moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

pop3: only do APOP with a valid timestamp 

Brought-by: bobmitchell1956 on github
Fixes #3278
Closes #3279
This commit is contained in:
Daniel Stenberg 2018-11-15 17:00:16 +01:00
parent 27e4ac24cd
commit 6d0e487f9f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/pop3.c
View File

@ -629,6 +629,7 @@ static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
if(line[i] == '<') {
/* Calculate the length of the timestamp */
size_t timestamplen = len - 1 - i;
char *at;
if(!timestamplen)
break;
@ -642,8 +643,15 @@ static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
memcpy(pop3c->apoptimestamp, line + i, timestamplen);
pop3c->apoptimestamp[timestamplen] = '\0';
/* Store the APOP capability */
pop3c->authtypes |= POP3_TYPE_APOP;
/* If the timestamp does not contain '@' it is not (as required by
RFC-1939) conformant to the RFC-822 message id syntax, and we
therefore do not use APOP authentication. */
at = strchr(pop3c->apoptimestamp, '@');
if(!at)
Curl_safefree(pop3c->apoptimestamp);
else
/* Store the APOP capability */
pop3c->authtypes |= POP3_TYPE_APOP;
break;
}
}