From ff44d1a891be94be9afaae31de7dc813226eafb0 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <ilia@ilia.ws>
Date: Sun, 7 Jun 2026 10:22:22 -0400
Subject: [PATCH] Fix memory leak of parameter name after an RFC2231 parameter

currentencoded was set to 1 on the first RFC2231 (name*N) parameter and
never reset, so every later parameter took the is_rfc2231_name finalize
path. When a later plain parameter arrived, neither the !currentencoded
branch (stale 1) nor the namechanged branch (stale 0) consumed its name,
so the emalloc'd name was neither stored nor freed. A header such as
"Content-Type: x/y; a*0=\"foo\"; b=\"bar\"" leaked one allocation per
plain-after-encoded parameter.

Reset currentencoded per parameter so it reflects the current parameter
only; the plain parameter now takes the !currentencoded branch, which
stores and frees its name.
---
 php_mailparse_mime.c                   |  1 +
 tests/rfc2231_plain_after_encoded.phpt | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 tests/rfc2231_plain_after_encoded.phpt

diff --git a/php_mailparse_mime.c b/php_mailparse_mime.c
index e71bfec..e9d5c3e 100644
--- a/php_mailparse_mime.c
+++ b/php_mailparse_mime.c
@@ -198,6 +198,7 @@ static struct php_mimeheader_with_attributes *php_mimeheader_alloc_from_tok(php_
 				 *
 				 * Original rfc2231 support by IceWarp Ltd. <info@icewarp.com>
 				 */
+				currentencoded = 0;
 				check_name = strchr(name, '*');
 				if (check_name) {
 				  currentencoded = 1;
diff --git a/tests/rfc2231_plain_after_encoded.phpt b/tests/rfc2231_plain_after_encoded.phpt
new file mode 100644
index 0000000..72c8d1b
--- /dev/null
+++ b/tests/rfc2231_plain_after_encoded.phpt
@@ -0,0 +1,18 @@
+--TEST--
+A plain parameter following an RFC2231 (name*N) parameter is not leaked
+--SKIPIF--
+<?php if (!extension_loaded("mailparse")) print "skip"; ?>
+--FILE--
+<?php
+$m = mailparse_msg_create();
+mailparse_msg_parse($m, "Content-Type: x/y; a*0=\"foo\"; a*1=\"bar\"; b=\"baz\"\n\nbody\n");
+$d = mailparse_msg_get_part_data($m);
+var_dump($d['content-a']);
+var_dump($d['content-b']);
+mailparse_msg_free($m);
+echo "done\n";
+?>
+--EXPECT--
+string(6) "foobar"
+string(3) "baz"
+done