http://lists.andrew.cmu.edu/pipermail/imapproxy-info/2007-September/000662.html --- src/request.c 2008-01-28 14:15:08.000000000 +0100 +++ src/request.c.oden 2008-08-30 14:54:26.000000000 +0200 @@ -738,6 +738,12 @@ static int cmd_authenticate_login( ITD_S return( -1 ); } + if ( BytesRead > MAXUSERNAMELEN) + { + syslog( LOG_NOTICE, "%s: username too long from client on socket %d", fn, Client->conn->sd ); + return( -1 ); + } + /* * Don't accept literals from the client here. */ @@ -796,6 +802,12 @@ static int cmd_authenticate_login( ITD_S return( -1 ); } + if ( BytesRead > MAXPASSWDLEN) + { + syslog( LOG_NOTICE, "%s: passwd too long from client on socket %d", fn, Client->conn->sd ); + return( -1 ); + } + if ( Client->MoreData || BytesRead > BufLen ) {