From fdf06e3692b59d4e34da988b9c976336fb15766b Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Wed, 19 Aug 2009 21:34:28 +0200 Subject: Do SASLprep for SASL PLAIN mechanism to be more conform with RFC 4616. --- util/sasl.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'util') diff --git a/util/sasl.lua b/util/sasl.lua index 0082b9cc..15f3e29e 100644 --- a/util/sasl.lua +++ b/util/sasl.lua @@ -20,6 +20,7 @@ local generate_uuid = require "util.uuid".generate; local t_insert, t_concat = table.insert, table.concat; local to_byte, to_char = string.byte, string.char; local to_unicode = require "util.encodings".idna.to_unicode; +local u_e_saslprep = require "utii.encodings".stringprep.saslprep; local s_match = string.match; local gmatch = string.gmatch local string = string @@ -39,6 +40,7 @@ local function new_plain(realm, password_handler) local authorization = s_match(response, "([^&%z]+)") local authentication = s_match(response, "%z([^&%z]+)%z") local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") + authorization, authentication, password = u_e_saslprep(authorization), u_e_saslprep(authentication), u_e_saslprep(password); if authentication == nil or password == nil then return "failure", "malformed-request" end @@ -50,6 +52,7 @@ local function new_plain(realm, password_handler) local claimed_password = "" if password_encoding == nil then claimed_password = password else claimed_password = password_encoding(password) end + caimed_password = u_e_saslprep(claimed_password); self.username = authentication if claimed_password == correct_password then -- cgit v1.2.3