From edfc70c856caa58a15365c730980448ce028ab51 Mon Sep 17 00:00:00 2001
From: yoichi <yoichi>
Date: Tue, 24 Apr 2007 14:28:23 +0000
Subject: [PATCH] * elmo-pop3.el (elmo-pop3-auth-apop): Use more strict
 regexp. http://seclists.org/bugtraq/2007/Apr/0018.html
 (Suggested by Tatsuya Kinoshita)

---
 elmo/ChangeLog    |    6 ++++++
 elmo/elmo-pop3.el |    2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/elmo/ChangeLog b/elmo/ChangeLog
index bf9cb76..05904f7 100644
--- a/elmo/ChangeLog
+++ b/elmo/ChangeLog
@@ -1,3 +1,9 @@
+2007-04-24  Yoichi NAKAYAMA  <yoichi@geiin.org>
+
+	* elmo-pop3.el (elmo-pop3-auth-apop): Use more strict regexp.
+	http://seclists.org/bugtraq/2007/Apr/0018.html
+	(Suggested by Tatsuya Kinoshita)
+
 2007-04-16  Yoichi NAKAYAMA  <yoichi@geiin.org>
 
 	* elmo-imap4.el (elmo-folder-delete): Don't call close for mailbox
diff --git a/elmo/elmo-pop3.el b/elmo/elmo-pop3.el
index 19d052b..c95188d 100644
--- a/elmo/elmo-pop3.el
+++ b/elmo/elmo-pop3.el
@@ -299,7 +299,7 @@ CODE is one of the following:
     (car response)))
 
 (defun elmo-pop3-auth-apop (session)
-  (unless (string-match "^\+OK .*\\(<[^\>]+>\\)"
+  (unless (string-match "^\+OK .*\\(<[=!-;?-~]+@[=!-;?-~]+>\\)"
 			(elmo-network-session-greeting-internal session))
     (signal 'elmo-open-error '(elmo-pop3-auth-apop)))
   ;; good, APOP ready server
-- 
1.7.10.4