1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-12-22 18:48:00 +01:00

Fix SCRAM-SHA1 mechanism creating invalid c-nonce

Because of the condition "c >= 32", Smack would possible return a
c-nonce containing ASCII whitespace characters (32d, 0x20), which are
not allowed in the c-nonce as per RFC 5802.

This commit applies the correct condition: "c > 32".

Fixes SMACK-735.
This commit is contained in:
Florian Schmaus 2016-10-20 16:57:06 +02:00
parent a1bbefc9e3
commit fca2f59e08

View file

@ -257,7 +257,10 @@ public class SCRAMSHA1Mechanism extends SASLMechanism {
if (c == ',') {
return false;
}
return c >= 32 && c < 127;
// RFC 5802 § 7. 'printable': Contains all chars within 0x21 (33d) to 0x2b (43d) and 0x2d (45d) to 0x7e (126)
// aka. "Printable ASCII except ','". Since we already filter the ASCII ',' (0x2c, 44d) above, we only have to
// ensure that c is within [33, 126].
return c > 32 && c < 127;
}
/**