# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1412071192 -7200
# Node ID d8c3e94d765db5eb7d0e818c5984b8e07390b749
# Parent  451dbad2a8e6729fe22331215d990edf66a858d1
util.sasl.scram: Correctly verify that the server added its own nonce

diff -r 451dbad2a8e6 -r d8c3e94d765d util/sasl/scram.lua
--- a/util/sasl/scram.lua	Tue Sep 23 22:15:13 2014 +0200
+++ b/util/sasl/scram.lua	Tue Sep 30 11:59:52 2014 +0200
@@ -43,8 +43,8 @@
 local function scram(stream, name)
 	local username = "n=" .. value_safe(stream.username);
 	local c_nonce = base64(crypto.rand.bytes(15));
-	local nonce = "r=" .. c_nonce;
-	local client_first_message_bare = username .. "," .. nonce;
+	local our_nonce = "r=" .. c_nonce;
+	local client_first_message_bare = username .. "," .. our_nonce;
 	local cbind_data = "";
 	local gs2_cbind_flag = "y";
 	if name == "SCRAM-SHA-1-PLUS" then
@@ -56,15 +56,14 @@
 	local cont, server_first_message = coroutine.yield(client_first_message);
 	if cont ~= "challenge" then return false end
 
-	local salt, iteration_count;
-	nonce, salt, iteration_count = server_first_message:match("(r=[^,]+),s=([^,]*),i=(%d+)");
+	local nonce, salt, iteration_count = server_first_message:match("(r=[^,]+),s=([^,]*),i=(%d+)");
 	local i = tonumber(iteration_count);
 	salt = unbase64(salt);
 	if not nonce or not salt or not i then
 		return false, "Could not parse server_first_message";
 	elseif nonce:find(c_nonce, 3, true) ~= 3 then
 		return false, "nonce sent by server does not match our nonce";
-	elseif nonce == c_nonce then
+	elseif nonce == our_nonce then
 		return false, "server did not append s-nonce to nonce";
 	end