m_sasl: don't allow AUTHENTICATE with mechanisms with a space

author: Adam <Adam@anope.org> 2016-09-02 22:57:03 -0400
committer: Adam <Adam@anope.org> 2016-09-03 10:51:21 -0400
commit: 74fafb7f11b06747f69f182ad5e3769b665eea7a (patch)
tree: ab689f9bccf5c1e3f9aedecb934eca055f8ea8a5
parent: 5288575567d453ebd9dfbec44e4948599527dde9 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 9cb5592d1..16a15357f 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -189,6 +189,7 @@ class CommandAuthenticate : public Command
 		: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
 	{
 		works_before_reg = true;
+		allow_empty_last_param = false;
 	}
 
 	CmdResult Handle (const std::vector<std::string>& parameters, User *user)
@@ -199,6 +200,9 @@ class CommandAuthenticate : public Command
 			if (!cap.ext.get(user))
 				return CMD_FAILURE;
 
+			if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
+				return CMD_FAILURE;
+
 			SaslAuthenticator *sasl = authExt.get(user);
 			if (!sasl)
 				authExt.set(user, new SaslAuthenticator(user, parameters[0]));
author	Adam <Adam@anope.org>	2016-09-02 22:57:03 -0400
committer	Adam <Adam@anope.org>	2016-09-03 10:51:21 -0400
commit	74fafb7f11b06747f69f182ad5e3769b665eea7a (patch)
tree	ab689f9bccf5c1e3f9aedecb934eca055f8ea8a5
parent	5288575567d453ebd9dfbec44e4948599527dde9 (diff)