m_sasl: don't allow AUTHENTICATE with mechanisms with a space

author Adam <Adam@anope.org>

Sat, 3 Sep 2016 02:57:03 +0000 (22:57 -0400)

committer Adam <Adam@anope.org>

Sat, 3 Sep 2016 14:51:21 +0000 (10:51 -0400)
author Adam <Adam@anope.org>
Sat, 3 Sep 2016 02:57:03 +0000 (22:57 -0400)
committer Adam <Adam@anope.org>
Sat, 3 Sep 2016 14:51:21 +0000 (10:51 -0400)
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp

index 9cb5592d1f8d1e2c1af817739d02c9d7552107a3..16a15357f57e9eef8720a34d1a3caf01a723324a 100644 (file)
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -189,6 +189,7 @@ class CommandAuthenticate : public Command
                 : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
         {
                 works_before_reg = true;
+               allow_empty_last_param = false;
         }
  
         CmdResult Handle (const std::vector<std::string>& parameters, User *user)
@@ -199,6 +200,9 @@ class CommandAuthenticate : public Command
                         if (!cap.ext.get(user))
                                 return CMD_FAILURE;
  
+                       if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
+                               return CMD_FAILURE;
+
                         SaslAuthenticator *sasl = authExt.get(user);
                         if (!sasl)
                                 authExt.set(user, new SaslAuthenticator(user, parameters[0]));
author	Adam <Adam@anope.org>
	Sat, 3 Sep 2016 02:57:03 +0000 (22:57 -0400)
committer	Adam <Adam@anope.org>
	Sat, 3 Sep 2016 14:51:21 +0000 (10:51 -0400)