pop3d: bugfixes.

* pop3d/apop.c (pop3d_apopuser, pop3d_apopuser): Remove statically
allocated buffers.
* pop3d/pop3d.c (pop3d_mainloop): Likewise.
* pop3d/user.c (pop3d_begin_session): Likewise.

@@ -60,7 +60,7 @@ pop3d_apopuser (const char *user)
     memset (&key, 0, sizeof key);
     memset (&data, 0, sizeof data);
 
-    MU_DATUM_PTR (key) = user;
+    MU_DATUM_PTR (key) = (void*) user;
     MU_DATUM_SIZE (key) = strlen (user);
 
     rc = mu_dbm_fetch (db, key, &data);
@@ -134,10 +134,11 @@ pop3d_apopuser (const char *user)
 int
 pop3d_apop (char *arg)
 {
-  char *tmp, *password, *user_digest, *user;
-  char buf[POP_MAXCMDLEN];
+  char *p, *password, *user_digest, *user;
   struct mu_md5_ctx md5context;
   unsigned char md5digest[16];
+  char buf[2 * 16 + 1];
+  size_t i;
   
   if (state != AUTHORIZATION)
     return ERR_WRONG_STATE;
@@ -146,11 +147,6 @@ pop3d_apop (char *arg)
     return ERR_BAD_ARGS;
 
   pop3d_parse_command (arg, &user, &user_digest);
-  if (strlen (user) > (POP_MAXCMDLEN - APOP_DIGEST))
-    {
-      mu_diag_output (MU_DIAG_INFO, _("user name too long: %s"), user);
-      return ERR_BAD_ARGS;
-    }
 
   password = pop3d_apopuser (user);
   if (password == NULL)
@@ -167,14 +163,9 @@ pop3d_apop (char *arg)
   free (password);
   mu_md5_finish_ctx (&md5context, md5digest);
 
-  {
-    int i;
-    tmp = buf;
-    for (i = 0; i < 16; i++, tmp += 2)
-      sprintf (tmp, "%02x", md5digest[i]);
-  }
-
-  *tmp++ = '\0';
+  for (i = 0, p = buf; i < 16; i++, p += 2)
+      sprintf (p, "%02x", md5digest[i]);
+  *p = 0;
 
   if (strcmp (user_digest, buf))
     {

@@ -276,11 +276,7 @@ pop3d_mainloop (int fd, FILE *infile, FILE *outfile)
       /* Refresh the Lock.  */
       pop3d_touchlock ();
 
-      if (strlen (arg) > POP_MAXCMDLEN || strlen (cmd) > POP_MAXCMDLEN)
-	status = ERR_TOO_LONG;
-      else if (strlen (cmd) > 4)
-	status = ERR_BAD_CMD;
-      else if ((handler = pop3d_find_command (cmd)) != NULL)
+      if ((handler = pop3d_find_command (cmd)) != NULL)
 	status = handler (arg);
       else
 	status = ERR_BAD_CMD;

@@ -89,7 +89,7 @@ pop3d_begin_session ()
 int
 pop3d_user (char *arg)
 {
-  char *buf, pass[POP_MAXCMDLEN], *tmp, *cmd;
+  char *buf, *pass, *cmd;
   char buffer[512];
   
   if (state != AUTHORIZATION)
@@ -102,16 +102,7 @@ pop3d_user (char *arg)
   pop3d_flush_output ();
 
   buf = pop3d_readline (buffer, sizeof (buffer));
-  pop3d_parse_command (buf, &cmd, &tmp);
-
-  if (strlen (tmp) > POP_MAXCMDLEN)
-    return ERR_TOO_LONG;
-  else
-    {
-      strncpy (pass, tmp, POP_MAXCMDLEN);
-      /* strncpy () is lame, make sure the string is null terminated.  */
-      pass[POP_MAXCMDLEN - 1] = '\0';
-    }
+  pop3d_parse_command (buf, &cmd, &pass);
 
   if (mu_c_strcasecmp (cmd, "PASS") == 0)
     {
@@ -122,7 +113,8 @@ pop3d_user (char *arg)
       tmp = pop3d_apopuser (arg);
       if (tmp != NULL)
 	{
-	  mu_diag_output (MU_DIAG_INFO, _("APOP user %s tried to log in with USER"), arg);
+	  mu_diag_output (MU_DIAG_INFO,
+			  _("APOP user %s tried to log in with USER"), arg);
 	  return ERR_BAD_LOGIN;
 	}
 #endif