0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- Fix busy loop and notice when two literals in IMAP fetch (#1739433).

Browse source 
thanks James E. Blair
This commit is contained in:
Thijs Kinkhorst 2007-06-25 21:05:56 +00:00
parent cb245625f3
commit 593944ce7f
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -200,6 +200,7 @@ Version 1.5.2 - SVN
charset conversion exploits, and request forgery through included
images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
for reporting these issues. [CVE-2007-1262]
- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------

7
functions/imap_general.php
View file

@ -466,6 +466,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
we prohibid that literal responses appear in the
outer loop so we can trust the untagged and
tagged info provided by $read */
$read_literal = false;
if ($s === "}\r\n") {
$j = strrpos($read,'{');
$iLit = substr($read,$j+1,-3);
@ -490,7 +491,9 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
if ($read === false) { /* error */
break 4; /* while while switch while */
}
$fetch_data[] = $read;
$s = substr($read,-3);
$read_literal = true;
continue;
} else {
$fetch_data[] = $read;
}
@ -503,7 +506,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
/* check for next untagged reponse and break */
if ($read{0} == '*') break 2;
$s = substr($read,-3);
} while ($s === "}\r\n");
} while ($s === "}\r\n" || $read_literal);
$s = substr($read,-3);
} while ($read{0} !== '*' &&
substr($read,0,strlen($tag)) !== $tag);