From 506c5ad906bc187c645cacea5080360fabd4abb4 Mon Sep 17 00:00:00 2001
From: C. McEnroe
Date: Thu, 9 Sep 2021 12:44:01 -0400
Subject: Correct handling of colons in SASL PLAIN

Only the first colon should be replaced with a null byte.

Ported from pounce.
---
 handle.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/handle.c b/handle.c
index a8f054c..7b9835f 100644
--- a/handle.c
+++ b/handle.c
@@ -208,13 +208,13 @@ static void handleAuthenticate(struct Message *msg) {
 		return;
 	}
 
-	byte buf[299];
+	byte buf[299] = {0};
 	size_t len = 1 + strlen(self.plain);
-	if (sizeof(buf) < len) errx(EX_CONFIG, "SASL PLAIN is too long");
-	buf[0] = 0;
-	for (size_t i = 0; self.plain[i]; ++i) {
-		buf[1 + i] = (self.plain[i] == ':' ? 0 : self.plain[i]);
-	}
+	if (sizeof(buf) < len) errx(EX_USAGE, "SASL PLAIN is too long");
+	memcpy(&buf[1], self.plain, len - 1);
+	byte *sep = memchr(buf, ':', len);
+	if (!sep) errx(EX_USAGE, "SASL PLAIN missing colon");
+	*sep = 0;
 
 	char b64[BASE64_SIZE(sizeof(buf))];
 	base64(b64, buf, len);
-- 
cgit 1.4.1-2-gfad0