--- evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c.apop-auth-vulnerability	2007-04-09 08:42:37.000000000 -0400
+++ evolution-data-server-1.10.1/camel/providers/pop3/camel-pop3-store.c	2007-04-24 16:12:28.000000000 -0400
@@ -34,6 +34,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
+#include <ctype.h>
 
 #include "camel-operation.h"
 
@@ -489,6 +490,21 @@
 	} else if (strcmp(service->url->authmech, "+APOP") == 0 && store->engine->apop) {
 		char *secret, md5asc[33], *d;
 		unsigned char md5sum[16], *s;
+
+		d = store->engine->apop;
+
+		while (*d != '\0') {
+			if (!isascii((int)*d)) {
+				camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_URL_INVALID,
+						_("Unable to connect to POP server %s: "
+						"Invalid APOP ID received. Impersonation attack "
+						"suspected. Please contact your admin."),
+						CAMEL_SERVICE (store)->url->host);
+
+				return FALSE;
+			}
+			d++;
+		}
 		
 		secret = g_alloca(strlen(store->engine->apop)+strlen(service->url->passwd)+1);
 		sprintf(secret, "%s%s",  store->engine->apop, service->url->passwd);