summary refs log tree commit diff
path: root/state.c
diff options
context:
space:
mode:
authorMichael Forney <mforney@mforney.org>2019-11-20 01:13:29 -0800
committerJune McEnroe <june@causal.agency>2019-11-21 16:14:10 -0500
commit113a33bdf883602313fa33fd323fe1af80b1c620 (patch)
tree5a915d60b242406a78693fe728c792cec53e3700 /state.c
parentAvoid a couple VLAs with constant size (diff)
downloadpounce-113a33bdf883602313fa33fd323fe1af80b1c620.tar.gz
pounce-113a33bdf883602313fa33fd323fe1af80b1c620.zip
Use a fixed buffer size for SASL PLAIN authentication
handleAuthenticate only sends a single AUTHENTICATE message, so
according to https://ircv3.net/specs/extensions/sasl-3.1.html, its
maximum length is 399. So, we know that the authentication string
can be at most 299 bytes.
Diffstat (limited to 'state.c')
-rw-r--r--state.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/state.c b/state.c
index 4d3aa1c..bbc3841 100644
--- a/state.c
+++ b/state.c
@@ -48,14 +48,20 @@ void stateLogin(
 	if (sasl) {
 		serverFormat("CAP REQ :%s\r\n", capList(CapSASL));
 		if (plain) {
-			byte buf[1 + strlen(plain)];
+			// Maxmimum size that fits in a single
+			// AUTHENTICATE message after base64 encoding.
+			byte buf[299];
+			size_t len = 1 + strlen(plain);
+			if (sizeof(buf) < len) {
+				errx(EX_SOFTWARE, "SASL PLAIN is too long");
+			}
 			buf[0] = 0;
 			for (size_t i = 0; plain[i]; ++i) {
 				buf[1 + i] = (plain[i] == ':' ? 0 : plain[i]);
 			}
-			plainBase64 = malloc(BASE64_SIZE(sizeof(buf)));
+			plainBase64 = malloc(BASE64_SIZE(len));
 			if (!plainBase64) err(EX_OSERR, "malloc");
-			base64(plainBase64, buf, sizeof(buf));
+			base64(plainBase64, buf, len);
 		}
 	}
 	serverFormat("NICK %s\r\n", nick);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-21 05:14:45 +0000
>2018-09-14Run tests in default targetJune McEnroe 2018-09-14Add termEvent testsJune McEnroe 2018-09-14Check width of entire next word including codesJune McEnroe This results in a tiny bit of premature wrapping for color codes, but that isn't a problem. 2018-09-14Remove word handling from formatParseJune McEnroe 2018-09-14Apply consecutive formatting codes at onceJune McEnroe Fixes the failing splits test. 2018-09-14Add tests for formatParseJune McEnroe With one currently failing so you know they're worth it. 2018-09-13Preview with nick in input windowJune McEnroe 2018-09-13Never send PRIVMSG to TagStatus or TagVerboseJune McEnroe 2018-09-13Move color selection to format.cJune McEnroe 2018-09-13Fix len for format->split at end of stringJune McEnroe 2018-09-13Avoid uninitialized x in uiReadJune McEnroe 2018-09-13Add IRCDefault to colors enumJune McEnroe 2018-09-13Return a format->split even at the end of the stringJune McEnroe 2018-09-13Fix weird tab-complete after commaJune McEnroe I have no idea why I did this. 2018-09-13Rewrite UI againJune McEnroe The persistent topic is gone and the status line is now at the top. The status formatting still needs to be reworked. I also want to try showing the nick in the input window so it really looks like your next message. 2018-09-12Add note about C-oJune McEnroe Why are there so few well usable ctrl key bindings? 2018-09-12Use formatParse split to position input cursorJune McEnroe 2018-09-12Factor out IRC formatting parsingJune McEnroe 2018-09-11Add /help equivalent to /manJune McEnroe 2018-09-11Don't render every PM as a pingJune McEnroe 2018-09-11Add urlOpenMatchJune McEnroe 2018-09-10Depend on man.sh for chroot.tar targetJune McEnroe 2018-09-10Set LESSSECURE=1 in man.shJune McEnroe Ridiculous. 2018-09-10Add /man commandJune McEnroe 2018-09-10Install man page in chrootJune McEnroe 2018-09-10Install man pageJune McEnroe 2018-09-10Split keys into subsections and document colorsJune McEnroe 2018-09-10Add "blank" lines to chatte.1June McEnroe 2018-09-10Document key bindings in chatte.1June McEnroe 2018-09-08Document slash commands in chatte.1June McEnroe