I spoke to soon, there is a small bug in this patch. I'll fix it and
send the updated patch.
David Lublink wrote:
> Hello,
>
> I received an email today with 232 emails listed in the To: header.
> Most of them had accents in the names so there was about 200 encoding
> emails in the To: header. The method responsable for this is
> decode_mime_string() and is recursive. My server stops recursion at
> the 150th level. So the email caused PHP to crash and a blank page to
> be shown.
>
> I wrote the following patch against revision 1732 which will resolve
> the issue. I changed the recursion for iteration :
>
> Index: program/include/rcube_imap.php
> ===================================================================
> --- program/include/rcube_imap.php (revision 1732)
> +++ program/include/rcube_imap.php (working copy)
> @@ -2416,9 +2416,10 @@
> function decode_mime_string($input, $fallback=null)
> {
> $out = '';
> + $work = $input;
>
> - $pos = strpos($input, '=?');
> - if ($pos !== false)
> + // Iterate instead of recursing, this way if there are too many
> values we don't have stack overflows
> + while( strpos($work, '=?') )
> {
> // rfc: all line breaks or other characters not found //
> in the Base64 Alphabet must be ignored by decoding software
> @@ -2436,7 +2437,7 @@
> $rest = substr($input, $end_pos+2);
>
> $out .= rcube_imap::_decode_mime_string_part($encstr);
> - $out .= rcube_imap::decode_mime_string($rest, $fallback);
> + $work = $rest;
>
> return $out;
> }
>
> Please include this into trunk of round cube. Additionally, it would
> be nice if you patched this to the stable version. To patch this to
> the stable version, you'll want to change rcube_imap.php to
> rcube_imap.inc before patching. Using patch that comes with gentoo, it
> patched fine with fuzz.
>
> I tested this patch on trunk and on the stable release 0.1.1. I have
> noticed that PHP is slow on calling methods statically, so the
> iteration will be a bit faster than the recursion. :D
>
> Please let me know,
>
> David
>
>
>
>
>
>
>
>
>
> --- 8< --- detachments --- 8< ---
> The following attachments have been detached and are available for
> viewing.
> http://detached.gigo.com/rc/WA/DcyDmMrV/against-1732.patch
> Only click these links if you trust the sender, as well as this message.
> --- 8< --- detachments --- 8< ---
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> List info: http://lists.roundcube.net/dev/
>
_______________________________________________
List info: http://lists.roundcube.net/dev/
