return
}
- conn.user = conn.line[len("USER "):]
+ cmd := len("USER ")
+ if len(conn.line) < cmd {
+ conn.err("invalid user")
+ return
+ }
+
+ conn.user = conn.line[cmd:]
conn.ok("")
}
return
}
- pass := conn.line[len("PASS "):]
+ cmd := len("PASS ")
+ if len(conn.line) < cmd {
+ conn.err("invalid pass")
+ return
+ }
+
+ pass := conn.line[cmd:]
if mbox, err := conn.po.OpenMailbox(conn.user, pass); err == nil {
conn.log.Info("authenticated", zap.String("user", conn.user))
conn.state = stateTxn
{"NOOP", responseOK},
{"USER bad", responseOK},
{"PASS bad", responseERR},
+ {"USER", responseERR},
+ {"USER x", responseOK},
+ {"PASS", responseERR},
{"LIST", responseERR},
{"USER u", responseOK},
{"PASS bad", responseERR},