# HG changeset patch # User Matthew Wild # Date 1717774014 -3600 # Node ID e67fc7b66c139e06cbfdea8b7b373c6f55e6ba20 # Parent 254a21a104aa476955a6631992efe7acf7461ba8 mod_sasl2_fast: Fix malformed-request when using HT-*-NONE (thanks lnj!) This crept into the previous commit which tried to fail early when CB was requested but unavailable - that commit did not actually check that CB *was* requested. diff -r 254a21a104aa -r e67fc7b66c13 mod_sasl2_fast/mod_sasl2_fast.lua --- a/mod_sasl2_fast/mod_sasl2_fast.lua Fri Jun 07 16:14:58 2024 +0100 +++ b/mod_sasl2_fast/mod_sasl2_fast.lua Fri Jun 07 16:26:54 2024 +0100 @@ -196,14 +196,17 @@ if not authc_username then return "failure", "malformed-request"; end - if not sasl_handler.profile.cb then - module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast); - return "failure", "malformed-request"; - elseif not sasl_handler.profile.cb[cb_name] then - module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast); - return "failure", "malformed-request"; + local cb_data; + if cb_name then + if not sasl_handler.profile.cb then + module:log("warn", "Attempt to use channel binding %s with SASL profile that does not support any channel binding (FAST: %s)", cb_name, sasl_handler.fast); + return "failure", "malformed-request"; + elseif not sasl_handler.profile.cb[cb_name] then + module:log("warn", "SASL profile does not support %s channel binding (FAST: %s)", cb_name, sasl_handler.fast); + return "failure", "malformed-request"; + end + cb_data = sasl_handler.profile.cb[cb_name](sasl_handler) or ""; end - local cb_data = cb_name and sasl_handler.profile.cb[cb_name](sasl_handler) or ""; local ok, authz_username, response, rotation_needed = backend( mechanism_name, authc_username,