Diff

util/sasl/scram.lua @ 3075:39a86b0d108b

util.sasl.scram: Parsing client-first-message in a more strict way. (thanks Marc Santamaria)
author Tobias Markmann <tm@ayena.de>
date Sat, 22 May 2010 13:58:15 +0200
parent 3074:7bd0dae5c84f
child 3076:d19b2db64496
line wrap: on
line diff
--- a/util/sasl/scram.lua	Sat May 22 01:48:31 2010 +0200
+++ b/util/sasl/scram.lua	Sat May 22 13:58:15 2010 +0200
@@ -100,12 +100,10 @@
 			-- we are processing client_first_message
 			local client_first_message = message;
 			
-			-- TODO: more strict parsing of client_first_message
 			-- TODO: fail if authzid is provided, since we don't support them yet
 			self.state["client_first_message"] = client_first_message;
-			self.state["name"] = client_first_message:match("n=(.+),r=")
-			self.state["clientnonce"] = client_first_message:match("r=([^,]+)")
-			self.state["gs2_cbind_flag"] = client_first_message:sub(1, 1)
+			self.state["gs2_cbind_flag"], self.state["authzid"], self.state["name"], self.state["clientnonce"] = client_first_message:match("^(%a),(.*),n=(.*),r=([^,]*).*");
+
 			-- we don't do any channel binding yet
 			if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then
 				return "failure", "malformed-request";