[RCD] Proposed patch against against 1732

David Lublink roundcube.net at spam.bounceme.net
Thu Sep 4 23:07:40 CEST 2008


I spoke to soon, there is a small bug in this patch. I'll fix it and 
send the updated patch.

David Lublink wrote:
> Hello,
>
> I received an email today with 232 emails listed in the To: header. 
> Most of them had accents in the names so there was about 200 encoding 
> emails in the To: header. The method responsable for this is 
> decode_mime_string() and is recursive. My server stops recursion at 
> the 150th level. So the email caused PHP to crash and a blank page to 
> be shown.
>
> I wrote the following patch against revision 1732 which will resolve 
> the issue. I changed the recursion for iteration :
>
> Index: program/include/rcube_imap.php
> ===================================================================
> --- program/include/rcube_imap.php    (revision 1732)
> +++ program/include/rcube_imap.php    (working copy)
> @@ -2416,9 +2416,10 @@
>   function decode_mime_string($input, $fallback=null)
>     {
>     $out = '';
> +    $work = $input;
>
> -    $pos = strpos($input, '=?');
> -    if ($pos !== false)
> +    // Iterate instead of recursing, this way if there are too many 
> values we don't have stack overflows
> +    while( strpos($work, '=?') )
>       {
>       // rfc: all line breaks or other characters not found       // 
> in the Base64 Alphabet must be ignored by decoding software
> @@ -2436,7 +2437,7 @@
>       $rest = substr($input, $end_pos+2);
>
>       $out .= rcube_imap::_decode_mime_string_part($encstr);
> -      $out .= rcube_imap::decode_mime_string($rest, $fallback);
> +      $work = $rest;
>
>       return $out;
>       }
>
> Please include this into trunk of round cube. Additionally, it would 
> be nice if you patched this to the stable version. To patch this to 
> the stable version, you'll want to change rcube_imap.php to 
> rcube_imap.inc before patching. Using patch that comes with gentoo, it 
> patched fine with fuzz.
>
> I tested this patch on trunk and on the stable release 0.1.1. I have 
> noticed that PHP is slow on calling methods statically, so the 
> iteration will be a bit faster than the recursion. :D
>
> Please let me know,
>
> David
>
>
>
>
>
>
>
>
>
> --- 8< --- detachments --- 8< ---
> The following attachments have been detached and are available for 
> viewing.
>  http://detached.gigo.com/rc/WA/DcyDmMrV/against-1732.patch
> Only click these links if you trust the sender, as well as this message.
> --- 8< --- detachments --- 8< ---
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> List info: http://lists.roundcube.net/dev/
>   

_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list