aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2010-05-22 14:47:21 +0200
committerTobias Markmann <tm@ayena.de>2010-05-22 14:47:21 +0200
commit6fadbec98ecd7b9eef39b1a546b77e3130392b57 (patch)
tree8f6959469ff8925b5382ca2f20895a62aed67653
parent21490f6bf7da9ab1857dce5f649fe39415797d34 (diff)
downloadprosody-6fadbec98ecd7b9eef39b1a546b77e3130392b57.tar.gz
prosody-6fadbec98ecd7b9eef39b1a546b77e3130392b57.zip
util.sasl.scram: Parsing client-final-message in a more strict way. (thanks Marc Santamaria)
-rw-r--r--util/sasl/scram.lua5
1 files changed, 1 insertions, 4 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 7b9123ee..0188d5cf 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -153,10 +153,7 @@ local function scram_gen(hash_name, H_f, HMAC_f)
-- we are processing client_final_message
local client_final_message = message;
- -- TODO: more strict parsing of client_final_message
- self.state["proof"] = client_final_message:match("p=(.+)");
- self.state["nonce"] = client_final_message:match("r=(.+),p=");
- self.state["channelbinding"] = client_final_message:match("c=(.+),r=");
+ self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)");
if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";