Mercurial > prosody-modules

changeset 5923:87441b567277

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_sasl2_fast: Fix traceback when no cb_data is available (thanks riau) We already verify (earlier in the process) that cb_data is present if we are using a mechanism that requires it.
author Matthew Wild <mwild1@gmail.com>
date Wed, 19 Jun 2024 13:53:12 +0100
parents f408b8e603af
children 2b80188448d1
files mod_sasl2_fast/mod_sasl2_fast.lua
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mod_sasl2_fast/mod_sasl2_fast.lua	Sat Jun 08 03:28:25 2024 -0500
+++ b/mod_sasl2_fast/mod_sasl2_fast.lua	Wed Jun 19 13:53:12 2024 +0100
@@ -49,7 +49,7 @@
 			log("debug", "Looking for %s token %s/%s", mechanism, username, key);
 			token = token_store:get(username, key);
 			if token and token.mechanism == mechanism then
-				local expected_hash = hmac_f(token.secret, "Initiator"..cb_data);
+				local expected_hash = hmac_f(token.secret, "Initiator"..(cb_data or ""));
 				if hash.equals(expected_hash, token_hash) then
 					local current_time = now();
 					if token.expires_at < current_time then
@@ -77,7 +77,7 @@
 						log("debug", "FAST token due for rotation (age: %d)", current_time - token.issued_at);
 						rotation_needed = true;
 					end
-					return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed;
+					return true, username, hmac_f(token.secret, "Responder"..(cb_data or "")), rotation_needed;
 				end
 			end
 			if not tried_current_token then