Software /
code /
prosody
Comparison
util/sasl/scram.lua @ 3077:3ee311f21d54
util.sasl.scram: Parsing client-final-message in a more strict way. (thanks Marc Santamaria)
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Sat, 22 May 2010 14:47:21 +0200 |
parent | 3076:d19b2db64496 |
child | 3078:22c22f8a6eb8 |
comparison
equal
deleted
inserted
replaced
3076:d19b2db64496 | 3077:3ee311f21d54 |
---|---|
151 else | 151 else |
152 if type(message) ~= "string" then return "failure", "malformed-request" end | 152 if type(message) ~= "string" then return "failure", "malformed-request" end |
153 -- we are processing client_final_message | 153 -- we are processing client_final_message |
154 local client_final_message = message; | 154 local client_final_message = message; |
155 | 155 |
156 -- TODO: more strict parsing of client_final_message | 156 self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); |
157 self.state["proof"] = client_final_message:match("p=(.+)"); | |
158 self.state["nonce"] = client_final_message:match("r=(.+),p="); | |
159 self.state["channelbinding"] = client_final_message:match("c=(.+),r="); | |
160 | 157 |
161 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then | 158 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then |
162 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; | 159 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; |
163 end | 160 end |
164 | 161 |