Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

managesieve error when parsing third party scripts #5959

Closed
spoljo opened this issue Sep 19, 2017 · 2 comments
Closed

managesieve error when parsing third party scripts #5959

spoljo opened this issue Sep 19, 2017 · 2 comments
Labels
bug C: Plugins

Comments

@spoljo
Copy link

spoljo commented Sep 19, 2017

I found a managesieve issue in roundcube 1.2.5 and 1.2.6. No issue present in 1.3.1, so it looks like it's fixed there. We had one system we tested on but it is heavily modified version of 1.1.4, it had no issues with sieve.

While setting up roundcube 1.2.5, I have encountered an issue with managesieve plugin in Roundcube. Old setup had some legacy sieve scripts generated with other tools or hand crafted. Issue was manifesting in busy loop that happens in plugins/managesieve/lib/Roundcube/rcube_sieve_script.php that happens when certain conditions are met.

Vacation filter that had some multiple number of '.' (dot characters) in succession. If there is some (I'm not certain from testing is it the number of dots or characters after the dots) of text after it, it will busy loop. Function that busy loops is tokenize($str, $num = 0, &$position = 0), and php kills it after 120s due to php max execution time.

I've done some error_log debugging and looks like it gets stuck with one $position variable without incrementing it when looping over script.

Scripts that I've crafted for testing and reproduction are attached.

Tested with docker images and cyrus-imapd as sieve server. Docker images used for testing are : instrumentisto/roundcube:1.3.1-apache, instrumentisto/roundcube:1.2.6-apache and instrumentisto/roundcube:1.2.5-apache.

Funny thing I noticed, if php races the php max execution time, in some cases the script renders in filter UI, but it breaks the message. Attached example and image.

Steps to reproduce:

  1. insert scripts inside the sieve server, but not trough the web ui
  2. open the roundcube
  3. go to filter and click the inserted scripts
  4. Ajax should hang till roundcube dies with 500

Scripts were checked with sievec if they compile so they should be OK.

Log error that happens:

2017-09-14T11:41:03.699097000Z Sep 14 11:41:03 9d21b681a58e roundcube: PHP Fatal error:  Maximum execution time of 120 seconds exceeded in /app/plugins/managesieve/lib/Roundcube/rcube_sieve_script.php on line 1115

funny_result
HalfBreaks_Roundcube.script.txt
Doesnt_Break_Roundcube.script.txt
Breaks_Roundcube.script.txt
@alecpl
Copy link
Member

alecpl commented Sep 19, 2017

I guess changes from #5838 have to be backported to 1.2.

@alecpl
Copy link
Member

alecpl commented Oct 12, 2017

Done, but I can't say when we'll release the next version in 1.2 line, if any.

@alecpl alecpl closed this as completed Oct 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug C: Plugins
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alecpl @spoljo