[BUGFIX] Prevent infinite loop when trustedProperties validation fails

If the __trustedProperties hidden property of a form is manipulated
or submit as empty, the HMAC validation fails, throwing an exception.

The normal exception handling then tries to forward the request to
the formAction, which itself also validates the HMAC. This leads to an
infinite loop which is only resolved after 100 iterations by throwing
an InfiniteLoopException.

This process takes time, therefore Powermail is vulnerable to DoS
attacks.

The change checks for a BadRequestException from the HMAC validation.
In such a case, a redirect to the (then empty) formAction is
performed and the error is logged.

Resolves: #1293

Author: lorenzulrich

Classes/Controller/FormController.php

@@ -609,6 +609,17 @@ public function processRequest(RequestInterface $request): ResponseInterface
             return parent::processRequest($request);
         } catch (PropagateResponseException $e) {
             return $e->getResponse();
+        } catch (BadRequestException $e) {
+            if (in_array($e->getCode(), [1581862822, 1699604555, 1691267306])) {
+                // If the trustedProperties HMAC can not be validated, we redirect to an empty form because the
+                // request cannot be salvaged and would lead to an infinite loop.
+                $logger = ObjectUtility::getLogger(__CLASS__);
+                $logger->warning('Redirecting to empty form because HMAC validation failed.', [$e->getMessage()]);
+                return $this->redirect('form');
+            }
+            $logger = ObjectUtility::getLogger(__CLASS__);
+            $logger->critical('An error occurred: ', [$e->getMessage()]);
+            return (new ForwardResponse('form'))->withoutArguments();
         } catch (\Exception $e) {
             $logger = ObjectUtility::getLogger(__CLASS__);
             $logger->critical('An error occurred: ', [$e->getMessage()]);