From a0c331eff30434dc648638990f16f546c9467c37 Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Thu, 16 Apr 2015 21:13:07 +0200
Subject: m_sasl Add missing validation for server-to-server SASL message

---
 src/modules/m_sasl.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 66efcfe4e..b59fd3835 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -99,6 +99,9 @@ class SaslAuthenticator
 			if (msg[0] != this->agent)
 				return this->state;
 
+			if (msg.size() < 4)
+				return this->state;
+
 			if (msg[2] == "C")
 				this->user->Write("AUTHENTICATE %s", msg[3].c_str());
 			else if (msg[2] == "D")
-- 
cgit v1.2.3