moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-04 08:35:05 -05:00
Code Issues Releases Wiki Activity

pop3: only do APOP with a valid timestamp

Browse Source 
Brought-by: bobmitchell1956 on github
Fixes #3278
Closes #3279
This commit is contained in:
Daniel Stenberg 2018-11-15 17:00:16 +01:00
parent 27e4ac24cd
commit 6d0e487f9f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/pop3.c
View File

@ -629,6 +629,7 @@ static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
if(line[i] == '<') { if(line[i] == '<') {
/* Calculate the length of the timestamp */ /* Calculate the length of the timestamp */
size_t timestamplen = len - 1 - i; size_t timestamplen = len - 1 - i;
char *at;
if(!timestamplen) if(!timestamplen)
break; break;
@ -642,8 +643,15 @@ static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
memcpy(pop3c->apoptimestamp, line + i, timestamplen); memcpy(pop3c->apoptimestamp, line + i, timestamplen);
pop3c->apoptimestamp[timestamplen] = '\0'; pop3c->apoptimestamp[timestamplen] = '\0';
/* Store the APOP capability */ /* If the timestamp does not contain '@' it is not (as required by
pop3c->authtypes |= POP3_TYPE_APOP; RFC-1939) conformant to the RFC-822 message id syntax, and we
therefore do not use APOP authentication. */
at = strchr(pop3c->apoptimestamp, '@');
if(!at)
Curl_safefree(pop3c->apoptimestamp);
else
/* Store the APOP capability */
pop3c->authtypes |= POP3_TYPE_APOP;
break; break;
} }
} }