From aabfdaf01ac96c6bfa759dfc22d507b3174068c8 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Thu, 2 Mar 2023 14:37:46 +0100 Subject: util.sasl.oauthbearer: Fix traceback on authz in unexpected format E.g. if you were to just pass "username" without @hostname, the split will return nil, "username" and the nil gets passed to saslprep() and it does not like that. --- util/sasl/oauthbearer.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'util/sasl') diff --git a/util/sasl/oauthbearer.lua b/util/sasl/oauthbearer.lua index ea8da198..54c63575 100644 --- a/util/sasl/oauthbearer.lua +++ b/util/sasl/oauthbearer.lua @@ -34,6 +34,10 @@ local function oauthbearer(self, message) local username = jid.prepped_split(gs2_authzid); + if not username or username == "" then + return "failure", "malformed-request", "Expected authorization identity in the username@hostname format"; + end + -- SASLprep username username = saslprep(username); -- cgit v1.2.3