diff options
author | Matthew Wild <mwild1@gmail.com> | 2009-11-28 15:12:43 +0000 |
---|---|---|
committer | Matthew Wild <mwild1@gmail.com> | 2009-11-28 15:12:43 +0000 |
commit | 9f1852c7638c1bccecd0120a570ae3f3bfd518af (patch) | |
tree | e91041a72681cd77b6503979f4d9d9a71fdaecf7 | |
parent | f0ffde882a3999a0ce61c321d3f1e449c0f5b8d9 (diff) | |
download | prosody-9f1852c7638c1bccecd0120a570ae3f3bfd518af.tar.gz prosody-9f1852c7638c1bccecd0120a570ae3f3bfd518af.zip |
util.sasl.plain: Fail gracefully on empty <auth/> tag
-rw-r--r-- | util/sasl/plain.lua | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index 46a86bb9..9ebfa15d 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -21,10 +21,14 @@ module "plain" --SASL PLAIN according to RFC 4616 local function plain(self, message) local response = message - local authorization = s_match(response, "([^%z]+)") - local authentication = s_match(response, "%z([^%z]+)%z") - local password = s_match(response, "%z[^%z]+%z([^%z]+)") - + + local authorization, authentication, password; + if response then + authorization = s_match(response, "([^%z]+)") + authentication = s_match(response, "%z([^%z]+)%z") + password = s_match(response, "%z[^%z]+%z([^%z]+)") + end + if authentication == nil or password == nil then return "failure", "malformed-request"; end @@ -63,4 +67,4 @@ function init(registerMechanism) registerMechanism("PLAIN", {"plain", "plain_test"}, plain); end -return _M;
\ No newline at end of file +return _M; |