[Tickets #7754] smime.php extractSignedContents hangs on larger mails (openssl process never returns)

bugs at horde.org bugs at horde.org
Fri Dec 5 10:45:24 UTC 2008 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/7754
------------------------------------------------------------------------------
  Ticket             | 7754
  Created By         | harakiri_23 at yahoo.com
  Summary            | smime.php extractSignedContents hangs on larger mails
                     | (openssl process never returns)
  Queue              | Horde Framework Packages
  Version            | FRAMEWORK_3
  Type               | Bug
  State              | Unconfirmed
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


harakiri_23 at yahoo.com (2008-12-05 05:45) wrote:

The function function extractSignedContents($data, $sslpath) in  
smime.php used by imp to get the mail content without signature, uses  
piped input for openssl communication.

This is a bad approach and not suggested by the openssl mailling list,  
because depending on the system it will lead to side effects. For  
small messages ( <100kb) it will work fine, but for larger the  
function call never returns because a simply ps aux reveals openssl  
never returns.

Instead of piping the message to the openssl input, temporary file  
input and output should be used like all other functions already  
implemented in the smime.php libary.

The following corrected function will dont have any issues on any  
system, plus its a lot faster then piping, also the php mem size can  
be lower then for piping input:

/**
      * Extract the contents from signed S/MIME data.
      *
      * @param string $data     The signed S/MIME data.
      * @param string $sslpath  The path to the OpenSSL binary.
      *
      * @return string  The contents embedded in the signed data.
      *                 Returns PEAR_Error on error.
      */
     function extractSignedContents($data, $sslpath)
     {
      // dont use pipes ! openssl will hang
         /* Check for availability of OpenSSL PHP extension. */
         $openssl = $this->checkForOpenSSL();
         if (is_a($openssl, 'PEAR_Error')) {
             return $openssl;
         }

         $input = $this->_createTempFile('horde-smime');
         $output = $this->_createTempFile('horde-smime');

         /* Write text to file */
         $fp = fopen($input, 'w+');
         fwrite($fp, $data);
         fclose($fp);

         exec($sslpath . ' smime -verify -noverify -nochain -in '  
.$input. ' -out ' .$output);

         $return = file_get_contents($output);
         return $return;
     }


This is a critical issue and should be fixed in the next release.

Thanks

More information about the bugs mailing list