Endless loop in imap.inc

[denver]

My server has courier-imap installed and the latest stable release of roundcube.

I have noticed that when logging in with and invalid e-mail user (eg. sjbdsakashd@…) , roundcube hangs indefinitely and spikes up to 100% CPU and stays there.

After a closer look at function iil_C_Login i see that the while loop waits for a line starting with: "a001" or for $line to be "false" in order to end.

The login string is sent by this line:

iil_PutLine($conn->fp, 'a001 LOGIN "'.iil_Escape($user).'" "'.iil_Escape($password).'"');

and when using a correct login and password, courier-imap returns exactly what the loop needs to end:

# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc.  See COPYING for distribution information.
a001 LOGIN gaby@samfira.com **password**
a001 OK LOGIN Ok.

$line starts with a001 and the loop ends.

However, when using invalid user data, courier-imap hangs for a few seconds and returns:

# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc.  See COPYING for distribution information.
a001 LOGIN sadgjasdgja iasudiasfughs
* BYE Temporary problem, please try again later

It seems that $line returns an EMPTY string and the loop never ends.

In order to stop roundcube from overwhelming my system i had to write in a counter for the while loop that breaks after 1 try. This way after about 20 seconds the loop breaks and an error message is returned to the user.

Valid logins work ok. Im sure there is an easier and cleaner way to do this, but if i can be of any further help, please let me know.

[alec]

Are you sure is this the case? There's

while (!iil_StartsWith($line, 'a001 ', true));

which shoud break the loop on "BYE" response. Please try with current svn-trunk version (and enabled imap_debug').

[denver]

Im not sure if the loop itself is the root of the problem. I tried to output $line to a file to see whats happening, but all i got were empty strings. The problem could be in the iil_ReadReply function.

do {
        $line = iil_ReadReply($conn->fp);
        if ($line === false) {
            break;
        }
    } while (!iil_StartsWith($line, 'a001 ', true));

The iil_ParseResult function returned a -4 code (probably because $line was an empty string).

On invalid user data $line returns empty string. I will try with the svn-trunk version and report back.

[denver]

Same issue with the svn-trunk version. After 120 seconds the process was automatically killed by PHP, but im sure it would have continued to eat up CPU no matter how long it was allowed to execute.

I have attached the imap log to this ticket. If its of any consequence, I'm using Nginx as a web server and PHP fastCGI.

[alec]

I don't know why this isn't working for you. It would be the best if you give me a test account with access to your imap from the Internet. Write to alec at alec.pl.

[denver]

I have sent you an e-mail with login details to a test account and a shell account on the test server.

If there is anything else you might need, feel free to let me know.

[alec]

Fixed in r2814.

[denver]

Awesome response time. Great work guys! You just made alot of CPanel users happy :).