X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=util%2Fsasl%2Fplain.lua;h=a4c8765da7a523c858f629d31a75ea1e3898060b;hb=544f8bf31ea5d61362037c8a23af66147fdccf79;hp=46a86bb92ef65239535756a58a53dcd1c5de65f1;hpb=bed0134a220690656748a9f751183eb22528e95f;p=prosody.git

diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua
index 46a86bb9..a4c8765d 100644
--- a/util/sasl/plain.lua
+++ b/util/sasl/plain.lua
@@ -17,22 +17,23 @@ local log = require "util.logger".init("sasl");
 
 module "plain"
 
---=========================
---SASL PLAIN according to RFC 4616
+-- ================================
+-- SASL PLAIN according to RFC 4616
 local function plain(self, message)
-	local response = message
-	local authorization = s_match(response, "([^%z]+)")
-	local authentication = s_match(response, "%z([^%z]+)%z")
-	local password = s_match(response, "%z[^%z]+%z([^%z]+)")
+	if not message then
+		return "failure", "malformed-request";
+	end
+
+	local authorization, authentication, password = s_match(message, "^([^%z]+)%z([^%z]+)%z([^%z]+)");
 
-	if authentication == nil or password == nil then
+	if not authorization then
 		return "failure", "malformed-request";
 	end
-	
+
 	-- SASLprep password and authentication
 	authentication = saslprep(authentication);
 	password = saslprep(password);
-	
+
 	if (not password) or (password == "") or (not authentication) or (authentication == "") then
 		log("debug", "Username or password violates SASLprep.");
 		return "failure", "malformed-request", "Invalid username or password.";
@@ -63,4 +64,4 @@ function init(registerMechanism)
 	registerMechanism("PLAIN", {"plain", "plain_test"}, plain);
 end
 
-return _M;
\ No newline at end of file
+return _M;