HMH's security check.

author Eric S. Raymond <esr@thyrsus.com>

Sun, 23 Sep 2001 05:19:04 +0000 (05:19 -0000)

committer Eric S. Raymond <esr@thyrsus.com>

Sun, 23 Sep 2001 05:19:04 +0000 (05:19 -0000)
author Eric S. Raymond <esr@thyrsus.com>
Sun, 23 Sep 2001 05:19:04 +0000 (05:19 -0000)
committer Eric S. Raymond <esr@thyrsus.com>
Sun, 23 Sep 2001 05:19:04 +0000 (05:19 -0000)
diff --git a/pop3.c b/pop3.c

index f0d685c4824cbd339edabdbf2c580b01c95a3b49..36173b4d46e87084979d464efa56ac9744e0262c 100644 (file)
--- a/pop3.c
+++ b/pop3.c
@@ -579,8 +579,9 @@ static int pop3_getsizes(int sock, int count, int *sizes)
             else if (sscanf(buf, "%u %u", &num, &size) == 2) {
                 if (num > 0 && num <= count)
                     sizes[num - 1] = size;
-               /* else, strict: protocol error, flexible: nothing
-                * I vote for flexible. */
+               else
+                   /* warn about possible attempt to induce buffer overrun */
+                   report(stderr, "Warning: ignoring bogus data for message sizes returned by server.\n");
             }
         }
author	Eric S. Raymond <esr@thyrsus.com>
	Sun, 23 Sep 2001 05:19:04 +0000 (05:19 -0000)
committer	Eric S. Raymond <esr@thyrsus.com>
	Sun, 23 Sep 2001 05:19:04 +0000 (05:19 -0000)