Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix to prevent SASL security vulnerability
  • Loading branch information
jobe1986 committed Sep 3, 2016
1 parent 656d86a commit f50a84b
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions ircd/m_authenticate.c
Expand Up @@ -150,6 +150,8 @@ int m_authenticate(struct Client* cptr, struct Client* sptr, int parc, char* par

if (acptr) {
if (first) {
if (*parv[1] == ':' || strchr(parv[1], ' '))
return exit_client(cptr, sptr, sptr, "Malformed AUTHENTICATE");
if (!EmptyString(cli_sslclifp(cptr)))
sendcmdto_one(&me, CMD_SASL, acptr, "%C %C!%u.%u S %s :%s", acptr, &me,
cli_fd(cptr), cli_saslcookie(cptr),
Expand All @@ -167,6 +169,8 @@ int m_authenticate(struct Client* cptr, struct Client* sptr, int parc, char* par
}
} else {
if (first) {
if (*parv[1] == ':' || strchr(parv[1], ' '))
return exit_client(cptr, sptr, sptr, "Malformed AUTHENTICATE");
if (!EmptyString(cli_sslclifp(cptr)))
sendcmdto_serv_butone(&me, CMD_SASL, cptr, "* %C!%u.%u S %s :%s", &me,
cli_fd(cptr), cli_saslcookie(cptr),
Expand Down

0 comments on commit f50a84b

Please sign in to comment.