pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-28 20:16:38 +02:00
Code Activity

Validate credentials sent via sasl more

Browse Source
This commit is contained in:
Adam
2014-10-16 21:38:46 -04:00
parent c8ded08b43
commit b940077553
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/extra/m_sasl_dh-aes.cpp
+1 -1
View File
@@ -157,7 +157,7 @@ class DHAES : public Mechanism
std::string username = &decrypted[0];
std::string password = &decrypted[username.length() + 1];
if (username.empty() || password.empty())
if (username.empty() || password.empty() || !IRCD->IsNickValid(username) || password.find_first_of("\r\n") != Anope::string::npos)
return Err(sess, pubkey);
SASL::IdentifyRequest* req = new SASL::IdentifyRequest(this->owner, m.source, username, password);
modules/extra/m_sasl_dh-blowfish.cpp
+2 -2
View File
@@ -152,7 +152,7 @@ class DHBS : public Mechanism
const Anope::string username = reinterpret_cast<const char*>(&data[pos]);
// Check that the username is valid, and that we have at least one block of data
// 2 + 1 + 8 = uint16_t size for keylen, \0 for username, 8 for one block of data
if (username.empty() || username.length() + keysize + 2 + 1 + 8 > decodedlen)
if (username.empty() || username.length() + keysize + 2 + 1 + 8 > decodedlen || !IRCD->IsNickValid(username))
return Err(sess, pubkey);
pos += username.length() + 1;
@@ -167,7 +167,7 @@ class DHBS : public Mechanism
BF_ecb_encrypt(&data[pos + i], reinterpret_cast<unsigned char*>(&decrypted[i]), &BFKey, BF_DECRYPT);
std::string password = &decrypted[0];
if (password.empty())
if (password.empty() || password.find_first_of("\r\n") != Anope::string::npos)
return Err(sess, pubkey);
SASL::IdentifyRequest* req = new SASL::IdentifyRequest(this->owner, m.source, username, password);
modules/m_sasl.cpp
+13 -1
View File
@@ -30,18 +30,30 @@ class Plain : public Mechanism
size_t p = decoded.find('\0');
if (p == Anope::string::npos)
{
sasl->Fail(sess);
delete sess;
return;
}
decoded = decoded.substr(p + 1);
p = decoded.find('\0');
if (p == Anope::string::npos)
{
sasl->Fail(sess);
delete sess;
return;
}
Anope::string acc = decoded.substr(0, p),
pass = decoded.substr(p + 1);
if (acc.empty() || pass.empty())
if (acc.empty() || pass.empty() || !IRCD->IsNickValid(acc) || pass.find_first_of("\r\n") != Anope::string::npos)
{
sasl->Fail(sess);
delete sess;
return;
}
SASL::IdentifyRequest *req = new SASL::IdentifyRequest(this->owner, m.source, acc, pass);
FOREACH_MOD(OnCheckAuthentication, (NULL, req));