cherry-pick security fix from chary d06dab5

SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter

This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.

diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index ca761a78baf5541df6ec8fe38d981195f0f9f002..eaf58a6fe1746ce07e936b79663335c0bc362635 100644 (file)
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -83,6 +83,12 @@ mr_authenticate(struct Client *client_p, struct Client *source_p,
                return 0;
        }
 
+       if (*parv[1] == ':' || strchr(parv[1], ' '))
+       {
+               exit_client(client_p, client_p, client_p, "Malformed AUTHENTICATE");
+               return;
+       }
+
        if(source_p->preClient->sasl_complete)
        {
                sendto_one(source_p, form_str(ERR_SASLALREADY), me.name, EmptyString(source_p->name) ? "*" : source_p->name);