From 506c5ad906bc187c645cacea5080360fabd4abb4 Mon Sep 17 00:00:00 2001 From: C. McEnroe Date: Thu, 9 Sep 2021 12:44:01 -0400 Subject: Correct handling of colons in SASL PLAIN Only the first colon should be replaced with a null byte. Ported from pounce. --- handle.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/handle.c b/handle.c index a8f054c..7b9835f 100644 --- a/handle.c +++ b/handle.c @@ -208,13 +208,13 @@ static void handleAuthenticate(struct Message *msg) { return; } - byte buf[299]; + byte buf[299] = {0}; size_t len = 1 + strlen(self.plain); - if (sizeof(buf) < len) errx(EX_CONFIG, "SASL PLAIN is too long"); - buf[0] = 0; - for (size_t i = 0; self.plain[i]; ++i) { - buf[1 + i] = (self.plain[i] == ':' ? 0 : self.plain[i]); - } + if (sizeof(buf) < len) errx(EX_USAGE, "SASL PLAIN is too long"); + memcpy(&buf[1], self.plain, len - 1); + byte *sep = memchr(buf, ':', len); + if (!sep) errx(EX_USAGE, "SASL PLAIN missing colon"); + *sep = 0; char b64[BASE64_SIZE(sizeof(buf))]; base64(b64, buf, len); -- cgit 1.4.1-2-gfad0