From: Adam <Adam@anope.org>
Date: Sat, 3 Sep 2016 02:57:03 +0000 (-0400)
Subject: m_sasl: don't allow AUTHENTICATE with mechanisms with a space
X-Git-Tag: v2.0.23~1
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=74fafb7f11b06747f69f182ad5e3769b665eea7a;p=user%2Fhenk%2Fcode%2Finspircd.git

m_sasl: don't allow AUTHENTICATE with mechanisms with a space
---

diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 9cb5592d1..16a15357f 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -189,6 +189,7 @@ class CommandAuthenticate : public Command
 		: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
 	{
 		works_before_reg = true;
+		allow_empty_last_param = false;
 	}
 
 	CmdResult Handle (const std::vector<std::string>& parameters, User *user)
@@ -199,6 +200,9 @@ class CommandAuthenticate : public Command
 			if (!cap.ext.get(user))
 				return CMD_FAILURE;
 
+			if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
+				return CMD_FAILURE;
+
 			SaslAuthenticator *sasl = authExt.get(user);
 			if (!sasl)
 				authExt.set(user, new SaslAuthenticator(user, parameters[0]));