pop3: Added 255 octet limit check when sending initial response

Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.

diff --git a/lib/pop3.c b/lib/pop3.c
index 339d6e4..bace72a 100644 (file)
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -629,7 +629,8 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn)
 
   if(mech && (pop3c->preftype & POP3_TYPE_SASL)) {
     /* Perform SASL based authentication */
-    if(initresp) {
+    if(initresp &&
+       8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
       result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
 
       if(!result)