Fix slice range panics in the POP3 USER and PASS commands.

diff --git a/pop3/conn.go b/pop3/conn.go
index 1eecd0a4f2bc09eec79207ae6c509760fecd590b..b1df280f45ab12091b0d00943b2fcdd6c9cc64a8 100644 (file)
--- a/pop3/conn.go
+++ b/pop3/conn.go
@@ -133,7 +133,13 @@ func (conn *connection) doUSER() {
                return
        }
 
-       conn.user = conn.line[len("USER "):]
+       cmd := len("USER ")
+       if len(conn.line) < cmd {
+               conn.err("invalid user")
+               return
+       }
+
+       conn.user = conn.line[cmd:]
        conn.ok("")
 }
 
@@ -148,7 +154,13 @@ func (conn *connection) doPASS() {
                return
        }
 
-       pass := conn.line[len("PASS "):]
+       cmd := len("PASS ")
+       if len(conn.line) < cmd {
+               conn.err("invalid pass")
+               return
+       }
+
+       pass := conn.line[cmd:]
        if mbox, err := conn.po.OpenMailbox(conn.user, pass); err == nil {
                conn.log.Info("authenticated", zap.String("user", conn.user))
                conn.state = stateTxn

diff --git a/pop3/conn_test.go b/pop3/conn_test.go
index f70cf2bfb9a9c1061d09db7a041d168f992c9efe..31baad9ebe6a4d8dd0f302d16ceb1c59db9d58f5 100644 (file)
--- a/pop3/conn_test.go
+++ b/pop3/conn_test.go
@@ -242,6 +242,9 @@ func TestAuthStates(t *testing.T) {
                {"NOOP", responseOK},
                {"USER bad", responseOK},
                {"PASS bad", responseERR},
+               {"USER", responseERR},
+               {"USER x", responseOK},
+               {"PASS", responseERR},
                {"LIST", responseERR},
                {"USER u", responseOK},
                {"PASS bad", responseERR},