From d464d7edb10eec5690d92689a4accca831724344 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Dec 2019 22:42:39 +0100 Subject: mod_auth_internal_hashed: Pass on errors from password hash function (fixes #1477) --- plugins/mod_auth_internal_hashed.lua | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua index 35764afb..083f648b 100644 --- a/plugins/mod_auth_internal_hashed.lua +++ b/plugins/mod_auth_internal_hashed.lua @@ -68,6 +68,9 @@ function provider.set_password(username, password) account.salt = generate_uuid(); account.iteration_count = max(account.iteration_count or 0, default_iteration_count); local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count); + if not valid then + return valid, stored_key; + end local stored_key_hex = to_hex(stored_key); local server_key_hex = to_hex(server_key); @@ -99,6 +102,9 @@ function provider.create_user(username, password) end local salt = generate_uuid(); local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count); + if not valid then + return valid, stored_key; + end local stored_key_hex = to_hex(stored_key); local server_key_hex = to_hex(server_key); return accounts:set(username, { -- cgit v1.2.3