projects
/
prosody.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
0aa56b2
)
util.sasl.scram: Parsing client-final-message in a more strict way. (thanks Marc...
author
Tobias Markmann
<tm@ayena.de>
Sat, 22 May 2010 12:47:21 +0000
(14:47 +0200)
committer
Tobias Markmann
<tm@ayena.de>
Sat, 22 May 2010 12:47:21 +0000
(14:47 +0200)
util/sasl/scram.lua
patch
|
blob
|
history
diff --git
a/util/sasl/scram.lua
b/util/sasl/scram.lua
index 7b9123eebd4be2af85fe0f67b4a64590bc3999a1..0188d5cfd0c98fc0bde830580ff7fe74c15eae38 100644
(file)
--- a/
util/sasl/scram.lua
+++ b/
util/sasl/scram.lua
@@
-153,10
+153,7
@@
local function scram_gen(hash_name, H_f, HMAC_f)
-- we are processing client_final_message
local client_final_message = message;
-- we are processing client_final_message
local client_final_message = message;
- -- TODO: more strict parsing of client_final_message
- self.state["proof"] = client_final_message:match("p=(.+)");
- self.state["nonce"] = client_final_message:match("r=(.+),p=");
- self.state["channelbinding"] = client_final_message:match("c=(.+),r=");
+ self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)");
if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";