summaryrefslogtreecommitdiff
path: root/protocols
diff options
context:
space:
mode:
authorGeorge Hazan <george.hazan@gmail.com>2014-01-29 10:58:59 +0000
committerGeorge Hazan <george.hazan@gmail.com>2014-01-29 10:58:59 +0000
commitf01c62c9689aacfbf456435333634f9858c1057f (patch)
tree59c313cccba501ae6423ff2eb9d65d9b522da1df /protocols
parent34d700fe7115f12cad49c211c867acba9ecec6aa (diff)
fixes #557 (SCRAM-SHA-1 fails for salts longer than 16 bytes)
git-svn-id: http://svn.miranda-ng.org/main/trunk@7944 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
Diffstat (limited to 'protocols')
-rw-r--r--protocols/JabberG/src/jabber_secur.cpp46
1 files changed, 16 insertions, 30 deletions
diff --git a/protocols/JabberG/src/jabber_secur.cpp b/protocols/JabberG/src/jabber_secur.cpp
index df736ea7d9..b2158cb410 100644
--- a/protocols/JabberG/src/jabber_secur.cpp
+++ b/protocols/JabberG/src/jabber_secur.cpp
@@ -246,41 +246,27 @@ void TScramAuth::Hi(BYTE* res, char* passw, size_t passwLen, char* salt, size_t
char* TScramAuth::getChallenge(const TCHAR *challenge)
{
- unsigned chlLen;
- ptrA chl((char*)mir_base64_decode(_T2A(challenge), &chlLen));
-
- char *r = strstr(chl, "r=");
- if (!r)
- return NULL;
-
- char *e = strchr(r, ','); if (e) *e = 0;
- ptrA snonce(mir_strdup(r + 2));
- if (e) *e = ',';
-
- size_t cnlen = strlen(cnonce);
- if (strncmp(cnonce, snonce, cnlen))
- return NULL;
+ unsigned chlLen, saltLen;
+ ptrA snonce, salt;
+ int ind = -1;
- char *s = strstr(chl, "s=");
- if (!s)
- return NULL;
- e = strchr(s, ','); if (e) *e = 0;
+ ptrA chl((char*)mir_base64_decode(_T2A(challenge), &chlLen));
- unsigned saltLen;
- ptrA salt((char*)mir_base64_decode(s + 2, &saltLen));
- if (e) *e = ',';
- if (saltLen > 16)
- return NULL;
+ for (char *p = strtok(chl, ","); p != NULL; p = strtok(NULL, ",")) {
+ if (*p == 'r' && p[1] == '=') { // snonce
+ if (strncmp(cnonce, p + 2, strlen(cnonce)))
+ return NULL;
+ snonce = mir_strdup(p + 2);
+ }
+ else if (*p == 's' && p[1] == '=') // salt
+ salt = (char*)mir_base64_decode(p + 2, &saltLen);
+ else if (*p == 'i' && p[1] == '=')
+ ind = atoi(p + 2);
+ }
- char *in = strstr(chl, "i=");
- if (!in)
+ if (snonce == NULL || salt == NULL || ind == -1)
return NULL;
- e = strchr(in, ','); if (e) *e = 0;
- int ind = atoi(in + 2);
- if (e)
- *e = ',';
-
ptrA passw(mir_utf8encodeT(info->password));
size_t passwLen = strlen(passw);