Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix side-effect in destructor
SmtpTransport had the potential to create a harmful side-effect
in its destructor should an untrusted value ever be deserialized. This
solves that by removing the socket on wakeup.
  • Loading branch information
markstory committed Apr 23, 2019
1 parent f3adf8c commit 1a74e79
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
12 changes: 12 additions & 0 deletions src/Mailer/Transport/SmtpTransport.php
Expand Up @@ -78,6 +78,18 @@ public function __destruct()
}
}

/**
* Unserialize handler.
*
* Ensure that the socket property isn't reinitialized in a broken state.
*
* @return void
*/
public function __wakeup()
{
$this->_socket = null;
}

/**
* Connect to the SMTP server.
*
Expand Down
21 changes: 21 additions & 0 deletions tests/TestCase/Mailer/Transport/SmtpTransportTest.php
Expand Up @@ -709,4 +709,25 @@ public function testSendDefaults()

$this->SmtpTransport->send($email);
}

/**
* Ensure that unserialized transports have no connection.
*
* @return void
*/
public function testSerializeCleanupSocket()
{
$this->socket->expects($this->at(0))->method('connect')->will($this->returnValue(true));
$this->socket->expects($this->at(1))->method('read')->will($this->returnValue("220 Welcome message\r\n"));
$this->socket->expects($this->at(2))->method('write')->with("EHLO localhost\r\n");
$this->socket->expects($this->at(3))->method('read')->will($this->returnValue("250 OK\r\n"));

$smtpTransport = new SmtpTestTransport();
$smtpTransport->setSocket($this->socket);
$smtpTransport->connect();

$result = unserialize(serialize($smtpTransport));
$this->assertAttributeEquals(null, '_socket', $result);
$this->assertFalse($result->connected());
}
}

0 comments on commit 1a74e79

Please sign in to comment.