Which one of these bugs would have been prevented by unit tests? Probably none, because you'd have to know about the bug in order to craft a test that exploits it.
But very often when you spend time to write unit tests you discover limitations and bugs in your code while you come up with test scenarios.
The only thing that the FTP bug needed was a "test_redirect_responses()" test. The SMTPd bug was all about parsing user input. Ideal candidate for unit testing and probably even some fuzzing.
FTP doesn’t have redirect, so the original code wouldn’t have that test.
The writers who added handling of HTTP would only have added it if they had realized the HTTP library they used could do a redirect. Even if they did, they would have to have thought about redirecting to some specially crafted URL.
