Hi all,
I got reports from RC users claiming their recipients got the wrong attachments, attachments belonging to other RC users.
So I added some logging to plugins/filesystem_attachments/filesystem_attachments.php:
<> if (!$args['path']) { $rcmail = rcmail::get_instance(); $temp_dir = $rcmail->config->get('temp_dir'); $tmp_path = tempnam($temp_dir, 'rcmAttmnt'); write_log('sendmail', sprintf('Saving attachtment for %s to %s.', $RCMAIL->user->get_username(), $tmp_path)); ... <>
Here are some (anonymized) lines from logs/sendmail (notice the typo, which accidentally makes for easier grep'ing):
<> [09-Oct-2012 09:11:29 +0200]: Saving attachtment for <user1> to <path>/temp/rcmAttmntP007sn. [09-Oct-2012 09:18:10 +0200]: Saving attachtment for <user2> to <path>/temp/rcmAttmntP007sn. [09-Oct-2012 09:26:33 +0200]: Saving attachtment for <user3> to <path>/temp/rcmAttmntP007sn. <>
With an average of 30 attachments total for all users on this server, those filenames don't look very random to me.
So I added some more logging to program/steps/mail/attachments.inc:
<> if (!$err) { $attachment = array( 'path' => $filepath, 'size' => $_FILES['_attachments']['size'][$i], 'name' => $_FILES['_attachments']['name'][$i], 'mimetype' => rc_mime_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i]), 'group' => $COMPOSE_ID, ); write_log('sendmail', sprintf('Uploaded attachtment for %s in %s.', $RCMAIL->user->get_username(), $filepath)); ... <>
Which gives me duplicate filenames as well:
<> [09-Oct-2012 09:16:59 +0200]: Uploaded attachtment for <user1> in <path>/tmp/phpH007sn. [09-Oct-2012 09:23:52 +0200]: Uploaded attachtment for <user2> in <path>/tmp/phpH007sn. <>
So this is obviously not an RC bug, but a PHP bug.
My question is: Has anyone seen this before? I cannot find a related bug on https://bugs.php.net/
Robin
On 10/09/2012 09:51 AM, Robin Elfrink wrote:
So this is obviously not an RC bug, but a PHP bug.
My question is: Has anyone seen this before? I cannot find a related bug on https://bugs.php.net/
What PHP/OS version?
On 10/09/2012 09:58 AM, A.L.E.C wrote:
So this is obviously not an RC bug, but a PHP bug.
My question is: Has anyone seen this before? I cannot find a related bug on https://bugs.php.net/
What PHP/OS version?
php5 5.3.2 on FreeBSD 7.4.
I'm going to set up a new box today with a more recent OS and see what that does.
Robin
On 10/09/2012 09:51 AM, Robin Elfrink wrote:
$tmp_path = tempnam($temp_dir, 'rcmAttmnt');
I suppose changing this to
$tmp_path = tempnam($temp_dir, 'rcmAttmnt' . $RCMAIL->user->ID);
should at least fix security part of this issue.
On 10/09/2012 10:02 AM, A.L.E.C wrote:
$tmp_path = tempnam($temp_dir, 'rcmAttmnt');I suppose changing this to
$tmp_path = tempnam($temp_dir, 'rcmAttmnt' . $RCMAIL->user->ID);
should at least fix security part of this issue.
Yes, on RC's part. I was thinking about that.
But then still I get duplicates in $_FILES.
Robin
On 10/09/2012 09:51 AM, Robin Elfrink wrote:
[09-Oct-2012 09:23:52 +0200]: Uploaded attachtment for <user2> in <path>/tmp/phpH007sn.
Hmm.. What's your temp_dir setting in Roundcube config? Does it points to /tmp folder? If not, does the folder exist and is writeable by http server?
Hello Robin
That's interesting. I added the logging to attachments.inc to see if the same happens on my systems (RC 0.7.2, PHP 5.2.17). But the "randomness" seems to work:
RC 0.7.2 with PHP 5.2.17 (PHP 5.2) [09-Oct-2012 09:58:51 +0200]: Uploaded attachtment for user1@localhost in /tmp/php5PHusb.
[09-Oct-2012 10:00:00 +0200]: Uploaded attachtment for user2@localhost in /tmp/phprn11nz.
[09-Oct-2012 10:00:20 +0200]: Uploaded attachtment for user2@localhost in /tmp/phpacekPS.
[09-Oct-2012 10:00:31 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpduCBlP.
[09-Oct-2012 10:02:22 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpD9cUNm.
[09-Oct-2012 10:02:30 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpn1uWXX.
