diff -urN dbmail-20030520/dbmailtypes.h dbmail-20030520-apop-statemachine-fix/dbmailtypes.h
--- dbmail-20030520/dbmailtypes.h	2003-03-17 09:04:08.000000000 -0700
+++ dbmail-20030520-apop-statemachine-fix/dbmailtypes.h	2003-05-20 13:14:32.000000000 -0600
@@ -57,9 +57,10 @@
 typedef struct
 {
 	int error_count;		/* how many errors have occured? */
-	int state; 				/* what is the current pop state */
+	int state; 			/* what is the current pop state */
+	int cmdtype; 			/* index into commands array of last command issued */
 
-	int SessionResult;	/* what happened during the session */
+	int SessionResult;		/* what happened during the session */
 	
 	char *username;
 	char *password;
diff -urN dbmail-20030520/pop3.c dbmail-20030520-apop-statemachine-fix/pop3.c
--- dbmail-20030520/pop3.c	2003-04-01 00:47:14.000000000 -0700
+++ dbmail-20030520-apop-statemachine-fix/pop3.c	2003-05-22 11:16:58.000000000 -0600
@@ -21,6 +21,7 @@
 
 #define INCOMING_BUFFER_SIZE 512
 #define APOP_STAMP_SIZE 255
+#define MAX_USERID_SIZE 100
 
 /* default timeout for server daemon */
 #define DEFAULT_SERVER_TIMEOUT 300
@@ -168,7 +169,8 @@
 	my_free(session.apop_stamp);
 	session.apop_stamp = NULL;
 
-	if (session.username != NULL && session.password != NULL)
+	/* there is no plaintext password for APOP (commandstype 11) */
+	if (session.username != NULL && (session.cmdtype == 11 || session.password != NULL))
 	{
 		switch (session.SessionResult)
 		{
@@ -290,9 +292,12 @@
 	}
 
 	for (cmdtype = POP3_STRT; cmdtype < POP3_END; cmdtype ++)
-		if (strcasecmp(command, commands[cmdtype]) == 0) break;
+		if (strcasecmp(command, commands[cmdtype]) == 0) {
+			session->cmdtype = cmdtype;
+			break;
+		}
 
-	trace (TRACE_DEBUG,"pop3(): command looked up as commandtype %d", cmdtype);
+	trace (TRACE_DEBUG,"pop3(): command looked up as commandtype %d", session->cmdtype);
 
 	/* commands that are allowed to have no arguments */
 	if ((value==NULL) && (cmdtype!=POP3_QUIT) && (cmdtype!=POP3_LIST) &&
@@ -323,6 +328,9 @@
 
 				if (session->username == NULL)
 				{
+					if (strlen(value)>MAX_USERID_SIZE)
+						return pop3_error(session, stream,"-ERR userid is too long\r\n");
+
 					/* create memspace for username */
 					memtst((session->username = (char *)my_malloc(strlen(value)+1))==NULL);
 					strncpy (session->username, value, strlen(value)+1);
@@ -644,14 +652,17 @@
 				/* value should now be the username */
 				value[searchptr-value-1]='\0';
 
-				if (strlen(searchptr)>32)
+				if (strlen(searchptr)!=32)
 					return pop3_error(session, stream,"-ERR the thingy you issued is not a valid md5 hash\r\n");
 
 				/* create memspace for md5 hash */
 				memtst((md5_apop_he=(char *)my_malloc(strlen(searchptr)+1))==NULL);
 				strncpy (md5_apop_he,searchptr,strlen(searchptr)+1);
 
-				/* create memspace for username */ /* FIXME: we should do a length check here ! */
+				if (strlen(value)>MAX_USERID_SIZE)
+					return pop3_error(session, stream,"-ERR userid is too long\r\n");
+
+				/* create memspace for username */
 				memtst((session->username = (char *)my_malloc(strlen(value)+1))==NULL);
 				strncpy (session->username,value,strlen(value)+1);
 
diff -urN dbmail-20030520/serverchild.c dbmail-20030520-apop-statemachine-fix/serverchild.c
--- dbmail-20030520/serverchild.c	2003-03-17 09:04:09.000000000 -0700
+++ dbmail-20030520-apop-statemachine-fix/serverchild.c	2003-05-20 13:53:36.000000000 -0600
@@ -116,7 +116,7 @@
       break;
 
     default:
-      /* bad shit, exit */
+      /* bad shtuff, exit */
       trace(TRACE_DEBUG, "ChildSighandler(): cannot ignore this. Terminating");
 
       /*