📚 Open-Xchange: A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference

Reproduction realcrash.sieve is the attached script 1. Build dovecot and pigeonhole 2. Run sievec realcrash.sieve Requirements include and variables extensions should be required. One of the global commands (global/export/import) without any arguments should be followed by the same command with valid (string or string list) arguments; Problem During vaildation of parsed script, lib-sieve tries to join arguments of consecutive global commands with the same name (export with export, global with global, import with import) in src/lib-sieve/sieve-ast.c:sieve_ast_stringlist_join. However, we can create a logically wrong export/import/global command with no arguments and during a lookup of this command's argument list lib-sieve will fault. Crash log with ASAN ``` ==19154==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f2a5d0d1564 bp 0x7ffc8e129150 sp 0x7ffc8e129130 T0) ==19154==The signal is caused by a READ memory access. ==19154==Hint: address points to the zero page. #0 0x7f2a5d0d1563 in sieve_ast_stringlist_join /home/rumata888/Documents/Collaboration/Fuzzing/OpenExchnage/pigeonhole/pigeonhole_clean/src/lib-sieve/sieve-ast.c:814 #1 0x7f2a5d17e869 in cmd_global_validate /home/rumata888/Documents/Collaboration/Fuzzing/OpenExchnage/pigeonhole/pigeonhole_clean/src/lib-sieve/plugins/include/cmd-global.c:181 #2 0x7f2a5d0edf9d in sieve_validate_command... ...