6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
8/12/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#7754] smime.php extractSignedContents hangs on larger mails (openssl process never returns)
*
Your Email Address
*
Spam protection
Enter the letters below:
. ..___.__ \ /.__. |__|[__ [__) >< | | | |[___| \/ \|__\
Comment
> The function function extractSignedContents($data, $sslpath) in > smime.php used by imp to get the mail content without signature, uses > piped input for openssl communication. > > > > This is a bad approach and not suggested by the openssl mailling > list, because depending on the system it will lead to side effects. > For small messages ( <100kb) it will work fine, but for larger the > function call never returns because a simply ps aux reveals openssl > never returns. > > > > Instead of piping the message to the openssl input, temporary file > input and output should be used like all other functions already > implemented in the smime.php libary. > > > > The following corrected function will dont have any issues on any > system, plus its a lot faster then piping, also the php mem size can > be lower then for piping input: > > > > /** > > * Extract the contents from signed S/MIME data. > > * > > * @param string $data The signed S/MIME data. > > * @param string $sslpath The path to the OpenSSL binary. > > * > > * @return string The contents embedded in the signed data. > > * Returns PEAR_Error on error. > > */ > > function extractSignedContents($data, $sslpath) > > { > > // dont use pipes ! openssl will hang > > /* Check for availability of OpenSSL PHP extension. */ > > $openssl = $this->checkForOpenSSL(); > > if (is_a($openssl, 'PEAR_Error')) { > > return $openssl; > > } > > > > $input = $this->_createTempFile('horde-smime'); > > $output = $this->_createTempFile('horde-smime'); > > > > /* Write text to file */ > > $fp = fopen($input, 'w+'); > > fwrite($fp, $data); > > fclose($fp); > > > > exec($sslpath . ' smime -verify -noverify -nochain -in ' > .$input. ' -out ' .$output); > > > > $return = file_get_contents($output); > > return $return; > > } > > > > > > This is a critical issue and should be fixed in the next release. > > > > Thanks
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers