Skip to content
Permalink
Browse files Browse the repository at this point in the history
m_sasl: don't allow AUTHENTICATE with mechanisms with a space
  • Loading branch information
Adam- committed Sep 3, 2016
1 parent 5288575 commit 74fafb7
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/modules/m_sasl.cpp
Expand Up @@ -189,6 +189,7 @@ class CommandAuthenticate : public Command
: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
{
works_before_reg = true;
allow_empty_last_param = false;
}

CmdResult Handle (const std::vector<std::string>& parameters, User *user)
Expand All @@ -199,6 +200,9 @@ class CommandAuthenticate : public Command
if (!cap.ext.get(user))
return CMD_FAILURE;

if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
return CMD_FAILURE;

SaslAuthenticator *sasl = authExt.get(user);
if (!sasl)
authExt.set(user, new SaslAuthenticator(user, parameters[0]));
Expand Down

0 comments on commit 74fafb7

Please sign in to comment.