[#7754] smime.php extractSignedContents hangs on larger mails (openssl process never returns)
Summary smime.php extractSignedContents hangs on larger mails (openssl process never returns)
Queue Horde Framework Packages
Queue Version FRAMEWORK_3
Type Bug
State Resolved
Priority 1. Low
Owners Michael Slusarz <slusarz (at) horde (dot) org>
Requester harakiri_23 (at) yahoo (dot) com
Created 12/05/08 (466 days ago)
Due
Updated 01/12/10 (63 days ago)
Assigned
Resolved 12/07/08 (464 days ago)
Attachments
Milestone
Patch No

History
01/12/10 CVS Commit Comment #4 Reply to this comment
Changes have been made in Git for this ticket:

Merge fix from Ticket #7754
Use file_put_contents() when possible.

http://git.horde.org/diff.php/framework/Crypt/lib/Horde/Crypt/smime.php?rt=horde-git&r1=b038b6ac295e05fb5d8e9247b52379dd17b59b40&r2=bb88d985374d6daf1091ebaebf2347c5acc783ad
12/07/08 Michael Slusarz Comment #3
Priority ⇒ 1. Low
State ⇒ Resolved
Assigned to Michael Slusarz		 Reply to this comment
Makes sense.  Tweaked and committed to Horde 3.3.1.
12/07/08 CVS Commit Comment #2 Reply to this comment
Changes have been made in CVS for this ticket:

http://cvs.horde.org/diff.php/framework/Crypt/Crypt/smime.php?r1=1.72&r2=1.73&ty=u
12/05/08 harakiri_23 (at) yahoo (dot) com Comment #1
Summary ⇒ smime.php extractSignedContents hangs on larger mails (openssl process never returns)
Type ⇒ Bug
Priority ⇒ 3. High
State ⇒ Unconfirmed
Patch ⇒
Milestone ⇒
Queue ⇒ Horde Framework Packages		 Reply to this comment
The function function extractSignedContents($data, $sslpath) in 
smime.php used by imp to get the mail content without signature, uses 
piped input for openssl communication.



This is a bad approach and not suggested by the openssl mailling list, 
because depending on the system it will lead to side effects. For 
small messages ( <100kb) it will work fine, but for larger the 
function call never returns because a simply ps aux reveals openssl 
never returns.



Instead of piping the message to the openssl input, temporary file 
input and output should be used like all other functions already 
implemented in the smime.php libary.



The following corrected function will dont have any issues on any 
system, plus its a lot faster then piping, also the php mem size can 
be lower then for piping input:



/**

      * Extract the contents from signed S/MIME data.

      *

      * @param string $data     The signed S/MIME data.

      * @param string $sslpath  The path to the OpenSSL binary.

      *

      * @return string  The contents embedded in the signed data.

      *                 Returns PEAR_Error on error.

      */

     function extractSignedContents($data, $sslpath)

     {

      // dont use pipes ! openssl will hang

         /* Check for availability of OpenSSL PHP extension. */

         $openssl = $this->checkForOpenSSL();

         if (is_a($openssl, 'PEAR_Error')) {

             return $openssl;

         }



         $input = $this->_createTempFile('horde-smime');

         $output = $this->_createTempFile('horde-smime');



         /* Write text to file */

         $fp = fopen($input, 'w+');

         fwrite($fp, $data);

         fclose($fp);



         exec($sslpath . ' smime -verify -noverify -nochain -in ' 
.$input. ' -out ' .$output);



         $return = file_get_contents($output);

         return $return;

     }





This is a critical issue and should be fixed in the next release.



Thanks