modules/m_sasl.c: abort session if we receive '*' as data

Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.

cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287

Reported-By: James Wheare

modules/m_sasl.c

@@ -128,6 +128,12 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
 
 	if(agent_p == NULL)
 	{
+		if (!strcmp(parv[1], "*"))
+		{
+			sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
+			return 0;
+		}
+
 		sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s H %s %s %c",
 					me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
 					source_p->host, source_p->sockhost,
@@ -145,9 +151,19 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
 		rb_strlcpy(source_p->localClient->sasl_agent, saslserv_p->id, IDLEN);
 	}
 	else
+	{
+		if (!strcmp(parv[1], "*"))
+		{
+			sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
+			sendto_one(agent_p, ":%s ENCAP %s SASL %s %s D A", me.id, agent_p->servptr->name, source_p->id, agent_p->id);
+			return 0;
+		}
+
 		sendto_one(agent_p, ":%s ENCAP %s SASL %s %s C %s",
 				me.id, agent_p->servptr->name, source_p->id, agent_p->id,
 				parv[1]);
+	}
+
 	source_p->localClient->sasl_out++;
 
 	return 0;