diff options
author | Kim Alvefur <zash@zash.se> | 2012-08-07 17:00:12 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2012-08-07 17:00:12 +0200 |
commit | ba9418cd026869de7a067bac32b9b77172ec78b2 (patch) | |
tree | ca9cd6e962036467daed6a3f48b521dbb4cc5c4f /plugins | |
parent | bcb9e7e055f7bd808e4437571f54ffea9174b101 (diff) | |
download | prosody-ba9418cd026869de7a067bac32b9b77172ec78b2.tar.gz prosody-ba9418cd026869de7a067bac32b9b77172ec78b2.zip |
mod_legacyauth: Return an error if username or resource fails stringprep (thanks iron)
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_legacyauth.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua index a47f0223..7a3038bc 100644 --- a/plugins/mod_legacyauth.lua +++ b/plugins/mod_legacyauth.lua @@ -58,6 +58,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event) username = nodeprep(username); resource = resourceprep(resource) local reply = st.reply(stanza); + if not (username and resource) then + session.send(st.error_reply(stanza, "modify", "bad-request")); + return true; + end if usermanager.test_password(username, session.host, password) then -- Authentication successful! local success, err = sessionmanager.make_authenticated(session, username); |