search

roundcube / roundcubemail

The Roundcube Webmail suite
https://roundcube.net
GNU General Public License v3.0
5.87k stars 1.64k forks source link

managesieve error when parsing third party scripts #5959

Closed spoljo closed 7 years ago

spoljo commented 7 years ago

I found a managesieve issue in roundcube 1.2.5 and 1.2.6. No issue present in 1.3.1, so it looks like it's fixed there. We had one system we tested on but it is heavily modified version of 1.1.4, it had no issues with sieve.

While setting up roundcube 1.2.5, I have encountered an issue with managesieve plugin in Roundcube. Old setup had some legacy sieve scripts generated with other tools or hand crafted. Issue was manifesting in busy loop that happens in plugins/managesieve/lib/Roundcube/rcube_sieve_script.php that happens when certain conditions are met.

Vacation filter that had some multiple number of '.' (dot characters) in succession. If there is some (I'm not certain from testing is it the number of dots or characters after the dots) of text after it, it will busy loop. Function that busy loops is tokenize($str, $num = 0, &$position = 0), and php kills it after 120s due to php max execution time.

I've done some error_log debugging and looks like it gets stuck with one $position variable without incrementing it when looping over script.

Scripts that I've crafted for testing and reproduction are attached.

Tested with docker images and cyrus-imapd as sieve server. Docker images used for testing are : instrumentisto/roundcube:1.3.1-apache, instrumentisto/roundcube:1.2.6-apache and instrumentisto/roundcube:1.2.5-apache.

Funny thing I noticed, if php races the php max execution time, in some cases the script renders in filter UI, but it breaks the message. Attached example and image.

Steps to reproduce: 1) insert scripts inside the sieve server, but not trough the web ui 2) open the roundcube 3) go to filter and click the inserted scripts 4) Ajax should hang till roundcube dies with 500

Scripts were checked with sievec if they compile so they should be OK.

Log error that happens: 

2017-09-14T11:41:03.699097000Z Sep 14 11:41:03 9d21b681a58e roundcube: PHP Fatal error:  Maximum execution time of 120 seconds exceeded in /app/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php on line 1115

funny_result HalfBreaks_Roundcube.script.txt Doesnt_Break_Roundcube.script.txt Breaks_Roundcube.script.txt

alecpl commented 7 years ago

I guess changes from #5838 have to be backported to 1.2.

alecpl commented 7 years ago

Done, but I can't say when we'll release the next version in 1.2 line, if any.