diff options
| -rw-r--r-- | modules/extra/m_sasl_dh-aes.cpp | 2 | ||||
| -rw-r--r-- | modules/extra/m_sasl_dh-blowfish.cpp | 4 | ||||
| -rw-r--r-- | modules/m_sasl.cpp | 14 |
3 files changed, 16 insertions, 4 deletions
diff --git a/modules/extra/m_sasl_dh-aes.cpp b/modules/extra/m_sasl_dh-aes.cpp index d556e8502..f398dd45d 100644 --- a/modules/extra/m_sasl_dh-aes.cpp +++ b/modules/extra/m_sasl_dh-aes.cpp @@ -157,7 +157,7 @@ class DHAES : public Mechanism std::string username = &decrypted[0]; std::string password = &decrypted[username.length() + 1]; - if (username.empty() || password.empty()) + if (username.empty() || password.empty() || !IRCD->IsNickValid(username) || password.find_first_of("\r\n") != Anope::string::npos) return Err(sess, pubkey); SASL::IdentifyRequest* req = new SASL::IdentifyRequest(this->owner, m.source, username, password); diff --git a/modules/extra/m_sasl_dh-blowfish.cpp b/modules/extra/m_sasl_dh-blowfish.cpp index df55f06ea..c665b5b5f 100644 --- a/modules/extra/m_sasl_dh-blowfish.cpp +++ b/modules/extra/m_sasl_dh-blowfish.cpp @@ -152,7 +152,7 @@ class DHBS : public Mechanism const Anope::string username = reinterpret_cast<const char*>(&data[pos]); // Check that the username is valid, and that we have at least one block of data // 2 + 1 + 8 = uint16_t size for keylen, \0 for username, 8 for one block of data - if (username.empty() || username.length() + keysize + 2 + 1 + 8 > decodedlen) + if (username.empty() || username.length() + keysize + 2 + 1 + 8 > decodedlen || !IRCD->IsNickValid(username)) return Err(sess, pubkey); pos += username.length() + 1; @@ -167,7 +167,7 @@ class DHBS : public Mechanism BF_ecb_encrypt(&data[pos + i], reinterpret_cast<unsigned char*>(&decrypted[i]), &BFKey, BF_DECRYPT); std::string password = &decrypted[0]; - if (password.empty()) + if (password.empty() || password.find_first_of("\r\n") != Anope::string::npos) return Err(sess, pubkey); SASL::IdentifyRequest* req = new SASL::IdentifyRequest(this->owner, m.source, username, password); diff --git a/modules/m_sasl.cpp b/modules/m_sasl.cpp index 969e5b985..ddfd84cbf 100644 --- a/modules/m_sasl.cpp +++ b/modules/m_sasl.cpp @@ -30,18 +30,30 @@ class Plain : public Mechanism size_t p = decoded.find('\0'); if (p == Anope::string::npos) + { + sasl->Fail(sess); + delete sess; return; + } decoded = decoded.substr(p + 1); p = decoded.find('\0'); if (p == Anope::string::npos) + { + sasl->Fail(sess); + delete sess; return; + } Anope::string acc = decoded.substr(0, p), pass = decoded.substr(p + 1); - if (acc.empty() || pass.empty()) + if (acc.empty() || pass.empty() || !IRCD->IsNickValid(acc) || pass.find_first_of("\r\n") != Anope::string::npos) + { + sasl->Fail(sess); + delete sess; return; + } SASL::IdentifyRequest *req = new SASL::IdentifyRequest(this->owner, m.source, acc, pass); FOREACH_MOD(OnCheckAuthentication, (NULL, req)); |