fixes #557 (SCRAM-SHA-1 fails for salts longer than 16 bytes)

git-svn-id: http://svn.miranda-ng.org/main/trunk@7944 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c

1 files changed, 16 insertions, 30 deletions

diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp
index df736ea7d9..b2158cb410 100644
--- a/protocols/JabberG/src/jabber_secur.cpp
+++ b/protocols/JabberG/src/jabber_secur.cpp
@@ -246,41 +246,27 @@ void TScramAuth::Hi(BYTE* res, char* passw, size_t passwLen, char* salt, size_t
 

 char* TScramAuth::getChallenge(const TCHAR *challenge)

 {

-	unsigned chlLen;

-	ptrA chl((char*)mir_base64_decode(_T2A(challenge), &chlLen));

-

-	char *r = strstr(chl, "r=");

-	if (!r)

-		return NULL;

-

-	char *e = strchr(r, ','); if (e) *e = 0;

-	ptrA snonce(mir_strdup(r + 2));

-	if (e) *e = ',';

-

-	size_t cnlen = strlen(cnonce);

-	if (strncmp(cnonce, snonce, cnlen))

-		return NULL;

+	unsigned chlLen, saltLen;

+	ptrA snonce, salt;

+	int ind = -1;

 

-	char *s = strstr(chl, "s=");

-	if (!s)

-		return NULL;

-	e = strchr(s, ','); if (e) *e = 0;

+	ptrA chl((char*)mir_base64_decode(_T2A(challenge), &chlLen));

 

-	unsigned saltLen;

-	ptrA salt((char*)mir_base64_decode(s + 2, &saltLen));

-	if (e) *e = ',';

-	if (saltLen > 16)

-		return NULL;

+	for (char *p = strtok(chl, ","); p != NULL; p = strtok(NULL, ",")) {

+		if (*p == 'r' && p[1] == '=') { // snonce

+			if (strncmp(cnonce, p + 2, strlen(cnonce)))

+				return NULL;

+			snonce = mir_strdup(p + 2);

+		}

+		else if (*p == 's' && p[1] == '=') // salt

+			salt = (char*)mir_base64_decode(p + 2, &saltLen);

+		else if (*p == 'i' && p[1] == '=')

+			ind = atoi(p + 2);

+	}

 

-	char *in = strstr(chl, "i=");

-	if (!in)

+	if (snonce == NULL || salt == NULL || ind == -1)

 		return NULL;

 

-	e = strchr(in, ','); if (e) *e = 0;

-	int ind = atoi(in + 2);

-	if (e)

-		*e = ',';

-

 	ptrA passw(mir_utf8encodeT(info->password));

 	size_t passwLen = strlen(passw);