From 1413aace7c9fe0ddfc6b175c8dc703ec1c4dc01c Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Sun, 23 Sep 2001 05:19:04 +0000
Subject: HMH's security check.

svn path=/trunk/; revision=3468
---
 pop3.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'pop3.c')

diff --git a/pop3.c b/pop3.c
index f0d685c4..36173b4d 100644
--- a/pop3.c
+++ b/pop3.c
@@ -579,8 +579,9 @@ static int pop3_getsizes(int sock, int count, int *sizes)
 	    else if (sscanf(buf, "%u %u", &num, &size) == 2) {
 		if (num > 0 && num <= count)
 		    sizes[num - 1] = size;
-		/* else, strict: protocol error, flexible: nothing
-		 * I vote for flexible. */
+		else
+		    /* warn about possible attempt to induce buffer overrun */
+		    report(stderr, "Warning: ignoring bogus data for message sizes returned by server.\n");
 	    }
 	}
 
-- 
cgit v1.2.3