[php-maint] Bug#576147: (no subject)
Michael Stucki
michael at typo3.org
Fri Apr 30 10:04:36 UTC 2010
Interestingly I'm having exactly the same problem like Toni. Same TYPO3
version, same line, same error.
The error log says:
| [Fri Apr 30 09:51:07 2010] [error] [client xx.xx.xx.xx] ALERT - canary
| mismatch on efree() - heap overflow detected (attacker 'xx.xx.xx.xx',
| file '/var/www/typo3_src-4.2/t3lib/class.t3lib_htmlmail.php', line
| 718), referer: http://abc.com/
This very line calls ini_set to update the "sendmail_from" property:
| ini_set('sendmail_from', $tmpVal);
I see nothing special with this, $tmpVal is just the regular email address.
Also note that it sometimes works. It's probably 1/3 of all attempts
which fail, so it is just partly reproducable...
It seems like I'm able to isolate the problem by adding nothing but this
line into an empty script:
<?php
ini_set(sendmail_from('info at myhost.com');
?>
So there must be something wrong with ini_set trying to overwrite
sendmail_from.
Note that in php.ini, the sendmail_from as well as the sendmail_path
properties are both no set (commented out).
More information about the pkg-php-maint
mailing list