pop3: Added 255 octet limit check when sending initial response
Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.
diff --git a/lib/pop3.c b/lib/pop3.c
index 339d6e4..bace72a 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -629,7 +629,8 @@
if(mech && (pop3c->preftype & POP3_TYPE_SASL)) {
/* Perform SASL based authentication */
- if(initresp) {
+ if(initresp &&
+ 8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
if(!result)