From b8645bfbf21a5f3e4583d7fc97c418585a48624a Mon Sep 17 00:00:00 2001
From: Artem Zhurikhin <ashpool@xecut.net>
Date: Fri, 13 May 2022 22:56:26 +0200
Subject: Split long SASL auth strings into 400-byte chunks (#2709)

Fixes #2705
---
 src/common/inbound.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/common/inbound.c b/src/common/inbound.c
index 3c505a57..ddd6ee9a 100644
--- a/src/common/inbound.c
+++ b/src/common/inbound.c
@@ -1929,7 +1929,24 @@ inbound_sasl_authenticate (server *serv, char *data)
 			return;
 		}
 
-		tcp_sendf (serv, "AUTHENTICATE %s\r\n", pass);
+		/* long SASL passwords must be split into 400-byte chunks
+		   https://ircv3.net/specs/extensions/sasl-3.1#the-authenticate-command */
+		size_t pass_len = strlen (pass);
+		if (pass_len <= 400)
+			tcp_sendf (serv, "AUTHENTICATE %s\r\n", pass);
+		else
+		{
+			size_t sent = 0;
+			while (sent < pass_len)
+			{
+				char *pass_chunk = g_strndup (pass + sent, 400);
+				tcp_sendf (serv, "AUTHENTICATE %s\r\n", pass_chunk);
+				sent += 400;
+				g_free (pass_chunk);
+			}
+		}
+		if (pass_len % 400 == 0)
+			tcp_sendf (serv, "AUTHENTICATE +\r\n");
 		g_free (pass);
 
 		
-- 
cgit 1.4.1