From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 8 Jul 2020 05:55:31 +0000 (+0300)
Subject: pop3-login: Read command more carefully
X-Git-Tag: 2.3.11.2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=98e3565e993e6cd3339244ea9e665ab1b76eed90;p=thirdparty%2Fdovecot%2Fcore.git

pop3-login: Read command more carefully

Ensure we don't consume '\n' or '\0' when reading command, but
that we consume '\r' otherwise i_stream_read_next_line won't work properly.
---

diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c
index 1cef4cc4eb..a17bdb2e77 100644
--- a/src/pop3-login/client.c
+++ b/src/pop3-login/client.c
@@ -18,8 +18,11 @@
 #include "pop3-proxy.h"
 #include "pop3-login-settings.h"
 
+#include <ctype.h>
+
 /* Disconnect client when it sends too many bad commands */
 #define CLIENT_MAX_BAD_COMMANDS 3
+#define CLIENT_MAX_CMD_LEN 8
 
 static bool cmd_stls(struct pop3_client *client)
 {
@@ -88,7 +91,6 @@ static bool cmd_xclient(struct pop3_client *client, const char *args)
 static bool client_command_execute(struct pop3_client *client, const char *cmd,
 				   const char *args)
 {
-	cmd = t_str_ucase(cmd);
 	if (strcmp(cmd, "CAPA") == 0)
 		return cmd_capa(client, args);
 	if (strcmp(cmd, "USER") == 0)
@@ -142,16 +144,21 @@ static bool client_read_cmd_name(struct client *client, const char **cmd_r)
 {
 	const unsigned char *data;
 	size_t size, i;
+	string_t *cmd = t_str_new(CLIENT_MAX_CMD_LEN);
 	if (i_stream_read_more(client->input, &data, &size) <= 0)
 		return FALSE;
 	for(i = 0; i < size; i++) {
+		if (data[i] == '\r') continue;
 		if (data[i] == ' ' ||
-		    data[i] == '\r' ||
-		    data[i] == '\n') {
-			*cmd_r = t_str_ucase(t_strndup(data, i));
-			i_stream_skip(client->input, i+1);
+		    data[i] == '\n' ||
+		    data[i] == '\0' ||
+		    i >= CLIENT_MAX_CMD_LEN) {
+			*cmd_r = str_c(cmd);
+			/* only skip ws */
+			i_stream_skip(client->input, i + (data[i] == ' ' ? 1 : 0));
 			return TRUE;
 		}
+		str_append_c(cmd, i_toupper(data[i]));
 	}
 	return FALSE;
 }