From b72b957cb405aa4e1a3be2acee1655dc2bc00e1c Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 2 Jan 2017 01:47:32 -0500
Subject: [PATCH] Fix slice range panics in the POP3 USER and PASS commands.

---
 pop3/conn.go      | 16 ++++++++++++++--
 pop3/conn_test.go |  3 +++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/pop3/conn.go b/pop3/conn.go
index 1eecd0a..b1df280 100644
--- a/pop3/conn.go
+++ b/pop3/conn.go
@@ -133,7 +133,13 @@ func (conn *connection) doUSER() {
 		return
 	}
 
-	conn.user = conn.line[len("USER "):]
+	cmd := len("USER ")
+	if len(conn.line) < cmd {
+		conn.err("invalid user")
+		return
+	}
+
+	conn.user = conn.line[cmd:]
 	conn.ok("")
 }
 
@@ -148,7 +154,13 @@ func (conn *connection) doPASS() {
 		return
 	}
 
-	pass := conn.line[len("PASS "):]
+	cmd := len("PASS ")
+	if len(conn.line) < cmd {
+		conn.err("invalid pass")
+		return
+	}
+
+	pass := conn.line[cmd:]
 	if mbox, err := conn.po.OpenMailbox(conn.user, pass); err == nil {
 		conn.log.Info("authenticated", zap.String("user", conn.user))
 		conn.state = stateTxn
diff --git a/pop3/conn_test.go b/pop3/conn_test.go
index f70cf2b..31baad9 100644
--- a/pop3/conn_test.go
+++ b/pop3/conn_test.go
@@ -242,6 +242,9 @@ func TestAuthStates(t *testing.T) {
 		{"NOOP", responseOK},
 		{"USER bad", responseOK},
 		{"PASS bad", responseERR},
+		{"USER", responseERR},
+		{"USER x", responseOK},
+		{"PASS", responseERR},
 		{"LIST", responseERR},
 		{"USER u", responseOK},
 		{"PASS bad", responseERR},
-- 
2.22.5