--- evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability 2007-04-09 08:42:37.000000000 -0400 +++ evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c 2007-04-30 16:42:12.000000000 -0400 @@ -34,6 +34,7 @@ #include #include #include +#include #include "camel-operation.h" @@ -489,7 +490,21 @@ } else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) { char *secret, md5asc[33], *d; unsigned char md5sum[16], *s; - + + d = store->engine->apop; + + while (*d != '\0') { + if (!isascii((int)*d)) { + + camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID, + _("Unable to connect to POP server %s: "), + CAMEL_SERVICE (store)->url->host); + + return FALSE; + } + d++; + } + secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1); sprintf(secret, "%s%s", store->engine->apop, service->url->passwd); md5_get_digest(secret, strlen (secret), md5sum);