diff options
| -rw-r--r-- | pop3.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -579,8 +579,9 @@ static int pop3_getsizes(int sock, int count, int *sizes) else if (sscanf(buf, "%u %u", &num, &size) == 2) { if (num > 0 && num <= count) sizes[num - 1] = size; - /* else, strict: protocol error, flexible: nothing - * I vote for flexible. */ + else + /* warn about possible attempt to induce buffer overrun */ + report(stderr, "Warning: ignoring bogus data for message sizes returned by server.\n"); } } |