prosody
b6aaab0846fe
util/sasl/oauthbearer.lua
Software / code / prosody
Comparison
util/sasl/oauthbearer.lua @ 13112:b6aaab0846fe
util.sasl.oauthbearer: Tighter parsing of SASL message
Previously the kvsep before and after the kvpairs would have been
included in kvpairs, which is incorrect but should be harmless.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 26 May 2023 17:39:53 +0200 |
| parent | 12975:d10957394a3c |
comparison
equal
deleted
inserted
replaced
| 13111:8576f94ac90a | 13112:b6aaab0846fe |
|---|---|
| 9 | 9 |
| 10 if message == "\001" then | 10 if message == "\001" then |
| 11 return "failure", "not-authorized"; | 11 return "failure", "not-authorized"; |
| 12 end | 12 end |
| 13 | 13 |
| 14 local gs2_header, kvpairs = message:match("^(n,[^,]*,)(.+)$"); | 14 -- gs2-header kvsep *kvpair kvsep |
| 15 local gs2_header, kvpairs = message:match("^(n,[^,]*,)\001(.+)\001$"); | |
| 15 if not gs2_header then | 16 if not gs2_header then |
| 16 return "failure", "malformed-request"; | 17 return "failure", "malformed-request"; |
| 17 end | 18 end |
| 18 local gs2_authzid = gs2_header:match("^[^,]*,a=([^,]*),$"); | 19 local gs2_authzid = gs2_header:match("^[^,]*,a=([^,]*),$"); |
| 19 | 20 |
| 21 -- key "=" value kvsep | |
| 20 local auth_header; | 22 local auth_header; |
| 21 for k, v in kvpairs:gmatch("([a-zA-Z]+)=([\033-\126 \009\r\n]*)\001") do | 23 for k, v in kvpairs:gmatch("([a-zA-Z]+)=([\033-\126 \009\r\n]*)\001") do |
| 22 if k == "auth" then | 24 if k == "auth" then |
| 23 auth_header = v; | 25 auth_header = v; |
| 24 break; | 26 break; |
