0ct0pu5/squirrelmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- Fix busy loop and notice when two literals in IMAP fetch (#1739433).

Browse source 
thanks James E. Blair
This commit is contained in:
Thijs Kinkhorst 2007-06-25 21:05:56 +00:00
parent cb245625f3
commit 593944ce7f
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -200,6 +200,7 @@ Version 1.5.2 - SVN
charset conversion exploits, and request forgery through included charset conversion exploits, and request forgery through included
images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
for reporting these issues. [CVE-2007-1262] for reporting these issues. [CVE-2007-1262]
- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
Version 1.5.1 (branched on 2006-02-12) Version 1.5.1 (branched on 2006-02-12)
-------------------------------------- --------------------------------------

7
functions/imap_general.php
View file

@ -466,6 +466,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
we prohibid that literal responses appear in the we prohibid that literal responses appear in the
outer loop so we can trust the untagged and outer loop so we can trust the untagged and
tagged info provided by $read */ tagged info provided by $read */
$read_literal = false;
if ($s === "}\r\n") { if ($s === "}\r\n") {
$j = strrpos($read,'{'); $j = strrpos($read,'{');
$iLit = substr($read,$j+1,-3); $iLit = substr($read,$j+1,-3);
@ -490,7 +491,9 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
if ($read === false) { /* error */ if ($read === false) { /* error */
break 4; /* while while switch while */ break 4; /* while while switch while */
} }
$fetch_data[] = $read; $s = substr($read,-3);
$read_literal = true;
continue;
} else { } else {
$fetch_data[] = $read; $fetch_data[] = $read;
} }
@ -503,7 +506,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
/* check for next untagged reponse and break */ /* check for next untagged reponse and break */
if ($read{0} == '*') break 2; if ($read{0} == '*') break 2;
$s = substr($read,-3); $s = substr($read,-3);
} while ($s === "}\r\n"); } while ($s === "}\r\n" || $read_literal);
$s = substr($read,-3); $s = substr($read,-3);
} while ($read{0} !== '*' && } while ($read{0} !== '*' &&
substr($read,0,strlen($tag)) !== $tag); substr($read,0,strlen($tag)) !== $tag);