mod_legacyauth: Return an error if username or resource fails stringprep (thanks iron)

author: Kim Alvefur <zash@zash.se> 2012-08-07 17:00:12 +0200
committer: Kim Alvefur <zash@zash.se> 2012-08-07 17:00:12 +0200
commit: 715867da8ab2fc1793d33bc198303af8ada0a14a (patch)
tree: ca9cd6e962036467daed6a3f48b521dbb4cc5c4f /plugins/mod_legacyauth.lua
parent: f6edccc24c0ebf7b4ec86826d66259ba1cad8f0d (diff)
download: prosody-715867da8ab2fc1793d33bc198303af8ada0a14a.tar.gz
prosody-715867da8ab2fc1793d33bc198303af8ada0a14a.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index a47f0223..7a3038bc 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -58,6 +58,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event)
 		username = nodeprep(username);
 		resource = resourceprep(resource)
 		local reply = st.reply(stanza);
+		if not (username and resource) then
+			session.send(st.error_reply(stanza, "modify", "bad-request"));
+			return true;
+		end
 		if usermanager.test_password(username, session.host, password) then
 			-- Authentication successful!
 			local success, err = sessionmanager.make_authenticated(session, username);
author	Kim Alvefur <zash@zash.se>	2012-08-07 17:00:12 +0200
committer	Kim Alvefur <zash@zash.se>	2012-08-07 17:00:12 +0200
commit	715867da8ab2fc1793d33bc198303af8ada0a14a (patch)
tree	ca9cd6e962036467daed6a3f48b521dbb4cc5c4f /plugins/mod_legacyauth.lua
parent	f6edccc24c0ebf7b4ec86826d66259ba1cad8f0d (diff)
download	prosody-715867da8ab2fc1793d33bc198303af8ada0a14a.tar.gz prosody-715867da8ab2fc1793d33bc198303af8ada0a14a.zip