diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 2001-09-23 05:19:04 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 2001-09-23 05:19:04 +0000 |
| commit | 1413aace7c9fe0ddfc6b175c8dc703ec1c4dc01c (patch) | |
| tree | e246c24bb12b77ba8e097dc8ca93b0589f077dc7 /pop3.c | |
| parent | 1e33dd8561d58aa38c080c0d419db3d6e33a3c7b (diff) | |
| download | fetchmail-1413aace7c9fe0ddfc6b175c8dc703ec1c4dc01c.tar.gz fetchmail-1413aace7c9fe0ddfc6b175c8dc703ec1c4dc01c.tar.bz2 fetchmail-1413aace7c9fe0ddfc6b175c8dc703ec1c4dc01c.zip | |
HMH's security check.
svn path=/trunk/; revision=3468
Diffstat (limited to 'pop3.c')
| -rw-r--r-- | pop3.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -579,8 +579,9 @@ static int pop3_getsizes(int sock, int count, int *sizes) else if (sscanf(buf, "%u %u", &num, &size) == 2) { if (num > 0 && num <= count) sizes[num - 1] = size; - /* else, strict: protocol error, flexible: nothing - * I vote for flexible. */ + else + /* warn about possible attempt to induce buffer overrun */ + report(stderr, "Warning: ignoring bogus data for message sizes returned by server.\n"); } } |