Tickets :: [#7754] smime.php extractSignedContents hangs on larger mails (openssl process never returns)

6.0.0-beta1

8/11/25

Summary	smime.php extractSignedContents hangs on larger mails (openssl process never returns)
Queue	Horde Framework Packages
Queue Version	FRAMEWORK_3
Type	Bug
State	Resolved
Priority	1. Low
Owners	slusarz (at) horde (dot) org
Requester	harakiri_23 (at) yahoo (dot) com
Created	12/05/2008 (6093 days ago)
Due
Updated	01/12/2010 (5690 days ago)
Assigned
Resolved	12/07/2008 (6091 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

01/12/2010 11:55:27 PM	CVS Commit	Comment #4	Reply to this comment
Changes have been made in Git for this ticket: Merge fix from ~~Ticket #7754~~ Use file_put_contents() when possible. http://git.horde.org/diff.php/framework/Crypt/lib/Horde/Crypt/smime.php?rt=horde-git&r1=b038b6ac295e05fb5d8e9247b52379dd17b59b40&r2=bb88d985374d6daf1091ebaebf2347c5acc783ad

12/07/2008 07:37:37 PM	Michael Slusarz	Comment #3 Assigned to Michael Slusarz State ⇒ Resolved Priority ⇒ 1. Low	Reply to this comment
Makes sense. Tweaked and committed to Horde 3.3.1.

12/07/2008 07:36:04 PM	CVS Commit	Comment #2	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/Crypt/Crypt/smime.php?r1=1.72&r2=1.73&ty=u

12/05/2008 10:45:23 AM	harakiri_23 (at) yahoo (dot) com	Comment #1 Priority ⇒ 3. High Patch ⇒ No Milestone ⇒ Queue ⇒ Horde Framework Packages Summary ⇒ smime.php extractSignedContents hangs on larger mails (openssl process never returns) Type ⇒ Bug State ⇒ Unconfirmed	Reply to this comment
The function function extractSignedContents($data, $sslpath) in smime.php used by imp to get the mail content without signature, uses piped input for openssl communication. This is a bad approach and not suggested by the openssl mailling list, because depending on the system it will lead to side effects. For small messages ( <100kb) it will work fine, but for larger the function call never returns because a simply ps aux reveals openssl never returns. Instead of piping the message to the openssl input, temporary file input and output should be used like all other functions already implemented in the smime.php libary. The following corrected function will dont have any issues on any system, plus its a lot faster then piping, also the php mem size can be lower then for piping input: /** * Extract the contents from signed S/MIME data. * * @param string $data The signed S/MIME data. * @param string $sslpath The path to the OpenSSL binary. * * @return string The contents embedded in the signed data. * Returns PEAR_Error on error. / function extractSignedContents($data, $sslpath) { // dont use pipes ! openssl will hang / Check for availability of OpenSSL PHP extension. / $openssl = $this->checkForOpenSSL(); if (is_a($openssl, 'PEAR_Error')) { return $openssl; } $input = $this->_createTempFile('horde-smime'); $output = $this->_createTempFile('horde-smime'); / Write text to file */ $fp = fopen($input, 'w+'); fwrite($fp, $data); fclose($fp); exec($sslpath . ' smime -verify -noverify -nochain -in ' .$input. ' -out ' .$output); $return = file_get_contents($output); return $return; } This is a critical issue and should be fixed in the next release. Thanks