From: TheBitBrine <blacknomex08@gmail.com>
Date: Sun, 26 Oct 2025 03:15:07 +0000 (+0000)
Subject: pop3: fix CAPA response termination detection
X-Git-Tag: rc-8_17_0-3~16
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a49e4e3d16991465144558f405b2d7972824abb0;p=thirdparty%2Fcurl.git

pop3: fix CAPA response termination detection

The code was checking if a line starts with '.', which would
incorrectly match capability names starting with dots. Per RFC 2449,
the terminator must be a line containing only a single dot.

RFC 2449 also explicitly excludes '.' from valid capability name
starting characters, so this is purely theoretical, but the code
should match the spec.

Changed to check for exact match: line length of 3 with '.\r' or
length 2 with '.\n' to handle both CRLF and LF-only servers.

(Mistake detected with ZeroPath)

Fixes #19228
Reported-by: Joshua Rogers
Closes #19245
---

diff --git a/lib/pop3.c b/lib/pop3.c
index 2fd496cb31..c6b6ed659c 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -323,8 +323,10 @@ static bool pop3_endofresp(struct Curl_easy *data, struct connectdata *conn,
 
   /* Are we processing CAPA command responses? */
   if(pop3c->state == POP3_CAPA) {
-    /* Do we have the terminating line? */
-    if(len >= 1 && line[0] == '.')
+    /* Do we have the terminating line? Per RFC 2449 this is a line
+       containing only a single dot */
+    if((len == 3 && line[0] == '.' && line[1] == '\r') ||
+       (len == 2 && line[0] == '.' && line[1] == '\n'))
       /* Treat the response as a success */
       *resp = '+';
     else