- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
authorkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 25 Jun 2007 21:05:56 +0000 (21:05 +0000)
committerkink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 25 Jun 2007 21:05:56 +0000 (21:05 +0000)
thanks James E. Blair

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12477 7612ce4b-ef26-0410-bec9-ea0150e637f0

ChangeLog
functions/imap_general.php

index 0126ccf..32a692d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -200,6 +200,7 @@ Version 1.5.2 - SVN
     charset conversion exploits, and request forgery through included
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
     for reporting these issues. [CVE-2007-1262]
+  - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
index a0db4b4..6011497 100755 (executable)
@@ -466,6 +466,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
                             we prohibid that literal responses appear in the
                             outer loop so we can trust the untagged and
                             tagged info provided by $read */
+                        $read_literal = false;
                         if ($s === "}\r\n") {
                             $j = strrpos($read,'{');
                             $iLit = substr($read,$j+1,-3);
@@ -490,7 +491,9 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
                             if ($read === false) { /* error */
                                 break 4; /* while while switch while */
                             }
-                            $fetch_data[] = $read;
+                            $s = substr($read,-3);
+                            $read_literal = true;
+                            continue;
                         } else {
                             $fetch_data[] = $read;
                         }
@@ -503,7 +506,7 @@ function sqimap_retrieve_imap_response($imap_stream, $tag, $handle_errors,
                         /* check for next untagged reponse and break */
                         if ($read{0} == '*') break 2;
                         $s = substr($read,-3);
-                    } while ($s === "}\r\n");
+                    } while ($s === "}\r\n" || $read_literal);
                     $s = substr($read,-3);
                 } while ($read{0} !== '*' &&
                          substr($read,0,strlen($tag)) !== $tag);