diff options
author | Peter Powell <petpow@saberuk.com> | 2017-10-11 11:27:07 +0100 |
---|---|---|
committer | Peter Powell <petpow@saberuk.com> | 2017-10-12 14:46:50 +0100 |
commit | 118fd780a9c98b9b2ab98e3e0bd8298074493381 (patch) | |
tree | 3474614902bc49ebdfe6e84d31411467e6a3db58 /src | |
parent | 407b2e004cf66e442771ec5d2bbe700dee1f3760 (diff) |
Send ERR_SASLTOOLONG when a client sends an oversized AUTHENTICATE.
Diffstat (limited to 'src')
-rw-r--r-- | src/modules/m_sasl.cpp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 6e28a91aa..64631a691 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -30,6 +30,7 @@ enum // From IRCv3 sasl-3.1 RPL_SASLSUCCESS = 903, ERR_SASLFAIL = 904, + ERR_SASLTOOLONG = 905, ERR_SASLABORTED = 906, RPL_SASLMECHS = 908 }; @@ -295,6 +296,10 @@ class SaslAuthenticator class CommandAuthenticate : public SplitCommand { + private: + // The maximum length of an AUTHENTICATE request. + static const size_t MAX_AUTHENTICATE_SIZE = 400; + public: SimpleExtItem<SaslAuthenticator>& authExt; Cap::Capability& cap; @@ -316,6 +321,12 @@ class CommandAuthenticate : public SplitCommand if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':') return CMD_FAILURE; + if (parameters[0].length() > MAX_AUTHENTICATE_SIZE) + { + user->WriteNumeric(ERR_SASLTOOLONG, "SASL message too long"); + return CMD_FAILURE; + } + SaslAuthenticator *sasl = authExt.get(user); if (!sasl) authExt.set(user, new SaslAuthenticator(user, parameters[0])); |