You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
Attempting to connect to a POP3 server with < and > characters in its greeting line fails because the logic in pop3_state_servergreet_resp in pop3.c assumes that text between the < and > characters is always a timestamp to be used for APOP authentication.
In this case the greeting was:
+OK E.Novation POP3 server ready <a.b.c>
where a.b.c is the domain name of the server.
APOP requires that the text within < > corresponds to the msg-id syntax of RFC-822. This means that at the very least it must contain the @ character.
As a result of the assumption that the characters between < > is a timestamp, a connection to this server cannot be established.
libcurl version 7.62
Windows 10 and macOS High Sierra
I have fixed the issue in my CURL source, and attached an updated pop3.c (uploaded as pop3.txt). The text marked rmm9831 is my fix.
Attempting to connect to a POP3 server with < and > characters in its greeting line fails because the logic in pop3_state_servergreet_resp in pop3.c assumes that text between the < and > characters is always a timestamp to be used for APOP authentication.
In this case the greeting was:
+OK E.Novation POP3 server ready <a.b.c>
where a.b.c is the domain name of the server.
APOP requires that the text within < > corresponds to the msg-id syntax of RFC-822. This means that at the very least it must contain the @ character.
As a result of the assumption that the characters between < > is a timestamp, a connection to this server cannot be established.
libcurl version 7.62
Windows 10 and macOS High Sierra
I have fixed the issue in my CURL source, and attached an updated pop3.c (uploaded as pop3.txt). The text marked rmm9831 is my fix.
pop3.txt
The text was updated successfully, but these errors were encountered: