# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1590173941 -7200
# Node ID 646af16a3f3265506f733bc1b56062cc18d859bd
# Parent  8fcd46ee9bf5084da6f11c343985611823911dcb
util.sasl.scram: Apply saslprep before hashing password, fixes #1560

diff -r 8fcd46ee9bf5 -r 646af16a3f32 util/sasl/scram.lua
--- a/util/sasl/scram.lua	Fri May 15 21:22:35 2020 +0200
+++ b/util/sasl/scram.lua	Fri May 22 20:59:01 2020 +0200
@@ -106,6 +106,10 @@
 	if iteration_count < 4096 then
 		log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
 	end
+	password = saslprep(password);
+	if not password then
+		return false, "password fails SASLprep";
+	end
 	local salted_password = Hi(password, salt, iteration_count);
 	local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
 	local server_key = hmac_sha1(salted_password, "Server Key");