Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix regression creating Vbook sources #10

Closed
wants to merge 1 commit into from
Closed

Fix regression creating Vbook sources #10

wants to merge 1 commit into from

Conversation

flang-hrz
Copy link

Fix for creating Vbooks using createFromConfig() in lib/Driver/Vbook.php

@flang-hrz
Copy link
Author

flang-hrz commented Jun 15, 2022
edited

Some background on this issue:

In the current version of Turba (4.2.28) creating a new virtual address book raises an exception: $config must be an array.
If a user already has a virtual address book and tries to open an email from a contact within a virtual address book in dynamic view, the email will not be displayed, instead an error is logged in the console: doActionComplete #<Hash:{}>.
Double clicking said message opens a new windows as intended, but instead of seeing the message, the user gets a fatal error:

A fatal error has occurred

$config must be an array

in /var/www/apps/horde/turba/lib/Factory/Driver.php:55

 1. IMP_Dynamic_Base->__construct() /var/www/apps/horde/imp/dynamic.php:33
 2. IMP_Dynamic_Message->_init() /var/www/apps/horde/imp/lib/Dynamic/Base.php:90
 3. IMP_Ajax_Application_ShowMessage->showMessage() /var/www/apps/horde/imp/lib/Dynamic/Message.php:64
 4. IMP_Contents->getInlineOutput() /var/www/apps/horde/imp/lib/Ajax/Application/ShowMessage.php:296
 5. IMP_Contents->renderMIMEPart() /var/www/apps/horde/imp/lib/Contents.php:1465
 6. Horde_Mime_Viewer_Base->render() /var/www/apps/horde/imp/lib/Contents.php:654
 7. Horde_Mime_Viewer_Base->_renderInline() /usr/share/pear/Horde/Mime/Viewer/Base.php:156
 8. Horde_Mime_Viewer_Base->render() /usr/share/pear/Horde/Mime/Viewer/Base.php:207
 9. IMP_Mime_Viewer_Smime->_renderInline() /usr/share/pear/Horde/Mime/Viewer/Base.php:156
10. IMP_Mime_Viewer_Smime->_parseSignedData() /var/www/apps/horde/imp/lib/Mime/Viewer/Smime.php:103
11. IMP_Crypt_Smime->getPublicKey() /var/www/apps/horde/imp/lib/Mime/Viewer/Smime.php:322
12. Horde_Registry->call() /var/www/apps/horde/imp/lib/Crypt/Smime.php:226
13. Horde_Registry->callByPackage() /usr/share/pear/Horde/Registry.php:1089
14. call_user_func_array() /usr/share/pear/Horde/Registry.php:1132
15. Turba_Api->getField()
16. Turba::getAvailableEmailFields() /var/www/apps/horde/turba/lib/Api.php:1839
17. Turba_Factory_Driver->create() /var/www/apps/horde/turba/lib/Turba.php:755
18. Turba_Factory_Driver->_create() /var/www/apps/horde/turba/lib/Factory/Driver.php:98
19. Turba_Driver_Vbook->__construct() /var/www/apps/horde/turba/lib/Factory/Driver.php:157
20. Turba_Factory_Driver->createFromConfig() /var/www/apps/horde/turba/lib/Driver/Vbook.php:58

Unfortunately no details are logged.

With this change, it is possible a gain to create a new virtual address book again and to display messages from contacts in a virtual address book.

@bnk2
Copy link

bnk2 commented Jun 16, 2022

We can confirm this issue.
Virtual Addressbook broken by CVE-2022-30287

@mrubinsk
Copy link
Member

This is not the correct fix, but helped point me to the fact that the issue was with virtual address books.

Fixed by e26552a64f46baffc799c5a04af6e89301a14618

@mrubinsk mrubinsk closed this Jun 18, 2022
@flang-hrz flang-hrz deleted the flang-hrz-patch-2 branch June 21, 2022 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@flang-hrz @bnk2 @mrubinsk