Correct handling of colons in SASL PLAIN

Only the first colon should be replaced with a null byte.

Ported from pounce.
master
C. McEnroe 2021-09-09 12:44:01 -04:00
parent be9bffdf49
commit 506c5ad906
1 changed files with 6 additions and 6 deletions

View File

@ -208,13 +208,13 @@ static void handleAuthenticate(struct Message *msg) {
return; return;
} }
byte buf[299]; byte buf[299] = {0};
size_t len = 1 + strlen(self.plain); size_t len = 1 + strlen(self.plain);
if (sizeof(buf) < len) errx(EX_CONFIG, "SASL PLAIN is too long"); if (sizeof(buf) < len) errx(EX_USAGE, "SASL PLAIN is too long");
buf[0] = 0; memcpy(&buf[1], self.plain, len - 1);
for (size_t i = 0; self.plain[i]; ++i) { byte *sep = memchr(buf, ':', len);
buf[1 + i] = (self.plain[i] == ':' ? 0 : self.plain[i]); if (!sep) errx(EX_USAGE, "SASL PLAIN missing colon");
} *sep = 0;
char b64[BASE64_SIZE(sizeof(buf))]; char b64[BASE64_SIZE(sizeof(buf))];
base64(b64, buf, len); base64(b64, buf, len);