Mercurial > prosody-modules
changeset 5935:46394b327d17
mod_http_oauth2: Guard against malformed authorization header
Prevent error on calling :lower() afterwards
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 15 Jul 2024 20:02:25 +0200 |
parents | 667ce80937fa |
children | a9c75430cb26 |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 1 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Mon Jul 15 16:24:20 2024 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Mon Jul 15 20:02:25 2024 +0200 @@ -697,6 +697,7 @@ if not request.headers.authorization then return; end local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$"); + if not auth_type then return nil; end -- As described in Section 2.3 of [RFC5234], the string Bearer is case-insensitive. -- https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-5.1.1