Closed ScottPeterJohnson closed 1 month ago
Consider the following malformed (simplified) Sieve script, from a user who forgot to use the "text:" prefix:
vacation :subject "" :from "" <a href="https://test.org/">test</a>
This will cause an infinite loop due to the following line: https://github.com/roundcube/roundcubemail/blob/df057fa093a3550e3ee2ccdda555b3cc5bda95d8/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php#L1309
Which in the case of the next character not being a *, never advances the parsing position. A simple solution is to make the error case a few lines below also apply if the next character is not a star.
No response
v8.1
v1.6.7
Fixed.
alecpl
commented
1 month ago
Prerequisites
Describe the issue
Consider the following malformed (simplified) Sieve script, from a user who forgot to use the "text:" prefix:
This will cause an infinite loop due to the following line: https://github.com/roundcube/roundcubemail/blob/df057fa093a3550e3ee2ccdda555b3cc5bda95d8/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php#L1309
Which in the case of the next character not being a *, never advances the parsing position. A simple solution is to make the error case a few lines below also apply if the next character is not a star.
What browser(s) are you seeing the problem on?
No response
What version of PHP are you using?
v8.1
What version of Roundcube are you using?
v1.6.7
JavaScript errors
No response
PHP errors
No response