Menu
▾
▴
Re: [SM-PLUGINS] Updated S/MIME Verification plugin
|
From: Walter H. <Wal...@ma...> - 2015-06-25 06:43:56
|
On 24.6.2015 23:46, Paul Lesniewski wrote:
> On 6/22/15, Walter H.<wal...@ma...> wrote:
>
>> $fd = fopen( ... )
>> while (!feof($fd)) //<-- there is the problem in downloadcert.php, {
>> // no error check, if the fopen failed or not ... ...
> Indeed, that must be fixed, but the question this raises is how you
> got there without having a valid cert? Can you please share the full
> message source of an example message that causes this?
>
yes,
for this testing purpose I took the functions.php of release 1.0 with my
release 1.1
added this few lines on top:
global $echo, $openssl, $cadir, $easycerts;
$echo = "/bin/echo";
$openssl = "/usr/bin/openssl";
$cadir = "/etc/ssl/certs";
$easycerts = "";
because the are not used any more in my release 1.1
sent me 2 messages, one that failes and one this is ok
https://vhost01.mathemainzel.info/sqmailplugin/msg-failed.eml
https://vhost01.mathemainzel.info/sqmailplugin/msg-ok.eml
the results in Squirrelmail
https://vhost01.mathemainzel.info/sqmailplugin/screen-failed.png
https://vhost01.mathemainzel.info/sqmailplugin/screen-ok.png
this failed mail shown in my thunderbird
https://vhost01.mathemainzel.info/sqmailplugin/screen-failed-tb.png
and shown with my plugin release 1.1 in Squirrelmail
https://vhost01.mathemainzel.info/sqmailplugin/screen-failed-myrelease.png
the other critical bugs are in functions.php
$subjectmessage = escapeshellarg($message_in);
exec("$echo $subjectmessage | $openssl ... ");
// nowhere is said, that the message in variable $message_in comes to
pipe-in of '| openssl ...'
// in other words, escapeshellarg modifies the message, that is causing
the problems shown above,
// therefore the modifications in my release 1.1
>> I fixed them and also did some error handling: now it is possible to see
>> the difference between the following:
> Thanks for your contributions. I'll have a look.
>
> - Paul
>
Thanks.
Greetings from Austria,
Walter
|
