/pidgin/main: d24505afc83a: irc: Base64-decode SASL messages bef...

Mantas Mikul?nas grawity at nullroute.eu.org
Thu Jun 16 15:44:03 EDT 2016 

Changeset: d24505afc83ab4aa2b74042341e94d5e40692983
Author:	 Mantas Mikul?nas <grawity at nullroute.eu.org>
Date:	 2014-06-16 11:03 +0300
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/d24505afc83a

Description:

irc: Base64-decode SASL messages before passing to libsasl

IRC SASL messages are sent and received in Base64 form, but libsasl expects
them to be decoded first, which the irc plugin doesn't do.

This breaks all mechanisms that rely on multiple messages (specifically, I'm
implementing SCRAM-SHA-1 server-side, but GSSAPI or GS2-* would be affected
too).

diffstat:

 ChangeLog                      |   3 +++
 libpurple/protocols/irc/msgs.c |  11 +++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diffs (55 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,9 @@ version 2.10.13 (MM/DD/YY):
 	(#16692). If you actually needed this, truncate your password
 	manually by pressing backspace a few times.
 
+	IRC:
+	* Base64-decode SASL messages before passing to libsasl (#16268)
+
 version 2.10.12 (12/31/15):
 	General:
 	* purple-url-handler now works with Python 3.x (Daniël van Eeden)
diff --git a/libpurple/protocols/irc/msgs.c b/libpurple/protocols/irc/msgs.c
--- a/libpurple/protocols/irc/msgs.c
+++ b/libpurple/protocols/irc/msgs.c
@@ -1647,7 +1647,7 @@ irc_msg_auth(struct irc_conn *irc, char 
 	PurpleConnection *gc = purple_account_get_connection(irc->account);
 	char *buf, *authinfo;
 	char *serverin = NULL;
-	unsigned serverinlen = 0;
+	gsize serverinlen = 0;
 	const gchar *c_out;
 	unsigned int clen;
 	int ret;
@@ -1657,10 +1657,8 @@ irc_msg_auth(struct irc_conn *irc, char 
 	if (!arg)
 		return;
 
-	if (arg[0] != '+') {
-		serverin = arg;
-		serverinlen = strlen(serverin);
-	}
+	if (arg[0] != '+')
+		serverin = (char *)purple_base64_decode(arg, &serverinlen);
 
 	ret = sasl_client_step(irc->sasl_conn, serverin, serverinlen,
 		NULL, &c_out, &clen);
@@ -1674,7 +1672,7 @@ irc_msg_auth(struct irc_conn *irc, char 
 		g_free(tmp);
 
 		irc_sasl_finish(irc);
-
+		g_free(serverin);
 		return;
 	}
 
@@ -1687,6 +1685,7 @@ irc_msg_auth(struct irc_conn *irc, char 
 	irc_send(irc, buf);
 	g_free(buf);
 	g_free(authinfo);
+	g_free(serverin);
 }
 
 void

More information about the Commits mailing list