RC 0.7.2 with PHP 5.3.17 (PHP 5.3) [09-Oct-2012 10:07:06 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpEbshLs.
[09-Oct-2012 10:07:13 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpNm3FL8.
[09-Oct-2012 10:07:22 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpShflmK.
[09-Oct-2012 10:08:06 +0200]: Uploaded attachtment for user2@localhost in /tmp/phpkDOEdw.
[09-Oct-2012 10:08:11 +0200]: Uploaded attachtment for user2@localhost in /tmp/phppVz1wg.
RC 0.8.1 with PHP 5.2.17 (PHP 5.2) [09-Oct-2012 10:11:36 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpQ38fu2.
[09-Oct-2012 10:11:44 +0200]: Uploaded attachtment for user1@localhost in /tmp/phplQnw2j.
[09-Oct-2012 10:11:53 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpyl7Tm6.
[09-Oct-2012 10:12:24 +0200]: Uploaded attachtment for user2@localhost in /tmp/phpCvIMQM.
[09-Oct-2012 10:12:30 +0200]: Uploaded attachtment for user2@localhost in /tmp/phpi2NmWj.
[09-Oct-2012 10:12:36 +0200]: Uploaded attachtment for user2@localhost in /tmp/phpUmScAb.
[09-Oct-2012 10:12:48 +0200]: Uploaded attachtment for user1@localhost in /tmp/phpJVEDJi.
Seems to be an issue in your PHP environment only?
On Tue, Oct 9, 2012 at 9:51 AM, Robin Elfrink robin@15augustus.nl wrote:
Hi all,
I got reports from RC users claiming their recipients got the wrong attachments, attachments belonging to other RC users.
So I added some logging to plugins/filesystem_attachments/filesystem_attachments.php:
<> if (!$args['path']) { $rcmail = rcmail::get_instance(); $temp_dir = $rcmail->config->get('temp_dir'); $tmp_path = tempnam($temp_dir, 'rcmAttmnt'); write_log('sendmail', sprintf('Saving attachtment for %s to %s.', $RCMAIL->user->get_username(), $tmp_path)); ... <>
Here are some (anonymized) lines from logs/sendmail (notice the typo, which accidentally makes for easier grep'ing):
<> [09-Oct-2012 09:11:29 +0200]: Saving attachtment for <user1> to <path>/temp/rcmAttmntP007sn. [09-Oct-2012 09:18:10 +0200]: Saving attachtment for <user2> to <path>/temp/rcmAttmntP007sn. [09-Oct-2012 09:26:33 +0200]: Saving attachtment for <user3> to <path>/temp/rcmAttmntP007sn. <>
With an average of 30 attachments total for all users on this server, those filenames don't look very random to me.
So I added some more logging to program/steps/mail/attachments.inc:
<> if (!$err) { $attachment = array( 'path' => $filepath, 'size' => $_FILES['_attachments']['size'][$i], 'name' => $_FILES['_attachments']['name'][$i], 'mimetype' => rc_mime_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i]), 'group' => $COMPOSE_ID, ); write_log('sendmail', sprintf('Uploaded attachtment for %s in %s.', $RCMAIL->user->get_username(), $filepath)); ... <>
Which gives me duplicate filenames as well:
<> [09-Oct-2012 09:16:59 +0200]: Uploaded attachtment for <user1> in <path>/tmp/phpH007sn. [09-Oct-2012 09:23:52 +0200]: Uploaded attachtment for <user2> in <path>/tmp/phpH007sn. <>
So this is obviously not an RC bug, but a PHP bug.
My question is: Has anyone seen this before? I cannot find a related bug on https://bugs.php.net/
Robin _______________________________________________ Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
On 10/09/2012 10:15 AM, Claudio Kuenzler wrote:
That's interesting. I added the logging to attachments.inc to see if the same happens on my systems (RC 0.7.2, PHP 5.2.17). But the "randomness" seems to work:
Thanks, very helpful.
As said I'll install RC on a new box with a recent OS, and report back tomorrow.
Robin
On 10/09/2012 10:22 AM, Robin Elfrink wrote:
As said I'll install RC on a new box with a recent OS, and report back tomorrow.
I copied my RC-installation to a new machine, running Ubuntu server, and haven't seen any duplicate filenames yet.
Thanks everybody.
I believe the problem had to do with this specific machine. It's running an old FreeBSD, a not-so-old PHP, and has been moved from physical hardware to vmware a couple of years ago. May have had something to do with the OS' random algorithms.
Robin
-
A.L.E.C -
Claudio Kuenzler -
Robin Elfrink