Mercury-IM/Smack
Mercury-IM/Smack
1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2024-11-21 22:02:06 +01:00
Code Issues Releases Wiki Activity

Fix provided SASL DIGEST-MD5 mechanism

Browse source 
In case the server provided nonce contained one or more equals
characters ("=") the part.split("=") call would return more then the
expected two key/value parts. Hence we simply use part.split("=", 2).

Also made the unit test check for this case.

Fixes SMACK-755
This commit is contained in:
Florian Schmaus 2017-04-07 18:56:51 +02:00
parent 16ede9806a
commit d421b2fa1b
2 changed files with 5 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
smack-core/src/test/java/org/jivesoftware/smack/sasl/DigestMd5SaslTest.java
View file

@ -1,6 +1,6 @@
/** /**
* *
* Copyright © 2014 Florian Schmaus * Copyright © 2014-2017 Florian Schmaus
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -17,7 +17,6 @@
package org.jivesoftware.smack.sasl; package org.jivesoftware.smack.sasl;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.util.HashMap; import java.util.HashMap;
@ -32,7 +31,7 @@ import org.jxmpp.jid.EntityBareJid;
public class DigestMd5SaslTest extends AbstractSaslTest { public class DigestMd5SaslTest extends AbstractSaslTest {
protected static final String challenge = "realm=\"xmpp.org\",nonce=\"aTUr3GXqUtyy2B7HVDW6C+gQs+j+0EhWWjoBKkkg\",qop=\"auth\",charset=utf-8,algorithm=md5-sess"; protected static final String challenge = "realm=\"xmpp.org\",nonce=\"jgGgnz+cQcmyVaAs2n88kQ==\",qop=\"auth\",charset=utf-8,algorithm=md5-sess";
protected static final byte[] challengeBytes = StringUtils.toBytes(challenge); protected static final byte[] challengeBytes = StringUtils.toBytes(challenge);
public DigestMd5SaslTest(SASLMechanism saslMechanism) { public DigestMd5SaslTest(SASLMechanism saslMechanism) {
@ -50,8 +49,7 @@ public class DigestMd5SaslTest extends AbstractSaslTest {
String[] responseParts = responseString.split(","); String[] responseParts = responseString.split(",");
Map<String, String> responsePairs = new HashMap<String, String>(); Map<String, String> responsePairs = new HashMap<String, String>();
for (String part : responseParts) { for (String part : responseParts) {
String[] keyValue = part.split("="); String[] keyValue = part.split("=", 2);
assertTrue(keyValue.length == 2);
String key = keyValue[0]; String key = keyValue[0];
String value = keyValue[1].replace("\"", ""); String value = keyValue[1].replace("\"", "");
responsePairs.put(key, value); responsePairs.put(key, value);

5
smack-sasl-provided/src/main/java/org/jivesoftware/smack/sasl/provided/SASLDigestMD5Mechanism.java
View file

@ -1,6 +1,6 @@
/** /**
* *
* Copyright 2014 Florian Schmaus * Copyright 2014-2017 Florian Schmaus
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -115,8 +115,7 @@ public class SASLDigestMD5Mechanism extends SASLMechanism {
switch (state) { switch (state) {
case INITIAL: case INITIAL:
for (String part : challengeParts) { for (String part : challengeParts) {
String[] keyValue = part.split("="); String[] keyValue = part.split("=", 2);
assert (keyValue.length == 2);
String key = keyValue[0]; String key = keyValue[0];
// RFC 2831 § 7.1 about the formating of the digest-challenge: // RFC 2831 § 7.1 about the formating of the digest-challenge:
// "The full form is "<n>#<m>element" indicating at least <n> and // "The full form is "<n>#<m>element" indicating at least <n> and