summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Powell <petpow@saberuk.com>2017-10-11 11:27:07 +0100
committerPeter Powell <petpow@saberuk.com>2017-10-12 14:46:50 +0100
commit118fd780a9c98b9b2ab98e3e0bd8298074493381 (patch)
tree3474614902bc49ebdfe6e84d31411467e6a3db58
parent407b2e004cf66e442771ec5d2bbe700dee1f3760 (diff)
Send ERR_SASLTOOLONG when a client sends an oversized AUTHENTICATE.
-rw-r--r--src/modules/m_sasl.cpp11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 6e28a91aa..64631a691 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -30,6 +30,7 @@ enum
// From IRCv3 sasl-3.1
RPL_SASLSUCCESS = 903,
ERR_SASLFAIL = 904,
+ ERR_SASLTOOLONG = 905,
ERR_SASLABORTED = 906,
RPL_SASLMECHS = 908
};
@@ -295,6 +296,10 @@ class SaslAuthenticator
class CommandAuthenticate : public SplitCommand
{
+ private:
+ // The maximum length of an AUTHENTICATE request.
+ static const size_t MAX_AUTHENTICATE_SIZE = 400;
+
public:
SimpleExtItem<SaslAuthenticator>& authExt;
Cap::Capability& cap;
@@ -316,6 +321,12 @@ class CommandAuthenticate : public SplitCommand
if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
return CMD_FAILURE;
+ if (parameters[0].length() > MAX_AUTHENTICATE_SIZE)
+ {
+ user->WriteNumeric(ERR_SASLTOOLONG, "SASL message too long");
+ return CMD_FAILURE;
+ }
+
SaslAuthenticator *sasl = authExt.get(user);
if (!sasl)
authExt.set(user, new SaslAuthenticator(user, parameters[0]));