From 30f10bfe1685c18fa43f64603e1989355dc9b665 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Mon, 24 Sep 2012 10:03:34 +0200 Subject: Added request size limits detection and script corruption prevention (#1488648) --- plugins/managesieve/Changelog | 1 + plugins/managesieve/managesieve.php | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) (limited to 'plugins/managesieve') diff --git a/plugins/managesieve/Changelog b/plugins/managesieve/Changelog index a1dd7e0ca..c0428c4fc 100644 --- a/plugins/managesieve/Changelog +++ b/plugins/managesieve/Changelog @@ -1,6 +1,7 @@ - Fixed issue with DBMail bug [http://pear.php.net/bugs/bug.php?id=19077] (#1488594) - Added support for enotify/notify (RFC5435, RFC5436, draft-ietf-sieve-notify-00) - Change default port to 4190 (IANA-allocated), add port auto-detection (#1488713) +- Added request size limits detection and script corruption prevention (#1488648) * version 5.2 [2012-07-24] ----------------------------------------------------------- diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php index 0ddeba542..7282ff2e0 100644 --- a/plugins/managesieve/managesieve.php +++ b/plugins/managesieve/managesieve.php @@ -530,9 +530,37 @@ class managesieve extends rcube_plugin // Init plugin and handle managesieve connection $error = $this->managesieve_start(); - // filters set add action - if (!empty($_POST['_newset'])) { + // get request size limits (#1488648) + $max_post = max(array( + ini_get('max_input_vars'), + ini_get('suhosin.request.max_vars'), + ini_get('suhosin.post.max_vars'), + )); + $max_depth = max(array( + ini_get('suhosin.request.max_array_depth'), + ini_get('suhosin.post.max_array_depth'), + )); + // check request size limit + if ($max_post && count($_POST, COUNT_RECURSIVE) >= $max_post) { + rcube::raise_error(array( + 'code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Request size limit exceeded (one of max_input_vars/suhosin.request.max_vars/suhosin.post.max_vars)" + ), true, false); + $this->rc->output->show_message('managesieve.filtersaveerror', 'error'); + } + // check request depth limits + else if ($max_depth && count($_POST['_header']) > $max_depth) { + rcube::raise_error(array( + 'code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => "Request size limit exceeded (one of suhosin.request.max_array_depth/suhosin.post.max_array_depth)" + ), true, false); + $this->rc->output->show_message('managesieve.filtersaveerror', 'error'); + } + // filters set add action + else if (!empty($_POST['_newset'])) { $name = get_input_value('_name', RCUBE_INPUT_POST, true); $copy = get_input_value('_copy', RCUBE_INPUT_POST, true); $from = get_input_value('_from', RCUBE_INPUT_POST); -- cgit v1.2.3