diff mod_sasl2_fast/mod_sasl2_fast.lua @ 5882:563c2c70cb9f

mod_sasl2_fast: Improve handling when SASL profile unexpectedly lacks CB This fixes a traceback reported by riau, but likely does not solve the underlying cause, whatever that is.
author Matthew Wild <mwild1@gmail.com>
date Tue, 16 Apr 2024 10:42:25 +0100
parents b10a7082b3c3
children e67fc7b66c13
line wrap: on
line diff
--- a/mod_sasl2_fast/mod_sasl2_fast.lua	Tue Apr 09 14:44:52 2024 -0500
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua	Tue Apr 16 10:42:25 2024 +0100
@@ -196,6 +196,13 @@
 		if not authc_username then
 			return "failure", "malformed-request";
 		end
+		if not sasl_handler.profile.cb then
+			module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast);
+			return "failure", "malformed-request";
+		elseif not sasl_handler.profile.cb[cb_name] then
+			module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast);
+			return "failure", "malformed-request";
+		end
 		local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or "";
 		local ok, authz_username, response, rotation_needed = backend(
 			mechanism_name,