Need help: been getting "double newline in headers"

[mobsta]

I have a 3rd party app installed called Bambooinvoice. Was working flawlessly before, but not sure when things stopped working since this feature is rarely used at the moment. As the title says, been getting this error when emailing, this is the whole error I'm getting

Code:

[Sun Oct 12 00:14:06 2008] [error] [client ""My IP""] ALERT - mail() - double newline in headers, possible injection, mail dropped (attacker '""My IP""', file '/home/cPanel username/public_html/bamboo_system_files/libraries/Email.php', line 1444), referer: http://mysite.net/index.php/invoices

And this is the email.php script it's using to send the emails(Due to the size of file a compressed copy is attached to the message). I hope this is enough info to get this resolved. If more info is required please ask. One more thing, bare with me, I'm a real noob when it comes to this kind of things but I'm usually good at following instructions.

Hope to hear from you soon.

[mobsta]

Bump

[Coonz]

Not to sure but no one else has suggested anything. I think it may have to due with the php. Have you upgraded your php? Some php versions don't allow you to send mail...

[Soki]

Not to sure but no one else has suggested anything. I think it may have to due with the php. Have you upgraded your php? Some php versions don't allow you to send mail...

Because this isn't the correct section.
It may be a third party script, but he needs help with PHP.
*Moved to Programming Help*

It may be due to your Exim not being online at that time on your server.

[mobsta]

Thank you Sokii for moving it.
I've done some more reading on the issue and found few sites that talk about a script that gets installed to combat spamming. Here is the article

Code:

http://forum.hardened-php.net/viewtopic.php?id=79

I'm leaning towards a conclusion that this or a similar modification was done to the servers here( I'm on add free).

I'm just hoping that someone will know what it is and can give me mod so I can pass it on to the developer of the app so he can fix it. Or if any one can come up with a fix here.

Thank you guys for the help.

[mobsta]

Guys anyone know about this issue, who would know what type of spam combating script are they running on Absolut add free server. I hope I'll get some clues and pass it onto the program developer.

Thank you all.

[mephis]

in the source code:

PHP Code:

/*1442*/        // most documentation of sendmail using the "-f" flag lacks a space after it, however
/*1443*/        // we've encountered servers that seem to require it to be in place.
/*1444*/        if ( ! mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str, "-f ".$this->clean_email($this->_headers['From'])))
/*1445*/        {
/*1446*/            return FALSE;
/*1447*/        }
/*1448*/        else
/*1449*/        {
/*1450*/            return TRUE;
/*1451*/        } 


the comment above the if statement mentions the extra space they added,
have you tried removing that extra space? "-f " -> "-f"

[mobsta]

Tried that before and tried it now. Still the same problem. Mail gets dropped.
Would it realistic to think that a script similar to this is being used on absalut

Code:

Code:

diff -ru php-4.4.2/ext/standard/mail.c php-4.4.2-ws/ext/standard/mail.c
--- php-4.4.2/ext/standard/mail.c       2006-01-01 14:46:57.000000000 +0100
+++ php-4.4.2-ws/ext/standard/mail.c    2006-02-28 17:56:36.000000000 +0100
@@ -103,6 +103,23 @@
                return;
        }

+
+       if (headers_len > 0 && headers && (strstr(headers,"\n\n") || strstr(headers,"\r\n\r\n")) ) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "double newline in headers, possible injection, mail dropped");
+               RETURN_FALSE;
+       }
+
+       /* check for spam attempts with buggy webforms */
+       if (strchr(to, '\n') != NULL || strchr(to, '\r') != NULL) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "newline in to header, possible injection, mail dropped");
+               RETURN_FALSE;
+       }
+                                                                           
+       if (strchr(subject, '\n') != NULL || strchr(subject, '\r') != NULL) {               
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "newline subject header, possible injection, mail dropped");
+               RETURN_FALSE;
+       }
+

Thank you for the reply M8

[mobsta]

Thank you guys for all the effort, this issue has been solved. It was a bug in codeigniter email library file. A bug report has been filed and hopefully it'll be fixed.

This is the fix for it.

http://forums.bambooinvoice.org/inde...iewthread/686/

this is the bug report on Codeigniter

http://codeigniter.com/bug_tracker/bug/6681/

Hopefully this will help others in the future.