ports/108519: mail/squirrelmail-devel sets incorrect From in return receipt

Cristian KLEIN cristi at net.utcluj.ro
Mon Jan 29 16:10:20 UTC 2007 

>Number:         108519
>Category:       ports
>Synopsis:       mail/squirrelmail-devel sets incorrect From in return receipt
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 29 16:10:19 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Cristian KLEIN
>Release:        FreeBSD 5.4
>Organization:
Technical University of Cluj-Napoca
>Environment:
FreeBSD bavaria.utcluj.ro 5.4-RELEASE-p13 FreeBSD 5.4-RELEASE-p13 #0: Tue Mar 28 16:16:32 EEST 2006     cristiklein at bavaria.utcluj.ro:/usr/obj/usr/src/sys/BAVARIA  i386
>Description:
A return receipt is a small e-mail notice which is sent by a user, to confirm that he has received / read an e-mail.

When using squirrelmail-devel to send such notices, the From header of the e-mail is set incorrectly.

This error happens because the Deliver_SMTP class alters the From header for its internal processing. Due to the way PHP works, the altered From header is altered in subsequent processing, including the composition of the return receipt.
>How-To-Repeat:
* Install squirrelmail-devel.
* Send an e-mail which requires return receipt
* Open that e-mail in squirrelmail
* Send a return receipt for that e-mail

Expected behaviour:
The user which sent the first e-mail should receive a notice with the From header equal to the destination of that first e-mail.

Actual behaviour:
The user which sent the first e-mail receives a notice from a strange e-mail address.

>Fix:
The following patch will dupplicate the $rfc822_header variable for Deliver_SMTP's internal processing, so that is alternation won't affect other squirrelmail components.

--- class/deliver/Deliver_SMTP.class.php.orig   Sat Jan 28 21:24:07 2006
+++ class/deliver/Deliver_SMTP.class.php        Mon Nov 13 16:26:14 2006
@@ -69,7 +69,7 @@
             $this->authPop($host, '', $user, $pass);
         }

-        $rfc822_header = $message->rfc822_header;
+        $rfc822_header = unserialize(serialize($message->rfc822_header));

         $from = $rfc822_header->from[0];
         $to =   $rfc822_header->to;

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list