ZP-594 Limit the amount of loops when reading data. Released under

the Affero GNU General Public License (AGPL) version 3.

ZP-594 Limit the amount of loops when reading data. Released under
the Affero GNU General Public License (AGPL) version 3.
1d29ee14 · Sebastian Kummer · 57704dea · 1d29ee14 · 1d29ee14 · 1d29ee14
Commit 1d29ee14 authored Sep 07, 2015 by Sebastian Kummer
9 changed files
--- a/src/lib/core/streamer.php
+++ b/src/lib/core/streamer.php
@@ -12,7 +12,7 @@
 *
 * Created   :   01.10.2007
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -88,7 +88,8 @@ class Streamer implements Serializable {
     * @access public
     */
    public function Decode(&$decoder) {
-        while(1) {
+        WBXMLDecoder::ResetInWhile("decodeMain");
+        while(WBXMLDecoder::InWhile("decodeMain")) {
            $entity = $decoder->getElement();

            if($entity[EN_TYPE] == EN_TYPE_STARTTAG) {
@@ -119,7 +120,8 @@ class Streamer implements Serializable {

                    // Handle an array
                    if(isset($map[self::STREAMER_ARRAY])) {
-                        while(1) {
+                        WBXMLDecoder::ResetInWhile("decodeArray");
+                        while(WBXMLDecoder::InWhile("decodeArray")) {
                            //do not get start tag for an array without a container
                            if (!(isset($map[self::STREAMER_PROP]) && $map[self::STREAMER_PROP] == self::STREAMER_TYPE_NO_CONTAINER)) {
                                if(!$decoder->getElementStartTag($map[self::STREAMER_ARRAY]))

--- a/src/lib/request/foldersync.php
+++ b/src/lib/request/foldersync.php
@@ -6,7 +6,7 @@
 *
 * Created   :   16.02.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -113,7 +113,8 @@ class FolderSync extends RequestProcessor {
                return false;

            $importer = false;
-            while(1) {
+            WBXMLDecoder::ResetInWhile("folderSyncIncomingChange");
+            while(WBXMLDecoder::InWhile("folderSyncIncomingChange")) {
                $folder = new SyncFolder();
                if(!$folder->Decode(self::$decoder))
                    break;

--- a/src/lib/request/getitemestimate.php
+++ b/src/lib/request/getitemestimate.php
@@ -6,7 +6,7 @@
 *
 * Created   :   16.02.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -114,7 +114,8 @@ class GetItemEstimate extends RequestProcessor {
                }

                while(self::$decoder->getElementStartTag(SYNC_OPTIONS)) {
-                    while(1) {
+                    WBXMLDecoder::ResetInWhile("getItemEstimateOptions");
+                    while(WBXMLDecoder::InWhile("getItemEstimateOptions")) {
                        $firstOption = true;
                        // foldertype definition
                        if(self::$decoder->getElementStartTag(SYNC_FOLDERTYPE)) {

--- a/src/lib/request/itemoperations.php
+++ b/src/lib/request/itemoperations.php
@@ -6,7 +6,7 @@
 *
 * Created   :   16.02.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -91,7 +91,8 @@ class ItemOperations extends RequestProcessor {
            }

            // process operation
-            while(1) {
+            WBXMLDecoder::ResetInWhile("itemOperationsOperation");
+            while(WBXMLDecoder::InWhile("itemOperationsOperation")) {
                if ($fetch) {
                    if(self::$decoder->getElementStartTag(SYNC_ITEMOPERATIONS_STORE)) {
                        $operation['store'] = self::$decoder->getElementContent();
@@ -134,7 +135,8 @@ class ItemOperations extends RequestProcessor {

                        // Save all OPTIONS into a ContentParameters object
                        $operation["cpo"] = new ContentParameters();
-                        while(1) {
+                        WBXMLDecoder::ResetInWhile("itemOperationsOptions");
+                        while(WBXMLDecoder::InWhile("itemOperationsOptions")) {
                            while (self::$decoder->getElementStartTag(SYNC_AIRSYNCBASE_BODYPREFERENCE)) {
                                if(self::$decoder->getElementStartTag(SYNC_AIRSYNCBASE_TYPE)) {
                                    $bptype = self::$decoder->getElementContent();

--- a/src/lib/request/meetingresponse.php
+++ b/src/lib/request/meetingresponse.php
@@ -6,7 +6,7 @@
 *
 * Created   :   16.02.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -59,7 +59,8 @@ class MeetingResponse extends RequestProcessor {

        while(self::$decoder->getElementStartTag(SYNC_MEETINGRESPONSE_REQUEST)) {
            $req = Array();
-            while(1) {
+            WBXMLDecoder::ResetInWhile("meetingResponseRequest");
+            while(WBXMLDecoder::InWhile("meetingResponseRequest")) {
                if(self::$decoder->getElementStartTag(SYNC_MEETINGRESPONSE_USERRESPONSE)) {
                    $req["response"] = self::$decoder->getElementContent();
                    if(!self::$decoder->getElementEndTag())

--- a/src/lib/request/ping.php
+++ b/src/lib/request/ping.php
@@ -6,7 +6,7 @@
 *
 * Created   :   16.02.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -108,7 +108,8 @@ class Ping extends RequestProcessor {
                    $spa->DelPingableFlag();

                while(self::$decoder->getElementStartTag(SYNC_PING_FOLDER)) {
-                    while(1) {
+                    WBXMLDecoder::ResetInWhile("pingFolder");
+                    while(WBXMLDecoder::InWhile("pingFolder")) {
                        if(self::$decoder->getElementStartTag(SYNC_PING_SERVERENTRYID)) {
                            $folderid = self::$decoder->getElementContent();
                            self::$decoder->getElementEndTag();

