From 11d111c3fa253c5609326ba3a4a800f01ca8cc5b Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Fri, 6 Apr 2018 19:45:50 +0000
Subject: [PATCH] modules/m_sasl.c: abort session if we receive '*' as data

Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.

cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287

Reported-By: James Wheare
---
 modules/m_sasl.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index b59b82cc..fa8cc17e 100644
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -128,6 +128,12 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
 
 	if(agent_p == NULL)
 	{
+		if (!strcmp(parv[1], "*"))
+		{
+			sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
+			return 0;
+		}
+
 		sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s H %s %s %c",
 					me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
 					source_p->host, source_p->sockhost,
@@ -145,9 +151,19 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
 		rb_strlcpy(source_p->localClient->sasl_agent, saslserv_p->id, IDLEN);
 	}
 	else
+	{
+		if (!strcmp(parv[1], "*"))
+		{
+			sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
+			sendto_one(agent_p, ":%s ENCAP %s SASL %s %s D A", me.id, agent_p->servptr->name, source_p->id, agent_p->id);
+			return 0;
+		}
+
 		sendto_one(agent_p, ":%s ENCAP %s SASL %s %s C %s",
 				me.id, agent_p->servptr->name, source_p->id, agent_p->id,
 				parv[1]);
+	}
+
 	source_p->localClient->sasl_out++;
 
 	return 0;