From 3bc6fdb526dec6b56dab9208461d5b2f4db08006 Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Sun, 23 Nov 2008 20:43:42 +0100 Subject: Checking some variables for nil so no errors occur that'll break the server. --- util/sasl.lua | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'util') diff --git a/util/sasl.lua b/util/sasl.lua index 94077411..12e8953e 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -24,8 +24,12 @@ local function new_plain(realm, password_handler) local authentication = s_match(response, "%z([^&%z]+)%z") local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") + if authentication == nil or password == nil then return "failure", "malformed-request" end + local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN") + if correct_password == nil then return "failure", "malformed-request" end + local claimed_password = "" if password_encoding == nil then claimed_password = password else claimed_password = password_encoding(password) end @@ -113,6 +117,7 @@ local function new_digest_md5(realm, password_handler) local protocol = "" if response["digest-uri"] then protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$") + if protocol == nil or domain == nil then return "failure", "malformed-request" end else return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." end @@ -120,6 +125,8 @@ local function new_digest_md5(realm, password_handler) --TODO maybe realm support self.username = response["username"] local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5") + if Y == nil then return "failure", "malformed-request" end + local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid local A2 = "AUTHENTICATE:"..protocol.."/"..domain -- cgit v1.2.3