Issue where APOP authentication is incorrectly used #3278
Description
Attempting to connect to a POP3 server with < and > characters in its greeting line fails because the logic in pop3_state_servergreet_resp in pop3.c assumes that text between the < and > characters is always a timestamp to be used for APOP authentication.
In this case the greeting was:
+OK E.Novation POP3 server ready <a.b.c>
where a.b.c is the domain name of the server.
APOP requires that the text within < > corresponds to the msg-id syntax of RFC-822. This means that at the very least it must contain the @ character.
As a result of the assumption that the characters between < > is a timestamp, a connection to this server cannot be established.
libcurl version 7.62
Windows 10 and macOS High Sierra
I have fixed the issue in my CURL source, and attached an updated pop3.c (uploaded as pop3.txt). The text marked rmm9831 is my fix.