aboutsummaryrefslogtreecommitdiffstats
path: root/util/sasl/scram.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2020-05-22 20:59:01 +0200
committerKim Alvefur <zash@zash.se>2020-05-22 20:59:01 +0200
commit5dd049acf05f46a551dbdb08a09ed6e52c17a0bf (patch)
tree5c4bde468165af24c102ec6ba1f786bccd3fddce /util/sasl/scram.lua
parentfaa381e3edc0ff5e44e0ff78b65b683a3ffe1d70 (diff)
downloadprosody-5dd049acf05f46a551dbdb08a09ed6e52c17a0bf.tar.gz
prosody-5dd049acf05f46a551dbdb08a09ed6e52c17a0bf.zip
util.sasl.scram: Apply saslprep before hashing password, fixes #1560
Diffstat (limited to 'util/sasl/scram.lua')
-rw-r--r--util/sasl/scram.lua4
1 files changed, 4 insertions, 0 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index 043f328b..f64feb8b 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -106,6 +106,10 @@ local function getAuthenticationDatabaseSHA1(password, salt, iteration_count)
if iteration_count < 4096 then
log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.")
end
+ password = saslprep(password);
+ if not password then
+ return false, "password fails SASLprep";
+ end
local salted_password = Hi(password, salt, iteration_count);
local stored_key = sha1(hmac_sha1(salted_password, "Client Key"))
local server_key = hmac_sha1(salted_password, "Server Key");