From db1d72d825c1eab2419befb797acfaf0a36a277b Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Sat, 24 Apr 2010 04:05:16 +0200
Subject: Validate STAT response more strictly.

---
 pop3.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pop3.c b/pop3.c
index 0cf58da7..b1f9621c 100644
--- a/pop3.c
+++ b/pop3.c
@@ -1009,9 +1009,13 @@ static int pop3_getrange(int sock,
     /* get the total message count */
     gen_send(sock, "STAT");
     ok = pop3_ok(sock, buf);
-    if (ok == 0)
-	sscanf(buf,"%d %d", countp, bytes);
-    else
+    if (ok == 0) {
+	int asgn;
+
+	asgn = sscanf(buf,"%d %d", countp, bytes);
+	if (asgn != 2)
+		return PS_PROTOCOL;
+    } else
 	return(ok);
 
     /*
-- 
cgit v1.2.3