IMAP: detect infinite loop on the client side

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1665 3d1905a2-6b24-0410-a738-b14d5a86fcbd
2024-12-13 03:02:22 -05:00 · 2011-04-13 10:45:51 +00:00 · 2011-04-13 10:45:51 +00:00 · e81f0c3f91
commit e81f0c3f91
parent 31214b1be2
1 changed files with 34 additions and 0 deletions
--- a/src/java/davmail/imap/ImapConnection.java
+++ b/src/java/davmail/imap/ImapConnection.java
@ -92,6 +92,9 @@ public class ImapConnection extends AbstractConnection {
                tokens = new IMAPTokenizer(line);
                if (tokens.hasMoreTokens()) {
                    commandId = tokens.nextToken();
+
+                    checkInfiniteLoop(line);
+                    
                    if (tokens.hasMoreTokens()) {
                        String command = tokens.nextToken();

@ -209,6 +212,7 @@ public class ImapConnection extends AbstractConnection {
                                    }
                                } else if ("select".equalsIgnoreCase(command) || "examine".equalsIgnoreCase(command)) {
                                    if (tokens.hasMoreTokens()) {
+                                        @SuppressWarnings({"NonConstantStringShouldBeStringBuffer"})
                                        String folderName = BASE64MailboxDecoder.decode(tokens.nextToken());
                                        if (baseMailboxPath != null && !folderName.startsWith("/")) {
                                            folderName = baseMailboxPath + folderName;
@ -613,6 +617,36 @@ public class ImapConnection extends AbstractConnection {
        DavGatewayTray.resetIcon();
    }

+    protected String lastCommand;
+    protected int lastCommandCount;
+
+    /**
+     * Detect infinite loop on the client side.
+     * @param line IMAP command line
+     * @throws IOException on infinite loop
+     */
+    protected void checkInfiniteLoop(String line) throws IOException {
+        int spaceIndex = line.indexOf(' ');
+        if (spaceIndex < 0) {
+            // invalid command line, reset
+            lastCommand = null;
+            lastCommandCount = 0;
+        } else {
+            String command = line.substring(spaceIndex);
+            if (command.equals(lastCommand)) {
+                lastCommandCount++;
+                if (lastCommandCount > 100 && !"NOOP".equalsIgnoreCase(lastCommand)) {
+                    // more than a hundred times the same command => this is a client infinite loop, close connection
+                    throw new IOException("Infinite loop on command "+command+" detected");
+                }
+            } else {
+                // new command, reset
+                lastCommand = command;
+                lastCommandCount = 0;
+            }
+        }
+    }
+
    /**
     * Detect shared mailbox access.
     * see http://msexchangeteam.com/archive/2004/03/31/105275.aspx