From d464d7edb10eec5690d92689a4accca831724344 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Mon, 23 Dec 2019 22:42:39 +0100
Subject: mod_auth_internal_hashed: Pass on errors from password hash function
 (fixes #1477)

---
 plugins/mod_auth_internal_hashed.lua | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'plugins')

diff --git a/plugins/mod_auth_internal_hashed.lua b/plugins/mod_auth_internal_hashed.lua
index 35764afb..083f648b 100644
--- a/plugins/mod_auth_internal_hashed.lua
+++ b/plugins/mod_auth_internal_hashed.lua
@@ -68,6 +68,9 @@ function provider.set_password(username, password)
 		account.salt = generate_uuid();
 		account.iteration_count = max(account.iteration_count or 0, default_iteration_count);
 		local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, account.salt, account.iteration_count);
+		if not valid then
+			return valid, stored_key;
+		end
 		local stored_key_hex = to_hex(stored_key);
 		local server_key_hex = to_hex(server_key);
 
@@ -99,6 +102,9 @@ function provider.create_user(username, password)
 	end
 	local salt = generate_uuid();
 	local valid, stored_key, server_key = getAuthenticationDatabaseSHA1(password, salt, default_iteration_count);
+	if not valid then
+		return valid, stored_key;
+	end
 	local stored_key_hex = to_hex(stored_key);
 	local server_key_hex = to_hex(server_key);
 	return accounts:set(username, {
-- 
cgit v1.2.3