From: Steve Holme <steve_holme@hotmail.com>
Date: Sat, 9 Feb 2013 17:17:02 +0000 (+0000)
Subject: pop3: Fixed SASL authentication capability detection
X-Git-Tag: curl-7_30_0~388
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fd52530b50baf8e1d21cb081a3a4bb9f25feeec1;p=thirdparty%2Fcurl.git

pop3: Fixed SASL authentication capability detection

Fixed the SASL capability detection to include the space character
before the authentication mechanism list. Otherwise a capability such
as SASLSOMETHING would be interpreted as enabling SASL and potentially
trying to identify SOMETHING as a mechanism.
---

diff --git a/lib/pop3.c b/lib/pop3.c
index a29b96f9fa..8c2c9bb5a6 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -269,12 +269,12 @@ static int pop3_endofresp(struct pingpong *pp, int *resp)
       pop3c->authtypes |= POP3_TYPE_APOP;
 
     /* Does the server support SASL based authentication? */
-    else if(len >= 4 && !memcmp(line, "SASL", 4)) {
+    else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
       pop3c->authtypes |= POP3_TYPE_SASL;
 
       /* Advance past the SASL keyword */
-      line += 4;
-      len -= 4;
+      line += 5;
+      len -= 5;
 
       /* Loop through the data line */
       for(;;) {