		efree(tempMailTo);
522 	}
523 
524 	/* Send mail to all Bcc rcpt's
525 	   This is basically a rip of the Cc code above.
526 	   Just don't forget to remove the Bcc: from the header afterwards. */
527 	if (mailBcc && *mailBcc) {
528 		tempMailTo = estrdup(mailBcc);
529 		/* Send mail to all rcpt's */
530 		token = find_address(tempMailTo, &token_state);
531 		while (token != NULL)
532 		{
533 			SMTP_SKIP_SPACE(token);
534 			FormatEmailAddress(PW32G(mail_buffer), token, "RCPT TO:<%s>\r\n");
535 			if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
536 				efree(tempMailTo);
537 				return (res);
538 			}
539 			if ((res = Ack(&server_response)) != SUCCESS) {
540 				SMTP_ERROR_RESPONSE(server_response);
541 				efree(tempMailTo);
542 				return (res);
543 			}
544 			token = find_address(NULL, &token_state);
545 		}
546 		efree(tempMailTo);
547 	}
548 	else if (headers) {
549 		if ((pos1 = strstr(headers_lc, "bcc:")) && (pos1 == headers_lc || *(pos1-1) == '\n')) {
550 			/* Real offset is memaddress from the original headers + difference of
551 			 * string found in the lowercase headers + 4 characters to jump over
552 			 * the bcc: */
553 			pos1 = headers + (pos1 - headers_lc) + 4;
554 			if (NULL == (pos2 = strstr(pos1, "\r\n"))) {
555 				tempMailTo = estrndup(pos1, strlen(pos1));
556 				/* Later, when we remove the Bcc: out of the
557 				   header we know it was the last thing. */
558 				pos2 = pos1;
559 			} else {
560 				const char *pos3 = pos2;
561 				while (pos2[2] == ' ' || pos2[2] == '\t') {
562 					pos3 = strstr(pos2 + 2, "\r\n");
563 					if (pos3 != NULL) {
564 						pos2 = pos3;
565 					} else {
566 						pos2 += strlen(pos2);
567 						break;
568 					}
569 				}
570 				tempMailTo = estrndup(pos1, pos2 - pos1);
571 				if (pos3 == NULL) {
572 					/* Later, when we remove the Bcc: out of the
573 					   header we know it was the last thing. */
574 					pos2 = pos1;
575 				}
576 			}
577 
578 			token = find_address(tempMailTo, &token_state);
579 			while (token != NULL)
580 			{
581 				SMTP_SKIP_SPACE(token);
582 				FormatEmailAddress(PW32G(mail_buffer), token, "RCPT TO:<%s>\r\n");
583 				if ((res = Post(PW32G(mail_buffer))) != SUCCESS) {
584 					efree(tempMailTo);
585 					return (res);
586 				}
587 				if ((res = Ack(&server_response)) != SUCCESS) {
588 					SMTP_ERROR_RESPONSE(server_response);
589 					efree(tempMailTo);
590 					return (res);
591 				}
592 				token = find_address(NULL, &token_state);
593 			}
594 			efree(tempMailTo);
595 
596 			/* Now that we've identified that we've a Bcc list,
597 			   remove it from the current header. */
598 			stripped_header = ecalloc(1, strlen(headers));
599 			/* headers = point to string start of header
600 			   pos1    = pointer IN headers where the Bcc starts
601 			   '4'     = Length of the characters 'bcc:'
602 			   Because we've added +4 above for parsing the Emails
603 			   we've to subtract them here. */
604 			memcpy(stripped_header, headers, pos1 - headers - 4);
605 			if (pos1 != pos2) {
606 				/* if pos1 != pos2 , pos2 points to the rest of the headers.
