diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2013-04-28 12:20:14 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2013-04-28 12:26:11 +0100 |
| commit | 18bfc8f2d7bb707c65065760d2dd134e5cf110ff (patch) | |
| tree | 92e5269cb3a92495f7855a10bbe29c6c58dbf32d /lib/pop3.c | |
| parent | 945246988d634f3eadf81efbd88b6d56461c486b (diff) | |
pop3: Added 255 octet limit check when sending initial response
Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.
Diffstat (limited to 'lib/pop3.c')
| -rw-r--r-- | lib/pop3.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/pop3.c b/lib/pop3.c index 339d6e4ee..bace72a11 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -629,7 +629,8 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) if(mech && (pop3c->preftype & POP3_TYPE_SASL)) { /* Perform SASL based authentication */ - if(initresp) { + if(initresp && + 8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */ result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp); if(!result) |