aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2013-04-28 12:20:14 +0100
committerSteve Holme <steve_holme@hotmail.com>2013-04-28 12:26:11 +0100
commit18bfc8f2d7bb707c65065760d2dd134e5cf110ff (patch)
tree92e5269cb3a92495f7855a10bbe29c6c58dbf32d
parent945246988d634f3eadf81efbd88b6d56461c486b (diff)
pop3: Added 255 octet limit check when sending initial response
Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.
-rw-r--r--lib/pop3.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/pop3.c b/lib/pop3.c
index 339d6e4ee..bace72a11 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -629,7 +629,8 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn)
if(mech && (pop3c->preftype & POP3_TYPE_SASL)) {
/* Perform SASL based authentication */
- if(initresp) {
+ if(initresp &&
+ 8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
if(!result)