607 				   Since pos1 != pos2 if "\r\n" was found, we know those characters
608 				   are there and so we jump over them (else we would generate a new header
609 				   which would look like "\r\n\r\n". */
610 				memcpy(stripped_header + (pos1 - headers - 4), pos2 + 2, strlen(pos2) - 2);
611 			}
612 		}
613 	}
614 
615 	/* Simplify the code that we create a copy of stripped_header no matter if
616 	   we actually strip something or not. So we've a single efree() later. */
617 	if (headers && !stripped_header) {
618 		stripped_header = estrndup(headers, strlen(headers));
619 	}
620 
621 	if ((res = Post("DATA\r\n")) != SUCCESS) {
622 		if (stripped_header) {
623 			efree(stripped_header);
624 		}
625 		return (res);
626 	}
627 	if ((res = Ack(&server_response)) != SUCCESS) {
628 		SMTP_ERROR_RESPONSE(server_response);
629 		if (stripped_header) {
630 			efree(stripped_header);
631 		}
632 		return (res);
633 	}
634 
635 	/* send message header */
636 	if (Subject == NULL) {
637 		res = PostHeader(RPath, "No Subject", mailTo, stripped_header);
638 	} else {
639 		res = PostHeader(RPath, Subject, mailTo, stripped_header);
640 	}
641 	if (stripped_header) {
642 		efree(stripped_header);
643 	}
644 	if (res != SUCCESS) {
645 		return (res);
646 	}
647 
648 	/* Escape \n. sequences
649 	 * We use php_str_to_str() and not php_str_replace_in_subject(), since the latter
650 	 * uses ZVAL as it's parameters */
651 	data_cln = php_str_to_str(data, strlen(data), PHP_WIN32_MAIL_DOT_PATTERN, sizeof(PHP_WIN32_MAIL_DOT_PATTERN) - 1,
652 					PHP_WIN32_MAIL_DOT_REPLACE, sizeof(PHP_WIN32_MAIL_DOT_REPLACE) - 1);
653 	if (!data_cln) {
654 		data_cln = ZSTR_EMPTY_ALLOC();
655 	}
656 
657 	/* send message contents in 1024 chunks */
658 	{
659 		char c, *e2, *e = ZSTR_VAL(data_cln) + ZSTR_LEN(data_cln);
660 		p = ZSTR_VAL(data_cln);
661 
662 		while (e - p > 1024) {
663 			e2 = p + 1024;
664 			c = *e2;
665 			*e2 = '\0';
666 			if ((res = Post(p)) != SUCCESS) {
667 				zend_string_free(data_cln);
668 				return(res);
669 			}
670 			*e2 = c;
671 			p = e2;
672 		}
673 		if ((res = Post(p)) != SUCCESS) {
674 			zend_string_free(data_cln);
675 			return(res);
676 		}
677 	}
678 
679 	zend_string_free(data_cln);
680 
681 	/*send termination dot */
682 	if ((res = Post("\r\n.\r\n")) != SUCCESS)
683 		return (res);
684 	if ((res = Ack(&server_response)) != SUCCESS) {
685 		SMTP_ERROR_RESPONSE(server_response);
686 		return (res);
687 	}
688 
689 	return (SUCCESS);
690 }
691 
addToHeader(char ** header_buffer,const char * specifier,const char * string)692 static int addToHeader(char **header_buffer, const char *specifier, const char *string)
693 {
694 	size_t header_buffer_size = strlen(*header_buffer);
695 	size_t total_size = header_buffer_size + strlen(specifier) + strlen(string) + 1;
696 	*header_buffer = erealloc(*header_buffer, total_size);
697 	snprintf(*header_buffer + header_buffer_size, total_size - header_buffer_size, specifier, string);
698 	return 1;
699 }
700 
701 //*********************************************************************
702 // Name:  PostHeader
703 // Input:       1) return path
704 //              2) Subject
705 //              3) destination address
706 //              4) headers
707 // Output:      Error code or Success
708 // Description:
709 // Author/Date:  jcar 20/9/96
710 // History:
711 //*********************************************************************
PostHeader(char * RPath,const char * Subject,const char * mailTo,char * xheaders)712 static int PostHeader(char *RPath, const char *Subject, const char *mailTo, char *xheaders)
713 {
714 	/* Print message header according to RFC 822 */
