From a7083d1dedda96bce48c84a5f348c10714ff7d69 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 22 May 2020 21:05:45 +0200 Subject: util.sasl.plain: Apply saslprep to stored password Fixes something like #1560 here too. The password sent by the user already had saslprep applied. --- util/sasl/plain.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'util') diff --git a/util/sasl/plain.lua b/util/sasl/plain.lua index 00c6bd20..43a66c5b 100644 --- a/util/sasl/plain.lua +++ b/util/sasl/plain.lua @@ -70,7 +70,7 @@ local function plain(self, message) if self.profile.plain then local correct_password; correct_password, state = self.profile.plain(self, authentication, self.realm); - correct = (correct_password == password); + correct = (saslprep(correct_password) == password); elseif self.profile.plain_test then correct, state = self.profile.plain_test(self, authentication, password, self.realm); end -- cgit v1.2.3