3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00

allow null bytes in bearer tokens

(Haven't decided what to do at the spec level yet)
This commit is contained in:
Shivaram Lingamneni 2024-05-29 01:54:12 -04:00
parent ed683bff79
commit 794b4a2483

View File

@ -311,7 +311,7 @@ func authIRCv3BearerHandler(server *Server, client *Client, session *Session, va
defer session.sasl.Clear()
// <authzid> \x00 <type> \x00 <token>
splitValue := bytes.Split(value, []byte{'\000'})
splitValue := bytes.SplitN(value, []byte{'\000'}, 3)
if len(splitValue) != 3 {
rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), client.t("SASL authentication failed: Invalid auth blob"))
return false