mail/popper/files/patch-al


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

*** pop_parse.c.orig	Thu Nov 20 00:20:38 1997
--- pop_parse.c	Mon Jun 29 18:08:45 1998
***************
*** 26,31 ****
--- 26,32 ----
  {
      char            *   mp;
      register int        i;
+     register int        parmlen;
      
      /*  Loop through the POP command array */
      for (mp = buf, i = 0; ; i++) {
***************
*** 45,52 ****
          /*  Point to the start of the token */
          p->pop_parm[i] = mp;
  
          /*  Search for the first space character (end of the token) */
!         while (!isspace(*mp) && *mp) mp++;
  
          /*  Delimit the token with a null */
          if (*mp) *mp++ = 0;
--- 46,75 ----
          /*  Point to the start of the token */
          p->pop_parm[i] = mp;
  
+         /*  Start counting the length of this token */
+         parmlen = 0;
+ 
          /*  Search for the first space character (end of the token) */
!         while (!isspace(*mp) && *mp) {
!             mp++;
!             parmlen++;
!             if (parmlen > MAXPARMLEN) {
!                 /* Truncate parameter to the max. allowable size */
!                 *mp = '\0';
! 
!                 /* Fail with an appropriate message */
!                 if (i == 0) {
!                     pop_msg(p,POP_FAILURE,
!                             "Command \"%s\" (truncated) exceedes maximum permitted size.",
!                             p->pop_command);
!                 } else {
!                     pop_msg(p,POP_FAILURE,
!                             "Argument %d \"%s\" (truncated) exceeds maximum permitted size.",
!                             i, p->pop_parm[i]);
!                 }
!                 return(-1);
!             }
!         }
  
          /*  Delimit the token with a null */
          if (*mp) *mp++ = 0;
***************
*** 64,73 ****
   	  if(p->pop_command[0] == 'p' && strcmp(p->pop_command,"pass") == 0) {
   	    if (*mp != 0) {
   	      p->pop_parm[1] = mp;
!               if (strlen(mp) > 0) {
!                 mp = mp + strlen(mp) - 1;
!                 while (*mp == 0xa || *mp == 0xd) *mp-- = 0;
!               }
   	      return(1);
   	    } else
   	      return (-1);
--- 87,102 ----
   	  if(p->pop_command[0] == 'p' && strcmp(p->pop_command,"pass") == 0) {
   	    if (*mp != 0) {
   	      p->pop_parm[1] = mp;
! 	      mp += strlen(mp) - 1;
! 	      while (*mp == 0xa || *mp == 0xd) *mp-- = 0;
! 	      mp = p->pop_parm[1];
! 	      if (strlen(mp) > MAXPARMLEN) {
! 		mp[MAXPARMLEN] = '\0';
! 		pop_msg(p,POP_FAILURE,
! 			"Password \"%s\" (truncated) exceeds maximum permitted size.",
! 			mp);
! 		return (-1);
! 	      }
   	      return(1);
   	    } else
   	      return (-1);