715 	/* Return-path, Received, Date, From, Subject, Sender, To, cc */
716 
717 	int res;
718 	char *header_buffer;
719 	char *headers_lc = NULL;
720 	size_t i;
721 
722 	if (xheaders) {
723 		size_t headers_lc_len;
724 
725 		headers_lc = estrdup(xheaders);
726 		headers_lc_len = strlen(headers_lc);
727 
728 		for (i = 0; i < headers_lc_len; i++) {
729 			headers_lc[i] = tolower(headers_lc[i]);
730 		}
731 	}
732 
733 	header_buffer = ecalloc(1, MAIL_BUFFER_SIZE);
734 
735 	if (!xheaders || !strstr(headers_lc, "date:")) {
736 		time_t tNow = time(NULL);
737 		zend_string *dt = php_format_date("r", 1, tNow, 1);
738 
739 		snprintf(header_buffer, MAIL_BUFFER_SIZE, "Date: %s\r\n", ZSTR_VAL(dt));
740 		zend_string_free(dt);
741 	}
742 
743 	if (!headers_lc || !strstr(headers_lc, "from:")) {
744 		if (!addToHeader(&header_buffer, "From: %s\r\n", RPath)) {
745 			goto PostHeader_outofmem;
746 		}
747 	}
748 	if (!addToHeader(&header_buffer, "Subject: %s\r\n", Subject)) {
749 		goto PostHeader_outofmem;
750 	}
751 
752 	/* Only add the To: field from the $to parameter if isn't in the custom headers */
753 	if ((headers_lc && (!strstr(headers_lc, "\r\nto:") && (strncmp(headers_lc, "to:", 3) != 0))) || !headers_lc) {
754 		if (!addToHeader(&header_buffer, "To: %s\r\n", mailTo)) {
755 			goto PostHeader_outofmem;
756 		}
757 	}
758 	if (xheaders) {
759 		if (!addToHeader(&header_buffer, "%s\r\n", xheaders)) {
760 			goto PostHeader_outofmem;
761 		}
762 	}
763 
764 	if (headers_lc) {
765 		efree(headers_lc);
766 	}
767 	if ((res = Post(header_buffer)) != SUCCESS) {
768 		efree(header_buffer);
769 		return (res);
770 	}
771 	efree(header_buffer);
772 
773 	if ((res = Post("\r\n")) != SUCCESS) {
774 		return (res);
775 	}
776 
777 	return (SUCCESS);
778 
779 PostHeader_outofmem:
780 	if (headers_lc) {
781 		efree(headers_lc);
782 	}
783 	return OUT_OF_MEMORY;
784 }
785 
786 
787 
788 //*********************************************************************
789 // Name:  MailConnect
790 // Input:   None
791 // Output:  None
792 // Description: Connect to the mail host and receive the welcome message.
793 // Author/Date:  jcar 20/9/96
794 // History:
795 //*********************************************************************
MailConnect()796 static int MailConnect()
797 {
798 
799 	int res, namelen;
800 	short portnum;
801 	struct hostent *ent;
802 	IN_ADDR addr;
803 #ifdef HAVE_IPV6
804 	IN6_ADDR addr6;
805 #endif
806 	SOCKADDR_IN sock_in;
807 
808 #if SENDMAIL_DEBUG
809 return 0;
810 #endif
811 
812 	/* Create Socket */
813 	if ((PW32G(mail_socket) = socket(PF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
814 		return (FAILED_TO_OBTAIN_SOCKET_HANDLE);
815 	}
816 
817 	/* Get our own host name */
818 	if (gethostname(PW32G(mail_local_host), HOST_NAME_LEN)) {
819 		closesocket(PW32G(mail_socket));
820 		return (FAILED_TO_GET_HOSTNAME);
821 	}
822 
823 	ent = gethostbyname(PW32G(mail_local_host));
824 
825 	if (!ent) {
826 		closesocket(PW32G(mail_socket));
827 		return (FAILED_TO_GET_HOSTNAME);
828 	}
829 
830 	namelen = (int)strlen(ent->h_name);
831 
832 #ifdef HAVE_IPV6
833 	if (inet_pton(AF_INET, ent->h_name, &addr) == 1 || inet_pton(AF_INET6, ent->h_name, &addr6) == 1)
834 #else
835 	if (inet_pton(AF_INET, ent->h_name, &addr) == 1)
836 #endif
837 	{
838 		if (namelen + 2 >= HOST_NAME_LEN) {
839 			closesocket(PW32G(mail_socket));
840 			return (FAILED_TO_GET_HOSTNAME);
841 		}
842 
843 		strcpy(PW32G(mail_local_host), "[");
844 		strcpy(PW32G(mail_local_host) + 1, ent->h_name);
845 		strcpy(PW32G(mail_local_host) + namelen + 1, "]");
846 	} else {
847 		if (namelen >= HOST_NAME_LEN) {
848 			closesocket(PW32G(mail_socket));
