Preg_match() in class-phpmailer.php is causing timeout

[nicktc]

Hi,

I tried to send an email via contact form 7 plugin. This wasn't working, so I debugged it. Found out that the actual problem is in the core, as I believe wp-includes/class-phpmailer.php is a core file.

On line 737 it's executing a preg_match to validate the address, but while doing it it's timing out (more then 30 secs). Seems like an error perhaps in the regular expression. Or it must be a server thing, but I can't imagine that.

Line 737:

return preg_match('/^(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[	 ])+|(?>[	 ]*\x0D\x0A)?[	 ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD', $address);

I also tested this defect with a simple file like this:

<?php

$address = "username@email.com";
var_dump(preg_match('/^(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[ -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[	 ])+|(?>[	 ]*\x0D\x0A)?[	 ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD', $address));

?>

You wil see that it takes a lot of time, or even exceeds the maximum execution time.

[nacin]

I can't reproduce using username@email.com. nicktc, can you provide some information for us?

var_dump(
    PHP_VERSION,
    PCRE_VERSION,
    ini_get( 'pcre.backtrack_limit' ),
    ini_get( 'pcre.recursion_limit' )
);

Moving to 3.6.2 for review, as this was introduced in [23522].

[SergeyBiryukov]

Could not reproduce either.

PHP_VERSION: 5.2.14
PCRE_VERSION: 8.02 2010-03-19
pcre.backtrack_limit: 100000
pcre.recursion_limit: 100000

[nicktc]

Hi,

Hereby my settings:

string(6) "5.2.17"
string(15) "8.02 2010-03-19"
string(6) "100000"
string(6) "100000"

Maybe it has to do because in the pattern I see things like ?>, maybe it's conflicting with the PHP tags?

[vinod dalvi]

I also could not reproduce it.

My Settings :

string(5) "5.3.1"
string(15) "8.00 2009-10-19"
string(6) "100000"
string(6) "100000"

[MattyRob]

That regex is coming from the PHPMailer validateAddress() function and it seems to have had an overhaul in the most recent release version of PHPMailer (5.2.7).

It might be worth testing and see if that newer version resolves this issue if it is still happening.
​https://github.com/Synchro/PHPMailer/blob/v5.2.7/class.phpmailer.php

[jlambe]

Hi,

I was not able to reproduce the "error" with my settings.

string(5) "5.4.6"
string(15) "8.12 2011-01-15"
string(7) "1000000"
string(6) "100000"

The regular expression performs fast and return (int)1

Also I've tested the latest class of PHPMailer as suggested by MattyRob and used the 'validateAdress()' method and everything seems to work properly and fast.

Are you sure it's coming from the core and not by using the plugin Contact Form 7 ? May be it's their AJAX call to send the email that takes time ? Also check you're hosting provider if they don't set limitations with php mail.

[nicktc]

No, it's not the contact module. As I said I have isolated this pregmatch in a single PHP file. No Wordpress, not Contact plugin. So it's definately something with my server, if you guys don't have this problem. I can tell you that on my server that pregmatch is causing a timeout.

[tyxla]

Hi there,

I've conducted sevaral independent tests and i was not able to replicate the issue at all.
I'm getting the same results as the guys above.

[johnbillion]

Closing as worksforme after discussion at WCEU. One possible thing to check for on your server is a low backreference limit. If I think of the actual setting name while I'm eating some pizza I'll post it here.

[SergeyBiryukov]

Replying to johnbillion:

One possible thing to check for on your server is a low backreference limit. If I think of the actual setting name while I'm eating some pizza I'll post it here.

​http://www.php.net/manual/en/pcre.configuration.php

[jeroensmeets]

Replying to nicktc:

No, it's not the contact module. As I said I have isolated this pregmatch in a single PHP file. No Wordpress, not Contact plugin. So it's definately something with my server, if you guys don't have this problem. I can tell you that on my server that pregmatch is causing a timeout.

Nick, wanted to let you know I have the same issue on a server with the exact same PHP (5.2.17) and PCRE (8.02) versions -- regex timing out after 30 seconds.