diff options
-rw-r--r-- | src/dns.cpp | 8 | ||||
-rw-r--r-- | src/modules/m_sasl.cpp | 3 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/dns.cpp b/src/dns.cpp index 75e5731fe..14305ccab 100644 --- a/src/dns.cpp +++ b/src/dns.cpp @@ -700,8 +700,16 @@ DNSResult DNS::GetResult() /* Identical handling to PTR */ case DNS_QUERY_PTR: + { /* Reverse lookups just come back as char* */ resultstr = std::string((const char*)data.first); + if (resultstr.find_first_not_of("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-") != std::string::npos) + { + std::string ro = req->orig; + delete req; + return DNSResult(this_id | ERROR_MASK, "Invalid char(s) in reply", 0, ro); + } + } break; default: diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 66efcfe4e..b59fd3835 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -99,6 +99,9 @@ class SaslAuthenticator if (msg[0] != this->agent) return this->state; + if (msg.size() < 4) + return this->state; + if (msg[2] == "C") this->user->Write("AUTHENTICATE %s", msg[3].c_str()); else if (msg[2] == "D") |