summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2012-09-24 10:03:34 +0200
committerAleksander Machniak <alec@alec.pl>2012-09-24 10:03:34 +0200
commit30f10bfe1685c18fa43f64603e1989355dc9b665 (patch)
tree8af7ab73959b5fb84cf9039f87896a950baa66d5
parentbbbb2b1ce5b1dd71b5d2b9189f8e25dd596560b7 (diff)
Added request size limits detection and script corruption prevention (#1488648)
-rw-r--r--plugins/managesieve/Changelog1
-rw-r--r--plugins/managesieve/managesieve.php32
2 files changed, 31 insertions, 2 deletions
diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog
index a1dd7e0ca..c0428c4fc 100644
--- a/plugins/managesieve/Changelog
+++ b/plugins/managesieve/Changelog
@@ -1,6 +1,7 @@
- Fixed issue with DBMail bug [http://pear.php.net/bugs/bug.php?id=19077] (#1488594)
- Added support for enotify/notify (RFC5435, RFC5436, draft-ietf-sieve-notify-00)
- Change default port to 4190 (IANA-allocated), add port auto-detection (#1488713)
+- Added request size limits detection and script corruption prevention (#1488648)
* version 5.2 [2012-07-24]
-----------------------------------------------------------
diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index 0ddeba542..7282ff2e0 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -530,9 +530,37 @@ class managesieve extends rcube_plugin
// Init plugin and handle managesieve connection
$error = $this->managesieve_start();
- // filters set add action
- if (!empty($_POST['_newset'])) {
+ // get request size limits (#1488648)
+ $max_post = max(array(
+ ini_get('max_input_vars'),
+ ini_get('suhosin.request.max_vars'),
+ ini_get('suhosin.post.max_vars'),
+ ));
+ $max_depth = max(array(
+ ini_get('suhosin.request.max_array_depth'),
+ ini_get('suhosin.post.max_array_depth'),
+ ));
+ // check request size limit
+ if ($max_post && count($_POST, COUNT_RECURSIVE) >= $max_post) {
+ rcube::raise_error(array(
+ 'code' => 500, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Request size limit exceeded (one of max_input_vars/suhosin.request.max_vars/suhosin.post.max_vars)"
+ ), true, false);
+ $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+ }
+ // check request depth limits
+ else if ($max_depth && count($_POST['_header']) > $max_depth) {
+ rcube::raise_error(array(
+ 'code' => 500, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Request size limit exceeded (one of suhosin.request.max_array_depth/suhosin.post.max_array_depth)"
+ ), true, false);
+ $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+ }
+ // filters set add action
+ else if (!empty($_POST['_newset'])) {
$name = get_input_value('_name', RCUBE_INPUT_POST, true);
$copy = get_input_value('_copy', RCUBE_INPUT_POST, true);
$from = get_input_value('_from', RCUBE_INPUT_POST);