]> jfr.im git - irc/charybdis-ircd/charybdis.git/commitdiff
projects / irc / charybdis-ircd / charybdis.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: fe5fc85)
modules/m_sasl.c: abort session if we receive '*' as data
authorAaron Jones <redacted>
Fri, 6 Apr 2018 19:45:50 +0000 (19:45 +0000)
committerAaron Jones <redacted>
Fri, 6 Apr 2018 19:49:33 +0000 (19:49 +0000)
Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.

cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287

Reported-By: James Wheare
modules/m_sasl.c patch | blob | blame | history

diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index 06c45a1de13cc5321a24f1dd326bfc0316bb3eee..19f2a436ff66f72d5341ab571eb7c5124a75e093 100644 (file)
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -180,6 +180,12 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *
 
        if(agent_p == NULL)
        {
+               if (!strcmp(parv[1], "*"))
+               {
+                       sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
+                       return 0;
+               }
+
                sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s H %s %s %c",
                                        me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
                                        source_p->host, source_p->sockhost,
@@ -197,9 +203,19 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *
                rb_strlcpy(source_p->localClient->sasl_agent, saslserv_p->id, IDLEN);
        }
        else
+       {
+               if (!strcmp(parv[1], "*"))
+               {
+                       sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
+                       sendto_one(agent_p, ":%s ENCAP %s SASL %s %s D A", me.id, agent_p->servptr->name, source_p->id, agent_p->id);
+                       return 0;
+               }
+
                sendto_one(agent_p, ":%s ENCAP %s SASL %s %s C %s",
                                me.id, agent_p->servptr->name, source_p->id, agent_p->id,
                                parv[1]);
+       }
+
        source_p->localClient->sasl_out++;
 }
 
Unnamed repository; edit this file 'description' to name the repository.