From 671f896c0b6aef37fd57c6fb702275d8ad6bade0 Mon Sep 17 00:00:00 2001
From: Jiri Hruska <jirka@fud.cz>
Date: Sun, 24 Feb 2013 14:54:25 +0100
Subject: imap: Added stricter parsing of continuation responses

Enhanced the parsing to only allow continuation responses in some
states.
---
 lib/imap.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'lib/imap.c')

diff --git a/lib/imap.c b/lib/imap.c
index 7d978b634..d135ba916 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -356,7 +356,25 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
   /* Do we have a continuation response? */
   if((len == 3 && !memcmp("+", line, 1)) ||
      (len >= 2 && !memcmp("+ ", line, 2))) {
-    *resp = '+';
+    switch(imapc->state) {
+      /* States which are interested in continuation responses */
+      case IMAP_AUTHENTICATE_PLAIN:
+      case IMAP_AUTHENTICATE_LOGIN:
+      case IMAP_AUTHENTICATE_LOGIN_PASSWD:
+      case IMAP_AUTHENTICATE_CRAMMD5:
+      case IMAP_AUTHENTICATE_DIGESTMD5:
+      case IMAP_AUTHENTICATE_DIGESTMD5_RESP:
+      case IMAP_AUTHENTICATE_NTLM:
+      case IMAP_AUTHENTICATE_NTLM_TYPE2MSG:
+      case IMAP_AUTHENTICATE:
+        *resp = '+';
+        break;
+
+      default:
+        failf(conn->data, "Unexpected continuation response");
+        *resp = -1;
+        break;
+    }
 
     return TRUE;
   }
-- 
cgit v1.2.3