diff options
author | Tobias Markmann <tm@ayena.de> | 2010-05-22 14:47:21 +0200 |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2010-05-22 14:47:21 +0200 |
commit | 621f91d4a67b07ad89853e2197fc9a62302a75fd (patch) | |
tree | ac699f749cfba97edde4b2433dff1049a74dc481 | |
parent | 1f64550d6c9be4511288bb72d2ebc88223918dd6 (diff) | |
download | prosody-621f91d4a67b07ad89853e2197fc9a62302a75fd.tar.gz prosody-621f91d4a67b07ad89853e2197fc9a62302a75fd.zip |
util.sasl.scram: Parsing client-final-message in a more strict way. (thanks Marc Santamaria)
-rw-r--r-- | util/sasl/scram.lua | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 7b9123ee..0188d5cf 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -153,10 +153,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) -- we are processing client_final_message local client_final_message = message; - -- TODO: more strict parsing of client_final_message - self.state["proof"] = client_final_message:match("p=(.+)"); - self.state["nonce"] = client_final_message:match("r=(.+),p="); - self.state["channelbinding"] = client_final_message:match("c=(.+),r="); + self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)"); if not self.state.proof or not self.state.nonce or not self.state.channelbinding then return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message."; |