Comparison

util/sasl/scram.lua @ 3077:3ee311f21d54

util.sasl.scram: Parsing client-final-message in a more strict way. (thanks Marc Santamaria)
author Tobias Markmann <tm@ayena.de>
date Sat, 22 May 2010 14:47:21 +0200
parent 3076:d19b2db64496
child 3078:22c22f8a6eb8
comparison
equal deleted inserted replaced
3076:d19b2db64496 3077:3ee311f21d54
151 else 151 else
152 if type(message) ~= "string" then return "failure", "malformed-request" end 152 if type(message) ~= "string" then return "failure", "malformed-request" end
153 -- we are processing client_final_message 153 -- we are processing client_final_message
154 local client_final_message = message; 154 local client_final_message = message;
155 155
156 -- TODO: more strict parsing of client_final_message 156 self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)");
157 self.state["proof"] = client_final_message:match("p=(.+)");
158 self.state["nonce"] = client_final_message:match("r=(.+),p=");
159 self.state["channelbinding"] = client_final_message:match("c=(.+),r=");
160 157
161 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then 158 if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
162 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; 159 return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
163 end 160 end
164 161