849 			return (FAILED_TO_GET_HOSTNAME);
850 		}
851 
852 		strcpy(PW32G(mail_local_host), ent->h_name);
853 	}
854 
855 	/* Resolve the servers IP */
856 	/*
857 	if (!isdigit(PW32G(mail_host)[0])||!gethostbyname(PW32G(mail_host)))
858 	{
859 		return (FAILED_TO_RESOLVE_HOST);
860 	}
861 	*/
862 
863 	portnum = (short) INI_INT("smtp_port");
864 	if (!portnum) {
865 		portnum = 25;
866 	}
867 
868 	/* Connect to server */
869 	sock_in.sin_family = AF_INET;
870 	sock_in.sin_port = htons(portnum);
871 	sock_in.sin_addr.S_un.S_addr = GetAddr(PW32G(mail_host));
872 
873 	if (connect(PW32G(mail_socket), (LPSOCKADDR) & sock_in, sizeof(sock_in))) {
874 		closesocket(PW32G(mail_socket));
875 		return (FAILED_TO_CONNECT);
876 	}
877 
878 	/* receive Server welcome message */
879 	res = Ack(NULL);
880 	return (res);
881 }
882 
883 
884 //*********************************************************************
885 // Name:  Post
886 // Input:
887 // Output:
888 // Description:
889 // Author/Date:  jcar 20/9/96
890 // History:
891 //*********************************************************************
Post(LPCSTR msg)892 static int Post(LPCSTR msg)
893 {
894 	int len = (int)strlen(msg);
895 	int slen;
896 	int index = 0;
897 
898 #if SENDMAIL_DEBUG
899 	if (msg)
900 		printf("POST: '%s'\n", msg);
901 	return (SUCCESS);
902 #endif
903 
904 	while (len > 0) {
905 		if ((slen = send(PW32G(mail_socket), msg + index, len, 0)) < 1)
906 			return (FAILED_TO_SEND);
907 		len -= slen;
908 		index += slen;
909 	}
910 	return (SUCCESS);
911 }
912 
913 
914 
915 //*********************************************************************
916 // Name:  Ack
917 // Input:
918 // Output:
919 // Description:
920 // Get the response from the server. We only want to know if the
921 // last command was successful.
922 // Author/Date:  jcar 20/9/96
923 // History:
924 //*********************************************************************
Ack(char ** server_response)925 static int Ack(char **server_response)
926 {
927 	ZEND_TLS char buf[MAIL_BUFFER_SIZE];
928 	int rlen;
929 	int Index = 0;
930 	int Received = 0;
931 
932 #if SENDMAIL_DEBUG
933 	return (SUCCESS);
934 #endif
935 
936 again:
937 
938 	if ((rlen = recv(PW32G(mail_socket), buf + Index, ((MAIL_BUFFER_SIZE) - 1) - Received, 0)) < 1) {
939 		return (FAILED_TO_RECEIVE);
940 	}
941 	Received += rlen;
942 	buf[Received] = 0;
943 	/*err_msg   fprintf(stderr,"Received: (%d bytes) %s", rlen, buf + Index); */
944 
945 	/* Check for newline */
946 	Index += rlen;
947 
948 	/* SMTP RFC says \r\n is the only valid line ending, who are we to argue ;)
949 	 * The response code must contain at least 5 characters ex. 220\r\n */
950 	if (Received < 5 || buf[Received - 1] != '\n' || buf[Received - 2] != '\r') {
951 		goto again;
952 	}
953 
954 	if (buf[0] > '3') {
955 		/* If we've a valid pointer, return the SMTP server response so the error message contains more information */
956 		if (server_response) {
957 			int dec = 0;
958 			/* See if we have something like \r, \n, \r\n or \n\r at the end of the message and chop it off */
959 			if (Received > 2) {
960 				if (buf[Received-1] == '\n' || buf[Received-1] == '\r') {
961 					dec++;
962 					if (buf[Received-2] == '\r' || buf[Received-2] == '\n') {
963 						dec++;
964 					}
965 				}
966 
967 			}
968 			*server_response = estrndup(buf, Received - dec);
969 		}
970 		return (SMTP_SERVER_ERROR);
971 	}
972 
973 	return (SUCCESS);
974 }
975 
976 
977 //*********************************************************************
978 // Name:  unsigned long GetAddr (LPSTR szHost)
979 // Input:
980 // Output:
981 // Description: Given a string, it will return an IP address.
