Mercurial > lxmppd-hg-xmllex / changeset
changeset
Checking some variables for nil so no errors occur that'll break the server.
Sun, 23 Nov 2008 20:43:42 +0100
- author
- Tobias Markmann <tm@ayena.de>
- date
- Sun, 23 Nov 2008 20:43:42 +0100
- changeset 402
- 50f1c09541cd
- parent 401
- 96e2019d112d
- child 403
- da92afa267cf
Checking some variables for nil so no errors occur that'll break the server.
| util/sasl.lua | file | annotate | diff | comparison | revisions |
--- a/util/sasl.lua Sun Nov 16 17:31:16 2008 +0100 +++ b/util/sasl.lua Sun Nov 23 20:43:42 2008 +0100 @@ -24,8 +24,12 @@ local authentication = s_match(response, "%z([^&%z]+)%z") local password = s_match(response, "%z[^&%z]+%z([^&%z]+)") + if authentication == nil or password == nil then return "failure", "malformed-request" end + local password_encoding, correct_password = self.password_handler(authentication, self.realm, "PLAIN") + if correct_password == nil then return "failure", "malformed-request" end + local claimed_password = "" if password_encoding == nil then claimed_password = password else claimed_password = password_encoding(password) end @@ -113,6 +117,7 @@ local protocol = "" if response["digest-uri"] then protocol, domain = response["digest-uri"]:match("(%w+)/(.*)$") + if protocol == nil or domain == nil then return "failure", "malformed-request" end else return "failure", "malformed-request", "Missing entry for digest-uri in SASL message." end @@ -120,6 +125,8 @@ --TODO maybe realm support self.username = response["username"] local password_encoding, Y = self.password_handler(response["username"], response["realm"], "DIGEST-MD5") + if Y == nil then return "failure", "malformed-request" end + local A1 = Y..":"..response["nonce"]..":"..response["cnonce"]--:authzid local A2 = "AUTHENTICATE:"..protocol.."/"..domain
