Fix possible IMAP command injection vulnerability (#6229)

[CVE-2018-9846]
release-1.2
Thomas Bruederli 7 years ago
parent 8e7c2f61a3
commit cdeb6234a2

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail CHANGELOG Roundcube Webmail
=========================== ===========================
- Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
- Fix security issue in remote content blocking on HTML image and style tags (#6178) - Fix security issue in remote content blocking on HTML image and style tags (#6178)
RELEASE 1.2.7 RELEASE 1.2.7

@ -3836,13 +3836,13 @@ class rcube_imap_generic
if (!is_array($messages)) { if (!is_array($messages)) {
// if less than 255 bytes long, let's not bother // if less than 255 bytes long, let's not bother
if (!$force && strlen($messages)<255) { if (!$force && strlen($messages) < 255) {
return $messages; return preg_match('/[^0-9:,]/', $messages) ? 'INVALID' : $messages;
} }
// see if it's already been compressed // see if it's already been compressed
if (strpos($messages, ':') !== false) { if (strpos($messages, ':') !== false) {
return $messages; return preg_match('/[^0-9:,]/', $messages) ? 'INVALID' : $messages;
} }
// separate, then sort // separate, then sort
@ -3877,7 +3877,9 @@ class rcube_imap_generic
} }
// return as comma separated string // return as comma separated string
return implode(',', $result); $result = implode(',', $result);
return preg_match('/[^0-9:,]/', $result) ? 'INVALID' : $result;
} }
/** /**

Loading…
Cancel
Save