diff options
| author | Kim Alvefur <zash@zash.se> | 2020-05-22 20:59:01 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2020-05-22 20:59:01 +0200 |
| commit | 5dd049acf05f46a551dbdb08a09ed6e52c17a0bf (patch) | |
| tree | 5c4bde468165af24c102ec6ba1f786bccd3fddce /util | |
| parent | faa381e3edc0ff5e44e0ff78b65b683a3ffe1d70 (diff) | |
| download | prosody-5dd049acf05f46a551dbdb08a09ed6e52c17a0bf.tar.gz prosody-5dd049acf05f46a551dbdb08a09ed6e52c17a0bf.zip | |
util.sasl.scram: Apply saslprep before hashing password, fixes #1560
Diffstat (limited to 'util')
| -rw-r--r-- | util/sasl/scram.lua | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua index 043f328b..f64feb8b 100644 --- a/util/sasl/scram.lua +++ b/util/sasl/scram.lua @@ -106,6 +106,10 @@ local function getAuthenticationDatabaseSHA1(password, salt, iteration_count) if iteration_count < 4096 then log("warn", "Iteration count < 4096 which is the suggested minimum according to RFC 5802.") end + password = saslprep(password); + if not password then + return false, "password fails SASLprep"; + end local salted_password = Hi(password, salt, iteration_count); local stored_key = sha1(hmac_sha1(salted_password, "Client Key")) local server_key = hmac_sha1(salted_password, "Server Key"); |