vanitasvitae
/
Smack
mirror of https://github.com/vanitasvitae/Smack.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix SCRAM-SHA1 mechanism creating invalid c-nonce 

Because of the condition "c >= 32", Smack would possible return a
c-nonce containing ASCII whitespace characters (32d, 0x20), which are
not allowed in the c-nonce as per RFC 5802.

This commit applies the correct condition: "c > 32".

Fixes SMACK-735.
This commit is contained in:
Florian Schmaus 2016-10-20 16:57:06 +02:00
parent a1bbefc9e3
commit fca2f59e08
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
smack-core/src/main/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1Mechanism.java
View File

@ -257,7 +257,10 @@ public class SCRAMSHA1Mechanism extends SASLMechanism {
if (c == ',') {
return false;
}
return c >= 32 && c < 127;
// RFC 5802 § 7. 'printable': Contains all chars within 0x21 (33d) to 0x2b (43d) and 0x2d (45d) to 0x7e (126)
// aka. "Printable ASCII except ','". Since we already filter the ASCII ',' (0x2c, 44d) above, we only have to
// ensure that c is within [33, 126].
return c > 32 && c < 127;
}
/**