diff options
author | Michael Forney <mforney@mforney.org> | 2019-11-20 01:13:29 -0800 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2019-11-21 16:14:10 -0500 |
commit | 113a33bdf883602313fa33fd323fe1af80b1c620 (patch) | |
tree | 5a915d60b242406a78693fe728c792cec53e3700 | |
parent | Avoid a couple VLAs with constant size (diff) | |
download | pounce-113a33bdf883602313fa33fd323fe1af80b1c620.tar.gz pounce-113a33bdf883602313fa33fd323fe1af80b1c620.zip |
Use a fixed buffer size for SASL PLAIN authentication
handleAuthenticate only sends a single AUTHENTICATE message, so according to https://ircv3.net/specs/extensions/sasl-3.1.html, its maximum length is 399. So, we know that the authentication string can be at most 299 bytes.
-rw-r--r-- | state.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/state.c b/state.c index 4d3aa1c..bbc3841 100644 --- a/state.c +++ b/state.c @@ -48,14 +48,20 @@ void stateLogin( if (sasl) { serverFormat("CAP REQ :%s\r\n", capList(CapSASL)); if (plain) { - byte buf[1 + strlen(plain)]; + // Maxmimum size that fits in a single + // AUTHENTICATE message after base64 encoding. + byte buf[299]; + size_t len = 1 + strlen(plain); + if (sizeof(buf) < len) { + errx(EX_SOFTWARE, "SASL PLAIN is too long"); + } buf[0] = 0; for (size_t i = 0; plain[i]; ++i) { buf[1 + i] = (plain[i] == ':' ? 0 : plain[i]); } - plainBase64 = malloc(BASE64_SIZE(sizeof(buf))); + plainBase64 = malloc(BASE64_SIZE(len)); if (!plainBase64) err(EX_OSERR, "malloc"); - base64(plainBase64, buf, sizeof(buf)); + base64(plainBase64, buf, len); } } serverFormat("NICK %s\r\n", nick); |