Skip to content

Commit 74fafb7

Browse files
committed
m_sasl: don't allow AUTHENTICATE with mechanisms with a space
1 parent 5288575 commit 74fafb7

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

Diff for: src/modules/m_sasl.cpp

+4
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,7 @@ class CommandAuthenticate : public Command
189189
: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
190190
{
191191
works_before_reg = true;
192+
allow_empty_last_param = false;
192193
}
193194

194195
CmdResult Handle (const std::vector<std::string>& parameters, User *user)
@@ -199,6 +200,9 @@ class CommandAuthenticate : public Command
199200
if (!cap.ext.get(user))
200201
return CMD_FAILURE;
201202

203+
if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
204+
return CMD_FAILURE;
205+
202206
SaslAuthenticator *sasl = authExt.get(user);
203207
if (!sasl)
204208
authExt.set(user, new SaslAuthenticator(user, parameters[0]));

0 commit comments

Comments
 (0)