util.sasl.scram: Parsing client-first-message in a more strict way. (thanks Marc...

author Tobias Markmann <tm@ayena.de>

Sat, 22 May 2010 11:58:15 +0000 (13:58 +0200)

committer Tobias Markmann <tm@ayena.de>

Sat, 22 May 2010 11:58:15 +0000 (13:58 +0200)
author Tobias Markmann <tm@ayena.de>
Sat, 22 May 2010 11:58:15 +0000 (13:58 +0200)
committer Tobias Markmann <tm@ayena.de>
Sat, 22 May 2010 11:58:15 +0000 (13:58 +0200)
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua

index ffca171cdc5615a5a8524ea2dd920c2752bb58d1..4c5df11aa53927ef1673e9921232df863cd5e583 100644 (file)
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -100,12 +100,10 @@ local function scram_gen(hash_name, H_f, HMAC_f)
                         -- we are processing client_first_message
                         local client_first_message = message;
                         
-                       -- TODO: more strict parsing of client_first_message
                         -- TODO: fail if authzid is provided, since we don't support them yet
                         self.state["client_first_message"] = client_first_message;
-                       self.state["name"] = client_first_message:match("n=(.+),r=")
-                       self.state["clientnonce"] = client_first_message:match("r=([^,]+)")
-                       self.state["gs2_cbind_flag"] = client_first_message:sub(1, 1)
+                       self.state["gs2_cbind_flag"], self.state["authzid"], self.state["name"], self.state["clientnonce"] = client_first_message:match("^(%a),(.*),n=(.*),r=([^,]*).*");
+
                         -- we don't do any channel binding yet
                         if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then
                                 return "failure", "malformed-request";
author	Tobias Markmann <tm@ayena.de>
	Sat, 22 May 2010 11:58:15 +0000 (13:58 +0200)
committer	Tobias Markmann <tm@ayena.de>
	Sat, 22 May 2010 11:58:15 +0000 (13:58 +0200)