982 //   - first it tries to convert the string directly
983 //   - if that fails, it tries o resolve it as a hostname
984 //
985 // WARNING: gethostbyname() is a blocking function
986 // Author/Date:  jcar 20/9/96
987 // History:
988 //*********************************************************************
GetAddr(LPSTR szHost)989 static unsigned long GetAddr(LPSTR szHost)
990 {
991 	LPHOSTENT lpstHost;
992 	u_long lAddr = INADDR_ANY;
993 
994 	/* check that we have a string */
995 	if (*szHost) {
996 
997 		/* check for a dotted-IP address string */
998 		lAddr = inet_addr(szHost);
999 
1000 		/* If not an address, then try to resolve it as a hostname */
1001 		if ((lAddr == INADDR_NONE) && (strcmp(szHost, "255.255.255.255"))) {
1002 
1003 			lpstHost = gethostbyname(szHost);
1004 			if (lpstHost) {		/* success */
1005 				lAddr = *((u_long FAR *) (lpstHost->h_addr));
1006 			} else {
1007 				lAddr = INADDR_ANY;		/* failure */
1008 			}
1009 		}
1010 	}
1011 	return (lAddr);
1012 } /* end GetAddr() */
1013 
1014 /* returns the contents of an angle-addr (caller needs to efree) or NULL */
get_angle_addr(char * address)1015 static char *get_angle_addr(char *address)
1016 {
1017 	bool in_quotes = 0;
1018 	char *p1 = address, *p2;
1019 
1020 	while ((p1 = strpbrk(p1, "<\"\\")) != NULL) {
1021 		if (*p1 == '\\' && in_quotes) {
1022 			if (p1[1] == '\0') {
1023 				/* invalid address; let SMTP server deal with it */
1024 				return NULL;
1025 			}
1026 			p1++;
1027 		} else if (*p1 == '"') {
1028 			in_quotes = !in_quotes;
1029 		} else if (*p1 == '<' && !in_quotes) {
1030 			break;
1031 		}
1032 		p1++;
1033 	}
1034 	if (p1 == NULL) return NULL;
1035 	p2 = ++p1;
1036 	while ((p2 = strpbrk(p2, ">\"\\")) != NULL) {
1037 		if (*p2 == '\\' && in_quotes) {
1038 			if (p2[1] == '\0') {
1039 				/* invalid address; let SMTP server deal with it */
1040 				return NULL;
1041 			}
1042 			p2++;
1043 		} else if (*p2 == '"') {
1044 			in_quotes = !in_quotes;
1045 		} else if (*p2 == '>' && !in_quotes) {
1046 			break;
1047 		}
1048 		p2++;
1049 	}
1050 	if (p2 == NULL) return NULL;
1051 
1052 	return estrndup(p1, p2 - p1);
1053 }
1054 
1055 //*********************************************************************
1056 // Name:  int FormatEmailAddress
1057 // Input:
1058 // Output:
1059 // Description: Formats the email address to remove any content outside
1060 //   of the angle brackets < > as per RFC 2821.
1061 //
1062 //   Returns the invalidly formatted mail address if the < > are
1063 //   unbalanced (the SMTP server should reject it if it's out of spec.)
1064 //
1065 // Author/Date:  garretts 08/18/2009
1066 // History:
1067 //*********************************************************************
FormatEmailAddress(char * Buf,char * EmailAddress,char * FormatString)1068 static int FormatEmailAddress(char* Buf, char* EmailAddress, char* FormatString) {
1069 	char *tmpAddress;
1070 	int result;
1071 
1072 	if ((tmpAddress = get_angle_addr(EmailAddress)) != NULL) {
1073 		result = snprintf(Buf, MAIL_BUFFER_SIZE, FormatString, tmpAddress);
1074 		efree(tmpAddress);
1075 		return result;
1076 	}
1077 	return snprintf(Buf, MAIL_BUFFER_SIZE , FormatString , EmailAddress );
1078 } /* end FormatEmailAddress() */
1079