From 715867da8ab2fc1793d33bc198303af8ada0a14a Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 7 Aug 2012 17:00:12 +0200
Subject: mod_legacyauth: Return an error if username or resource fails
 stringprep (thanks iron)

---
 plugins/mod_legacyauth.lua | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/mod_legacyauth.lua b/plugins/mod_legacyauth.lua
index a47f0223..7a3038bc 100644
--- a/plugins/mod_legacyauth.lua
+++ b/plugins/mod_legacyauth.lua
@@ -58,6 +58,10 @@ module:hook("stanza/iq/jabber:iq:auth:query", function(event)
 		username = nodeprep(username);
 		resource = resourceprep(resource)
 		local reply = st.reply(stanza);
+		if not (username and resource) then
+			session.send(st.error_reply(stanza, "modify", "bad-request"));
+			return true;
+		end
 		if usermanager.test_password(username, session.host, password) then
 			-- Authentication successful!
 			local success, err = sessionmanager.make_authenticated(session, username);
-- 
cgit v1.2.3