SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
return 0;
}
+ if (*parv[1] == ':' || strchr(parv[1], ' '))
+ {
+ exit_client(client_p, client_p, client_p, "Malformed AUTHENTICATE");
+ return;
+ }
+
if(source_p->preClient->sasl_complete)
{
sendto_one(source_p, form_str(ERR_SASLALREADY), me.name, EmptyString(source_p->name) ? "*" : source_p->name);