summary refs log tree commit diff
diff options
context:
space:
mode:
authorMichael Forney <mforney@mforney.org>2019-11-20 01:13:29 -0800
committerJune McEnroe <june@causal.agency>2019-11-21 16:14:10 -0500
commit113a33bdf883602313fa33fd323fe1af80b1c620 (patch)
tree5a915d60b242406a78693fe728c792cec53e3700
parentAvoid a couple VLAs with constant size (diff)
downloadpounce-113a33bdf883602313fa33fd323fe1af80b1c620.tar.gz
pounce-113a33bdf883602313fa33fd323fe1af80b1c620.zip
Use a fixed buffer size for SASL PLAIN authentication
handleAuthenticate only sends a single AUTHENTICATE message, so
according to https://ircv3.net/specs/extensions/sasl-3.1.html, its
maximum length is 399. So, we know that the authentication string
can be at most 299 bytes.
Diffstat
-rw-r--r--state.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/state.c b/state.c
index 4d3aa1c..bbc3841 100644
--- a/state.c
+++ b/state.c
@@ -48,14 +48,20 @@ void stateLogin(
 	if (sasl) {
 		serverFormat("CAP REQ :%s\r\n", capList(CapSASL));
 		if (plain) {
-			byte buf[1 + strlen(plain)];
+			// Maxmimum size that fits in a single
+			// AUTHENTICATE message after base64 encoding.
+			byte buf[299];
+			size_t len = 1 + strlen(plain);
+			if (sizeof(buf) < len) {
+				errx(EX_SOFTWARE, "SASL PLAIN is too long");
+			}
 			buf[0] = 0;
 			for (size_t i = 0; plain[i]; ++i) {
 				buf[1 + i] = (plain[i] == ':' ? 0 : plain[i]);
 			}
-			plainBase64 = malloc(BASE64_SIZE(sizeof(buf)));
+			plainBase64 = malloc(BASE64_SIZE(len));
 			if (!plainBase64) err(EX_OSERR, "malloc");
-			base64(plainBase64, buf, sizeof(buf));
+			base64(plainBase64, buf, len);
 		}
 	}
 	serverFormat("NICK %s\r\n", nick);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-18 14:34:12 +0000
2020-03-08Add The Stone SkyJune McEnroe 2020-03-08Publish "How I Relay Chat"June McEnroe 2020-03-03Don't use $ inside $(())June McEnroe 2020-03-03Remove setoptJune McEnroe 2020-03-03Use getopts in shell scriptsJune McEnroe WTF why did no one tell me about this? 2020-02-27Style %T outside of Rs in italicJune McEnroe 2020-02-26Add Fierce Femmes and Notorious LiarsJune McEnroe 2020-02-23Add This Is How You Lose the Time WarJune McEnroe 2020-02-22Add See Ya LaterJune McEnroe 2020-02-20Remove wiki scriptJune McEnroe Wikipedia seems to have removed the one-sentence extracts from the opensearch results. Too bad. It's not a wiki script, what we need is a command that fetches single-sentence summaries of articles on Wikipedia. 2020-02-19Add The Obelisk GateJune McEnroe 2020-02-17Add Four Tet — HandsJune McEnroe One from the cafe that caught my attention. 2020-02-12Simplify macOS notify-sendJune McEnroe 2020-02-12Add imbox and notemap to pageJune McEnroe 2020-02-12Collapse simple linksJune McEnroe 2020-02-12Move catgirl up the pageJune McEnroe 2020-02-12Update catgirl pty grabJune McEnroe 2020-02-12Link to cgit /about pages where appropriateJune McEnroe 2020-02-11Separate LINKS from BINS for html to workJune McEnroe 2020-02-11Add margin to Bl-bullet itemsJune McEnroe 2020-02-10Match URLs inside parens or with paired parens insideJune McEnroe 2020-02-10Duplicate effective URL before passing it back to curlJune McEnroe Apparently sometimes it didn't like receiving its own internal storage to parse again. Understandable. 2020-02-09Add To Be Taught, If FortunateJune McEnroe 2020-02-04Add The Future of Another TimelineJune McEnroe Wow. One of the best I've read. 2020-01-31Reorganize the Makefile for the umpteenth timeJune McEnroe Broke out LDLIBS for each bin, and made everything more uniform. 2020-01-28Change scout sensitivity to 1.4June McEnroe idk it seems to work. 2020-01-28Import shows.txtJune McEnroe