summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--state.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/state.c b/state.c
index 4d3aa1c..bbc3841 100644
--- a/state.c
+++ b/state.c
@@ -48,14 +48,20 @@ void stateLogin(
 	if (sasl) {
 		serverFormat("CAP REQ :%s\r\n", capList(CapSASL));
 		if (plain) {
-			byte buf[1 + strlen(plain)];
+			// Maxmimum size that fits in a single
+			// AUTHENTICATE message after base64 encoding.
+			byte buf[299];
+			size_t len = 1 + strlen(plain);
+			if (sizeof(buf) < len) {
+				errx(EX_SOFTWARE, "SASL PLAIN is too long");
+			}
 			buf[0] = 0;
 			for (size_t i = 0; plain[i]; ++i) {
 				buf[1 + i] = (plain[i] == ':' ? 0 : plain[i]);
 			}
-			plainBase64 = malloc(BASE64_SIZE(sizeof(buf)));
+			plainBase64 = malloc(BASE64_SIZE(len));
 			if (!plainBase64) err(EX_OSERR, "malloc");
-			base64(plainBase64, buf, sizeof(buf));
+			base64(plainBase64, buf, len);
 		}
 	}
 	serverFormat("NICK %s\r\n", nick);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-10 14:13:40 +0000
076f0630af550e43d9088&follow=1'>Bump versionJason A. Donenfeld 2020-01-13git: update to v2.25.0Christian Hesse 2019-12-11tests: skip tests if strace is not functionalChristian Hesse 2019-12-10git: update to v2.24.1Christian Hesse 2019-11-22ui-repolist: do not return unsigned (negative) valueChristian Hesse 2019-11-08git: update to v2.24.0Christian Hesse 2019-10-25git: update to v2.23.0Christian Hesse 2019-10-25git: update to v2.22.0Christian Hesse 2019-06-25ui-tree: allow per repository override for enable-blameChristian Hesse 2019-06-05tests: successfully validate rc versionsChristian Hesse 2019-06-05git: update to v2.21.0Christian Hesse 2019-06-05ui-ssdiff: ban strncat()Christian Hesse 2019-06-05global: make 'char *path' const where possibleChristian Hesse 2019-05-20ui-shared: restrict to 15 levelsJason A. Donenfeld 2019-02-23ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo 2019-02-23ui-ssdiff: resolve HTML5 validation errorsChris Mayo 2019-01-03filters: migrate from luacrypto to luaosslJason A. Donenfeld 2019-01-02ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld 2018-12-09git: update to v2.20.0Christian Hesse 2018-11-25ui-blame: set repo for sbJason A. Donenfeld 2018-11-25auth-filter: pass url with query string attachedJason A. Donenfeld 2018-11-21git: use xz compressed archive for downloadChristian Hesse 2018-10-12git: update to v2.19.1Christian Hesse 2018-09-11ui-ssdiff: ban strcat()Christian Hesse 2018-09-11ui-ssdiff: ban strncpy()Christian Hesse 2018-09-11ui-shared: ban strcat()Christian Hesse 2018-09-11ui-patch: ban sprintf()Christian Hesse 2018-09-11ui-log: ban strncpy()Christian Hesse 2018-09-11ui-log: ban strcpy()Christian Hesse 2018-09-11parsing: ban sprintf()Christian Hesse 2018-09-11parsing: ban strncpy()Christian Hesse 2018-08-28filters: generate anchor links from markdownChristian Hesse 2018-08-03Bump version.Jason A. Donenfeld 2018-08-03clone: fix directory traversalJason A. Donenfeld 2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev