From 113a33bdf883602313fa33fd323fe1af80b1c620 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Wed, 20 Nov 2019 01:13:29 -0800
Subject: Use a fixed buffer size for SASL PLAIN authentication

handleAuthenticate only sends a single AUTHENTICATE message, so
according to https://ircv3.net/specs/extensions/sasl-3.1.html, its
maximum length is 399. So, we know that the authentication string
can be at most 299 bytes.
---
 state.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/state.c b/state.c
index 4d3aa1c..bbc3841 100644
--- a/state.c
+++ b/state.c
@@ -48,14 +48,20 @@ void stateLogin(
 	if (sasl) {
 		serverFormat("CAP REQ :%s\r\n", capList(CapSASL));
 		if (plain) {
-			byte buf[1 + strlen(plain)];
+			// Maxmimum size that fits in a single
+			// AUTHENTICATE message after base64 encoding.
+			byte buf[299];
+			size_t len = 1 + strlen(plain);
+			if (sizeof(buf) < len) {
+				errx(EX_SOFTWARE, "SASL PLAIN is too long");
+			}
 			buf[0] = 0;
 			for (size_t i = 0; plain[i]; ++i) {
 				buf[1 + i] = (plain[i] == ':' ? 0 : plain[i]);
 			}
-			plainBase64 = malloc(BASE64_SIZE(sizeof(buf)));
+			plainBase64 = malloc(BASE64_SIZE(len));
 			if (!plainBase64) err(EX_OSERR, "malloc");
-			base64(plainBase64, buf, sizeof(buf));
+			base64(plainBase64, buf, len);
 		}
 	}
 	serverFormat("NICK %s\r\n", nick);
-- 
cgit 1.4.1