Software /
code /
prosody
Diff
util/sasl/scram.lua @ 3100:6731dff05c99
util.sasl.scram: Parsing client-first-message in a more strict way. (thanks Marc Santamaria)
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Sat, 22 May 2010 13:58:15 +0200 |
parent | 3099:2c4d06e7e3d3 |
child | 3101:9e4439378cf8 |
line wrap: on
line diff
--- a/util/sasl/scram.lua Sat May 22 01:48:31 2010 +0200 +++ b/util/sasl/scram.lua Sat May 22 13:58:15 2010 +0200 @@ -100,12 +100,10 @@ -- we are processing client_first_message local client_first_message = message; - -- TODO: more strict parsing of client_first_message -- TODO: fail if authzid is provided, since we don't support them yet self.state["client_first_message"] = client_first_message; - self.state["name"] = client_first_message:match("n=(.+),r=") - self.state["clientnonce"] = client_first_message:match("r=([^,]+)") - self.state["gs2_cbind_flag"] = client_first_message:sub(1, 1) + self.state["gs2_cbind_flag"], self.state["authzid"], self.state["name"], self.state["clientnonce"] = client_first_message:match("^(%a),(.*),n=(.*),r=([^,]*).*"); + -- we don't do any channel binding yet if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then return "failure", "malformed-request";