commit 18bfc8f2d7bb707c65065760d2dd134e5cf110ff
author Steve Holme <steve_holme@hotmail.com> Sun Apr 28 12:20:14 2013 +0100
committer Steve Holme <steve_holme@hotmail.com> Sun Apr 28 12:26:11 2013 +0100
tree 92e5269cb3a92495f7855a10bbe29c6c58dbf32d
parent 945246988d634f3eadf81efbd88b6d56461c486b

pop3: Added 255 octet limit check when sending initial response

Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.

lib/pop3.c

diff --git a/lib/pop3.c b/lib/pop3.c
index 339d6e4..bace72a 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -629,7 +629,8 @@
 
   if(mech && (pop3c->preftype & POP3_TYPE_SASL)) {
     /* Perform SASL based authentication */
-    if(initresp) {
+    if(initresp &&
+       8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
       result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
 
       if(!result)