Software / code / prosody
Changeset
12918:ed20555f163a
util.sasl.oauthbearer: Fix traceback on authz in unexpected format
E.g. if you were to just pass "username" without @hostname, the split
will return nil, "username" and the nil gets passed to saslprep() and it
does not like that.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 02 Mar 2023 14:37:46 +0100 |
| parents | 12917:e4de42495fb7 |
| children | 12919:7c0e5c7eff7c |
| files | util/sasl/oauthbearer.lua |
| diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/util/sasl/oauthbearer.lua Wed Mar 01 18:43:54 2023 +0000 +++ b/util/sasl/oauthbearer.lua Thu Mar 02 14:37:46 2023 +0100 @@ -34,6 +34,10 @@ local username = jid.prepped_split(gs2_authzid); + if not username or username == "" then + return "failure", "malformed-request", "Expected authorization identity in the username@hostname format"; + end + -- SASLprep username username = saslprep(username);
