pop3: fix CAPA response termination detection

The code was checking if a line starts with '.', which would
incorrectly match capability names starting with dots. Per RFC 2449,
the terminator must be a line containing only a single dot.

RFC 2449 also explicitly excludes '.' from valid capability name
starting characters, so this is purely theoretical, but the code
should match the spec.

Changed to check for exact match: line length of 3 with '.\r' or
length 2 with '.\n' to handle both CRLF and LF-only servers.

(Mistake detected with ZeroPath)

Fixes #19228
Reported-by: Joshua Rogers
Closes #19245
This commit is contained in:
TheBitBrine 2025-10-26 03:15:07 +00:00 committed by Daniel Stenberg
parent b602de775e
commit a49e4e3d16
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2

View file

@ -323,8 +323,10 @@ static bool pop3_endofresp(struct Curl_easy *data, struct connectdata *conn,
/* Are we processing CAPA command responses? */
if(pop3c->state == POP3_CAPA) {
/* Do we have the terminating line? */
if(len >= 1 && line[0] == '.')
/* Do we have the terminating line? Per RFC 2449 this is a line
containing only a single dot */
if((len == 3 && line[0] == '.' && line[1] == '\r') ||
(len == 2 && line[0] == '.' && line[1] == '\n'))
/* Treat the response as a success */
*resp = '+';
else