diff options
author | Tobias Markmann <tm@ayena.de> | 2011-02-06 13:20:17 +0100 |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2011-02-06 13:20:17 +0100 |
commit | 051ca76fbe398f3e177386c212dafd78bc6ecbe4 (patch) | |
tree | 7d8b1697e1533bd3bfdb6d63a3b72c49322c6df7 | |
parent | d07446041f3c2c72077de003db171bd2b5ecd0c6 (diff) | |
download | prosody-051ca76fbe398f3e177386c212dafd78bc6ecbe4.tar.gz prosody-051ca76fbe398f3e177386c212dafd78bc6ecbe4.zip |
util.sasl.scram: Checking the GS2 header for valid start flag.
-rw-r--r-- | util/sasl/scram.lua | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 1b6d56c8..19d0bf7b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -131,6 +131,12 @@ local function scram_gen(hash_name, H_f, HMAC_f) self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"] = client_first_message:match("^(%a)=?([%a%-]*),(.*),n=(.*),r=([^,]*).*"); + -- check for invalid gs2_flag_type start + local gs2_flag_type == string.sub(self.state.gs2_cbind_flag, 0, 1) + if gs2_flag_type ~= "y" and gs2_flag_type ~= "n" and gs2_flag_type ~= "p" then + return "failure", "malformed-request", "The GS2 header has to start with 'y', 'n', or 'p'." + end + if support_channel_binding then if string.sub(self.state.gs2_cbind_flag, 0, 1) == "y" then return "failure", "malformed-request"; @@ -141,6 +147,7 @@ local function scram_gen(hash_name, H_f, HMAC_f) return "failure", "malformed-request", "Proposed channel binding type isn't supported."; end else + -- we don't support channelbinding, if self.state.gs2_cbind_flag ~= "n" and self.state.gs2_cbind_flag ~= "y" then return "failure", "malformed-request"; end |