--- a/src/lib/request/search.php
+++ b/src/lib/request/search.php
@@ -6,7 +6,7 @@
 *
 * Created   :   16.02.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -194,7 +194,8 @@ class Search extends RequestProcessor {
        }

        if(self::$decoder->getElementStartTag(SYNC_SEARCH_OPTIONS)) {
-            while(1) {
+            WBXMLDecoder::ResetInWhile("searchOptions");
+            while(WBXMLDecoder::InWhile("searchOptions")) {
                if(self::$decoder->getElementStartTag(SYNC_SEARCH_RANGE)) {
                    $searchrange = self::$decoder->getElementContent();
                    $cpo->SetSearchRange($searchrange);

--- a/src/lib/request/sync.php
+++ b/src/lib/request/sync.php
@@ -6,7 +6,7 @@
 *
 * Created   :   16.02.2012
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -193,7 +193,8 @@ class Sync extends RequestProcessor {
                        // unsure if this is the correct approach, or if in this case some default list should be used
                        if ($se[EN_FLAGS] & EN_FLAGS_CONTENT) {
                            $supfields = array();
-                            while(1) {
+                            WBXMLDecoder::ResetInWhile("syncSupported");
+                            while(WBXMLDecoder::InWhile("syncSupported")) {
                                $el = self::$decoder->getElement();

                                if($el[EN_TYPE] == EN_TYPE_ENDTAG)
@@ -261,7 +262,8 @@ class Sync extends RequestProcessor {

                    while(self::$decoder->getElementStartTag(SYNC_OPTIONS)) {
                        $firstOption = true;
-                        while(1) {
+                        WBXMLDecoder::ResetInWhile("syncOptions");
+                        while(WBXMLDecoder::InWhile("syncOptions")) {
                            // foldertype definition
                            if(self::$decoder->getElementStartTag(SYNC_FOLDERTYPE)) {
                                $foldertype = self::$decoder->getElementContent();
@@ -384,7 +386,8 @@ class Sync extends RequestProcessor {
                        $this->importer = false;

                        $nchanges = 0;
-                        while(1) {
+                        WBXMLDecoder::ResetInWhile("syncActions");
+                        while(WBXMLDecoder::InWhile("syncActions")) {
                            // ADD, MODIFY, REMOVE or FETCH
                            $element = self::$decoder->getElement();

@@ -905,7 +908,8 @@ class Sync extends RequestProcessor {
                            self::$encoder->startTag(SYNC_PERFORM);

                            $n = 0;
-                            while(1) {
+                            WBXMLDecoder::ResetInWhile("syncSynchronize");
+                            while(WBXMLDecoder::InWhile("syncSynchronize")) {
                                try {
                                    $progress = $exporter->Synchronize();
                                    if(!is_array($progress))

--- a/src/lib/wbxml/wbxmldecoder.php
+++ b/src/lib/wbxml/wbxmldecoder.php
@@ -6,7 +6,7 @@
 *
 * Created   :   01.10.2007
 *
-* Copyright 2007 - 2013 Zarafa Deutschland GmbH
+* Copyright 2007 - 2015 Zarafa Deutschland GmbH
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
@@ -62,8 +62,47 @@ class WBXMLDecoder extends WBXMLDefs {
    private $inputBuffer = "";
    private $isWBXML = true;

+    static private $loopCounter = array();
+    const MAXLOOP = 5000;
+
    const VERSION = 0x03;

+    /**
+     * Counts the amount of times a code part has been executed.
+     * When being executed too often, the code throws a WBMXLException.
+     *
+     * @access public
+     * @param String $name
+     * @throws WBXMLException
+     * @return boolean
+     */
+    static public function InWhile($name) {
+        if (!isset(self::$loopCounter[$name])) {
+            self::$loopCounter[$name] = 0;
+        }
+        else {
+            self::$loopCounter[$name]++;
+        }
+    
+        if (self::$loopCounter[$name] > self::MAXLOOP) {
+            throw new WBXMLException(sprintf("Loop count in while too high, code '%s' exceeded max. amount of permitted loops", $name));
+        }
+        return true;
+    }
+    
+    /**
+     * Resets the inWhile counter.
+     *
+     * @param String $name
+     * @return boolean
+     */
+    static public function ResetInWhile($name) {
+        if (isset(self::$loopCounter[$name])) {
+            unset(self::$loopCounter[$name]);
+        }
+        return true;
+    }
+
    /**
     * WBXML Decode Constructor
     *
@@ -108,7 +147,8 @@ class WBXMLDecoder extends WBXMLDefs {
            case EN_TYPE_ENDTAG:
                return $element;
            case EN_TYPE_CONTENT:
-                while(1) {
+                WBXMLDecoder::ResetInWhile("decoderGetElement");
+                while(WBXMLDecoder::InWhile("decoderGetElement")) {
                    $next = $this->getToken();
                    if($next == false)
                        return false;
@@ -334,7 +374,8 @@ class WBXMLDecoder extends WBXMLDefs {
        // Get the data from the input stream
        $element = array();

-        while(1) {
+        WBXMLDecoder::ResetInWhile("decoderGetToken");
+        while(WBXMLDecoder::InWhile("decoderGetToken")) {
            $byte = $this->getByte();

            if(!isset($byte))
@@ -441,7 +482,8 @@ class WBXMLDecoder extends WBXMLDefs {
        $attributes = array();
        $attr = "";

-        while(1) {
+        WBXMLDecoder::ResetInWhile("decoderGetAttributes");
+        while(WBXMLDecoder::InWhile("decoderGetAttributes")) {
            $byte = $this->getByte();

            if(count($byte) == 0)