Hello,
I received an email today with 232 emails listed in the To: header. Most of them had accents in the names so there was about 200 encoding emails in the To: header. The method responsable for this is decode_mime_string() and is recursive. My server stops recursion at the 150th level. So the email caused PHP to crash and a blank page to be shown.
I wrote the following patch against revision 1732 which will resolve the issue. I changed the recursion for iteration :
--- program/include/rcube_imap.php (revision 1732) +++ program/include/rcube_imap.php (working copy) @@ -2416,9 +2416,10 @@ function decode_mime_string($input, $fallback=null) { $out = '';
@@ -2436,7 +2437,7 @@ $rest = substr($input, $end_pos+2);
$out .= rcube_imap::_decode_mime_string_part($encstr);
$out .= rcube_imap::decode_mime_string($rest, $fallback);
$work = $rest;
return $out;
}
Please include this into trunk of round cube. Additionally, it would be nice if you patched this to the stable version. To patch this to the stable version, you'll want to change rcube_imap.php to rcube_imap.inc before patching. Using patch that comes with gentoo, it patched fine with fuzz.
I tested this patch on trunk and on the stable release 0.1.1. I have noticed that PHP is slow on calling methods statically, so the iteration will be a bit faster than the recursion. :D
Please let me know,
David
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/WA/DcyDmMrV/against-1732.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
I spoke to soon, there is a small bug in this patch. I'll fix it and send the updated patch.
David Lublink wrote:
Hello,
I received an email today with 232 emails listed in the To: header. Most of them had accents in the names so there was about 200 encoding emails in the To: header. The method responsable for this is decode_mime_string() and is recursive. My server stops recursion at the 150th level. So the email caused PHP to crash and a blank page to be shown.
I wrote the following patch against revision 1732 which will resolve the issue. I changed the recursion for iteration :
Index: program/include/rcube_imap.php
--- program/include/rcube_imap.php (revision 1732) +++ program/include/rcube_imap.php (working copy) @@ -2416,9 +2416,10 @@ function decode_mime_string($input, $fallback=null) { $out = '';
- $work = $input;
- $pos = strpos($input, '=?');
- if ($pos !== false)
- // Iterate instead of recursing, this way if there are too many
values we don't have stack overflows
- while( strpos($work, '=?') ) { // rfc: all line breaks or other characters not found //
in the Base64 Alphabet must be ignored by decoding software @@ -2436,7 +2437,7 @@ $rest = substr($input, $end_pos+2);
$out .= rcube_imap::_decode_mime_string_part($encstr);
$out .= rcube_imap::decode_mime_string($rest, $fallback);
$work = $rest; return $out; }
Please include this into trunk of round cube. Additionally, it would be nice if you patched this to the stable version. To patch this to the stable version, you'll want to change rcube_imap.php to rcube_imap.inc before patching. Using patch that comes with gentoo, it patched fine with fuzz.
I tested this patch on trunk and on the stable release 0.1.1. I have noticed that PHP is slow on calling methods statically, so the iteration will be a bit faster than the recursion. :D
Please let me know,
David
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/WA/DcyDmMrV/against-1732.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
List info: http://lists.roundcube.net/dev/
Hey,
Here is the proper patch. I tested it more this time.
It allows me to load my inbox and view the questionable message.
David Lublink
David Lublink wrote:
I spoke to soon, there is a small bug in this patch. I'll fix it and send the updated patch.
David Lublink wrote:
Hello,
I received an email today with 232 emails listed in the To: header. Most of them had accents in the names so there was about 200 encoding emails in the To: header. The method responsable for this is decode_mime_string() and is recursive. My server stops recursion at the 150th level. So the email caused PHP to crash and a blank page to be shown.
I wrote the following patch against revision 1732 which will resolve the issue. I changed the recursion for iteration :
Please include this into trunk of round cube. Additionally, it would be nice if you patched this to the stable version. To patch this to the stable version, you'll want to change rcube_imap.php to rcube_imap.inc before patching. Using patch that comes with gentoo, it patched fine with fuzz.
I tested this patch on trunk and on the stable release 0.1.1. I have noticed that PHP is slow on calling methods statically, so the iteration will be a bit faster than the recursion. :D
Please let me know,
David
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/WA/DcyDmMrV/against-1732.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
List info: http://lists.roundcube.net/dev/
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/uA/SQpiP4oL/against-1732.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
Hi David,
I just applied your patch to the trunk. It worked fine with my sample messages.
Thanks!
~Thomas
David Lublink wrote:
Hey,
Here is the proper patch. I tested it more this time.
It allows me to load my inbox and view the questionable message.
David Lublink
[...]
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/uA/SQpiP4oL/against-1732.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/