# HG changeset patch
# User Tobias Markmann <tm@ayena.de>
# Date 1274532441 -7200
# Node ID 5cd408e3635952342f7b6b5e4a306c5ff606444a
# Parent  9e4439378cf8bd075a9abcc326794b9b33a27b1c
util.sasl.scram: Parsing client-final-message in a more strict way.  (thanks Marc Santamaria)

diff -r 9e4439378cf8 -r 5cd408e36359 util/sasl/scram.lua
--- a/util/sasl/scram.lua	Sat May 22 13:59:58 2010 +0200
+++ b/util/sasl/scram.lua	Sat May 22 14:47:21 2010 +0200
@@ -153,10 +153,7 @@
 			-- we are processing client_final_message
 			local client_final_message = message;
 			
-			-- TODO: more strict parsing of client_final_message
-			self.state["proof"] = client_final_message:match("p=(.+)");
-			self.state["nonce"] = client_final_message:match("r=(.+),p=");
-			self.state["channelbinding"] = client_final_message:match("c=(.+),r=");
+			self.state["channelbinding"], self.state["nonce"], self.state["proof"] = client_final_message:match("^c=(.*),r=(.*),.*p=(.*)");
 	
 			if not self.state.proof or not self.state.nonce or not self.state.channelbinding then
 				return "failure", "malformed-request", "Missing an attribute(p, r or c) in SASL message.";