aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2013-10-12 21:15:36 +0200
committerKim Alvefur <zash@zash.se>2013-10-12 21:15:36 +0200
commit9f9050e590c54c817546799f8a678386dc697081 (patch)
tree35e5dcbdeac4570507f32daf6f457a7f098b82d0
parentfd4afeecb7be4bce7141a883cbfcb878c61af18d (diff)
downloadprosody-9f9050e590c54c817546799f8a678386dc697081.tar.gz
prosody-9f9050e590c54c817546799f8a678386dc697081.zip
util.sasl.scram: Compare gs2-header to cbind-input (Thanks Tobias)
-rw-r--r--util/sasl/scram.lua16
1 files changed, 8 insertions, 8 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index d89eb872..65090719 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -113,8 +113,8 @@ local function scram_gen(hash_name, H_f, HMAC_f)
-- TODO: fail if authzid is provided, since we don't support them yet
self.state["client_first_message"] = client_first_message;
- self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"]
- = client_first_message:match("^([ynp])=?([%a%-]*),(.*),n=(.*),r=([^,]*).*");
+ self.state["gs2_header"], self.state["gs2_cbind_flag"], self.state["gs2_cbind_name"], self.state["authzid"], self.state["name"], self.state["clientnonce"]
+ = client_first_message:match("^(([ynp])=?([%a%-]*),(.*),)n=(.*),r=([^,]*).*");
local gs2_cbind_flag = self.state.gs2_cbind_flag;
@@ -200,14 +200,14 @@ local function scram_gen(hash_name, H_f, HMAC_f)
return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";
end
+ local client_gs2_header = base64.decode(self.state.channelbinding)
+ local our_client_gs2_header = self.state["gs2_header"]
if self.state.gs2_cbind_name then
-- we support channelbinding, so check if the value is valid
- local client_gs2_header = base64.decode(self.state.channelbinding)
- local our_client_gs2_header = "p="..self.state.gs2_cbind_name..","..self.state["authzid"]..","..self.profile.cb[self.state.gs2_cbind_name](self);
-
- if client_gs2_header ~= our_client_gs2_header then
- return "failure", "malformed-request", "Invalid channel binding value.";
- end
+ our_client_gs2_header = our_client_gs2_header .. self.profile.cb[self.state.gs2_cbind_name](self);
+ end
+ if client_gs2_header ~= our_client_gs2_header then
+ return "failure", "malformed-request", "Invalid channel binding value.";
end
if self.state.nonce ~= self.state.clientnonce..self.state.servernonce then