1
0
mirror of https://github.com/anope/anope.git synced 2026-07-04 19:33:12 +02:00

Validate credentials sent via sasl more

This commit is contained in:
Adam
2014-10-16 21:38:46 -04:00
parent c8ded08b43
commit b940077553
3 changed files with 16 additions and 4 deletions
+13 -1
View File
@@ -30,18 +30,30 @@ class Plain : public Mechanism
size_t p = decoded.find('\0');
if (p == Anope::string::npos)
{
sasl->Fail(sess);
delete sess;
return;
}
decoded = decoded.substr(p + 1);
p = decoded.find('\0');
if (p == Anope::string::npos)
{
sasl->Fail(sess);
delete sess;
return;
}
Anope::string acc = decoded.substr(0, p),
pass = decoded.substr(p + 1);
if (acc.empty() || pass.empty())
if (acc.empty() || pass.empty() || !IRCD->IsNickValid(acc) || pass.find_first_of("\r\n") != Anope::string::npos)
{
sasl->Fail(sess);
delete sess;
return;
}
SASL::IdentifyRequest *req = new SASL::IdentifyRequest(this->owner, m.source, acc, pass);
FOREACH_MOD(OnCheckAuthentication, (NULL, req));