modules/m_sasl.c: abort session if we receive '*' as data
Otherwise we'd send the * on to services as actual data, which is likely to fail to decode it (it's not valid Base-64) and reply with an SASL ... D F which will result in us sending a 904 numeric instead of a 906. cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287 Reported-By: James Wheare
This commit is contained in:
Aaron Jones
parent
fe5fc851aa
commit
280ce6a951
1 changed files with 16 additions and 0 deletions
|
|
@ -180,6 +180,12 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *
|
|||
|
||||
if(agent_p == NULL)
|
||||
{
|
||||
if (!strcmp(parv[1], "*"))
|
||||
{
|
||||
sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s H %s %s %c",
|
||||
me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
|
||||
source_p->host, source_p->sockhost,
|
||||
|
|
@ -197,9 +203,19 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *
|
|||
rb_strlcpy(source_p->localClient->sasl_agent, saslserv_p->id, IDLEN);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!strcmp(parv[1], "*"))
|
||||
{
|
||||
sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
|
||||
sendto_one(agent_p, ":%s ENCAP %s SASL %s %s D A", me.id, agent_p->servptr->name, source_p->id, agent_p->id);
|
||||
return 0;
|
||||
}
|
||||
|
||||
sendto_one(agent_p, ":%s ENCAP %s SASL %s %s C %s",
|
||||
me.id, agent_p->servptr->name, source_p->id, agent_p->id,
|
||||
parv[1]);
|
||||
}
|
||||
|
||||
source_p->localClient->sasl_out++;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue