projects / dovecot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 64c2b60) | patch
[PATCH] lib-sieve: Enforce CPU time limit within :contains and :matches matcher loops
authorTimo Sirainen <timo.sirainen@open-xchange.com>
Sun, 19 Apr 2026 23:10:29 +0000 (23:10 +0000)
committerNoah Meyerhans <noahm@debian.org>
Mon, 18 May 2026 20:03:51 +0000 (16:03 -0400)
commit84687ae3ecb8efe0e21bd8be655b53b77122a56b
tree29f0d3d72cc2bcb044868c3759d80a66fe8602eatree | snapshot
parent64c2b60ad3b3040528e1775d1e21f4f4daba0759commit | diff
[PATCH] lib-sieve: Enforce CPU time limit within :contains and :matches matcher loops

The naive O(N*M) substring search in mcht-contains.c and the naive find loop
in mcht-matches.c can run for hours on a large value (e.g. a message body),
completely bypassing sieve_max_cpu_time because that limit was only checked
between bytecode operations.

Expose the active CPU limit via sieve_runtime_cpu_limit_exceeded() and poll
it every 4096 inner iterations. When the limit is hit the match returns
SIEVE_EXEC_RESOURCE_LIMIT, matching the existing behavior at the bytecode
boundary. This is a minimal safety net ahead of switching the matchers to
algorithms that do not require it.

Gbp-Pq: Name CVE-2026-40016.patch
pigeonhole/src/lib-sieve/mcht-contains.c diff | blob | history
pigeonhole/src/lib-sieve/mcht-matches.c diff | blob | history
pigeonhole/src/lib-sieve/sieve-interpreter.c diff | blob | history
pigeonhole/src/lib-sieve/sieve-interpreter.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.