diff --git a/lib/ftp.c b/lib/ftp.c
index 08d18ca74..0b9c9b732 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -2743,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
case FTP_AUTH:
/* we have gotten the response to a previous AUTH command */
+ if(pp->cache_size)
+ return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */
+
/* RFC2228 (page 5) says:
*
* If the server is willing to accept the named security mechanism,
diff --git a/lib/imap.c b/lib/imap.c
index 923b1d59b..6163899bb 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -963,6 +963,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data,
(void)instate; /* no use for this yet */
+ /* Pipelining in response is forbidden. */
+ if(data->conn->proto.imapc.pp.cache_size)
+ return CURLE_WEIRD_SERVER_REPLY;
+
if(imapcode != IMAP_RESP_OK) {
if(data->set.use_ssl != CURLUSESSL_TRY) {
failf(data, "STARTTLS denied");
diff --git a/lib/pop3.c b/lib/pop3.c
index a331d71f7..d3f3de6d4 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -771,6 +771,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data,
CURLcode result = CURLE_OK;
(void)instate; /* no use for this yet */
+ /* Pipelining in response is forbidden. */
+ if(data->conn->proto.pop3c.pp.cache_size)
+ return CURLE_WEIRD_SERVER_REPLY;
+
if(pop3code != '+') {
if(data->set.use_ssl != CURLUSESSL_TRY) {
failf(data, "STARTTLS denied");
diff --git a/lib/smtp.c b/lib/smtp.c
index 20dc85a5f..02ddaca0a 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -834,6 +834,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data,
CURLcode result = CURLE_OK;
(void)instate; /* no use for this yet */
+ /* Pipelining in response is forbidden. */
+ if(data->conn->proto.smtpc.pp.cache_size)
+ return CURLE_WEIRD_SERVER_REPLY;
+
if(smtpcode != 220) {
if(data->set.use_ssl != CURLUSESSL_TRY) {
failf(data, "STARTTLS denied, code %d", smtpcode);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8e05ee907..787c36375 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -118,7 +118,7 @@ test954 test955 test956 test957 test958 test959 test960 test961 test962 \
test963 test964 test965 test966 test967 test968 test969 test970 test971 \
test972 \
\
-test984 test985 test986 \
+test980 test981 test982 test983 test984 test985 test986 \
\
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
diff --git a/tests/data/test980 b/tests/data/test980
new file mode 100644
index 000000000..97567f856
--- /dev/null
+++ b/tests/data/test980
@@ -0,0 +1,52 @@
+
+
+
+SMTP
+STARTTLS
+
+
+
+#
+# Server-side
+
+
+CAPA STARTTLS
+AUTH PLAIN
+REPLY STARTTLS 454 currently unavailable\r\n235 Authenticated\r\n250 2.1.0 Sender ok\r\n250 2.1.5 Recipient ok\r\n354 Enter mail\r\n250 2.0.0 Accepted
+REPLY AUTH 535 5.7.8 Authentication credentials invalid
+
+
+
+#
+# Client-side
+
+
+SSL
+
+
+smtp
+
+
+SMTP STARTTLS pipelined server response
+
+
+mail body
+
+
+smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user:secret --ssl --sasl-ir -T -
+
+
+
+#
+# Verify data after the test has been "shot"
+
+# 8 is CURLE_WEIRD_SERVER_REPLY
+
+8
+
+
+EHLO %TESTNUMBER
+STARTTLS
+
+
+
diff --git a/tests/data/test981 b/tests/data/test981
new file mode 100644
index 000000000..2b98ce42a
--- /dev/null
+++ b/tests/data/test981
@@ -0,0 +1,59 @@
+
+
+
+IMAP
+STARTTLS
+
+
+
+#
+# Server-side
+
+
+CAPA STARTTLS
+REPLY STARTTLS A002 BAD currently unavailable\r\nA003 OK Authenticated\r\nA004 OK Accepted
+REPLY LOGIN A003 BAD Authentication credentials invalid
+
+
+
+#
+# Client-side
+
+
+SSL
+
+
+imap
+
+
+IMAP STARTTLS pipelined server response
+
+
+imap://%HOSTIP:%IMAPPORT/%TESTNUMBER -T log/upload%TESTNUMBER -u user:secret --ssl
+
+
+Date: Mon, 7 Feb 1994 21:52:25 -0800 (PST)
+From: Fred Foobar
+Subject: afternoon meeting
+To: joe@example.com
+Message-Id:
+MIME-Version: 1.0
+Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
+
+Hello Joe, do you think we can meet at 3:30 tomorrow?
+
+
+
+#
+# Verify data after the test has been "shot"
+
+# 8 is CURLE_WEIRD_SERVER_REPLY
+
+8
+
+
+A001 CAPABILITY
+A002 STARTTLS
+
+
+
diff --git a/tests/data/test982 b/tests/data/test982
new file mode 100644
index 000000000..9e07cc0b3
--- /dev/null
+++ b/tests/data/test982
@@ -0,0 +1,57 @@
+
+
+
+POP3
+STARTTLS
+
+
+
+#
+# Server-side
+
+
+CAPA STLS USER
+REPLY STLS -ERR currently unavailable\r\n+OK user accepted\r\n+OK authenticated
+REPLY PASS -ERR Authentication credentials invalid
+
+
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+ yours sincerely
+
+
+
+#
+# Client-side
+
+
+SSL
+
+
+pop3
+
+
+POP3 STARTTLS pipelined server response
+
+
+pop3://%HOSTIP:%POP3PORT/%TESTNUMBER -u user:secret --ssl
+
+
+
+#
+# Verify data after the test has been "shot"
+
+# 8 is CURLE_WEIRD_SERVER_REPLY
+
+8
+
+
+CAPA
+STLS
+
+
+
diff --git a/tests/data/test983 b/tests/data/test983
new file mode 100644
index 000000000..300ec459c
--- /dev/null
+++ b/tests/data/test983
@@ -0,0 +1,52 @@
+
+
+
+FTP
+STARTTLS
+
+
+
+#
+# Server-side
+
+
+REPLY AUTH 500 unknown command\r\n500 unknown command\r\n331 give password\r\n230 Authenticated\r\n257 "/"\r\n200 OK\r\n200 OK\r\n200 OK\r\n226 Transfer complete
+REPLY PASS 530 Login incorrect
+
+
+
+# Client-side
+
+
+SSL
+
+
+ftp
+
+
+FTP STARTTLS pipelined server response
+
+
+data
+ to
+ see
+that FTPS
+works
+ so does it?
+
+
+--ssl --ftp-ssl-control ftp://%HOSTIP:%FTPPORT/%TESTNUMBER -T log/test%TESTNUMBER.txt -u user:secret -P %CLIENTIP
+
+
+
+# Verify data after the test has been "shot"
+
+# 8 is CURLE_WEIRD_SERVER_REPLY
+
+8
+
+
+AUTH SSL
+
+
+