vulpineawoo/solanum
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter

Browse source 
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
This commit is contained in:
Aaron Jones 2016-09-03 17:29:53 +00:00
parent 86e1de17f3
commit ac88154f94
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/m_sasl.c
View file

@ -143,6 +143,12 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *
return;
}
if (*parv[1] == ':' || strchr(parv[1], ' '))
{
exit_client(client_p, client_p, client_p, "Malformed AUTHENTICATE");
return;
}
saslserv_p = find_named_client(ConfigFileEntry.sasl_service);
if(saslserv_p == NULL || !IsService(saslserv_p))
{