From 935d09e135efa05b02313fea08794139c8963ec7 Mon Sep 17 00:00:00 2001
From: kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 25 Jun 2007 21:05:56 +0000
Subject: [PATCH] - Fix busy loop and notice when two literals in IMAP fetch
 (#1739433). thanks James E. Blair

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12477 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog                  | 1 +
 functions/imap_general.php | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0126ccfd..32a692dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -200,6 +200,7 @@ Version 1.5.2 - SVN
     charset conversion exploits, and request forgery through included
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
     for reporting these issues. [CVE-2007-1262]
+  - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
diff --git a/functions/imap_general.php b/functions/imap_general.php
index a0db4b45..6011497e 100755
--- a/functions/imap_general.php
+++ b/functions/imap_general.php
@@ -466,6 +466,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
                             we prohibid that literal responses appear in the
                             outer loop so we can trust the untagged and
                             tagged info provided by $read */
+                        $read_literal = false;
                         if ($s === "}\r\n") {
                             $j = strrpos($read,'{');
                             $iLit = substr($read,$j+1,-3);
@@ -490,7 +491,9 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
                             if ($read === false) { /* error */
                                 break 4; /* while while switch while */
                             }
-                            $fetch_data[] = $read;
+                            $s = substr($read,-3);
+                            $read_literal = true;
+                            continue;
                         } else {
                             $fetch_data[] = $read;
                         }
@@ -503,7 +506,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
                         /* check for next untagged reponse and break */
                         if ($read{0} == '*') break 2;
                         $s = substr($read,-3);
-                    } while ($s === "}\r\n");
+                    } while ($s === "}\r\n" || $read_literal);
                     $s = substr($read,-3);
                 } while ($read{0} !== '*' &&
                          substr($read,0,strlen($tag)) !== $tag);
-- 
2.25.1