From 492e38748258abe3d4efcbd4c76ef281af44783a Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Fri, 10 Jul 2015 12:16:30 +0200 Subject: added null check in sasl response verifier --- src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java') diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java index 10cd3167..c95a62df 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java @@ -185,7 +185,7 @@ public class ScramSha1 extends SaslMechanism { case RESPONSE_SENT: final String clientCalculatedServerFinalMessage = "v=" + Base64.encodeToString(serverSignature, Base64.NO_WRAP); - if (!clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) { + if (challenge == null || !clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) { throw new AuthenticationException("Server final message does not match calculated final message"); } state = State.VALID_SERVER_RESPONSE; -- cgit v1.2.3 From c082066118431a380dc62892c4363f73591b6666 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Sun, 16 Aug 2015 11:50:33 +0200 Subject: catch null pointer in ScramSHA1 sasl --- src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java') diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java index c95a62df..f47677f6 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java @@ -101,6 +101,9 @@ public class ScramSha1 extends SaslMechanism { public String getResponse(final String challenge) throws AuthenticationException { switch (state) { case AUTH_TEXT_SENT: + if (challenge == null) { + throw new AuthenticationException("challenge can not be null"); + } serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT); final Tokenizer tokenizer = new Tokenizer(serverFirstMessage); String nonce = ""; -- cgit v1.2.3 From 933538a39da9fb80025e07fc173514f45033c261 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Mon, 12 Oct 2015 12:36:54 +0200 Subject: code clean up --- src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java') diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java index f47677f6..3a05446c 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java @@ -21,7 +21,6 @@ public class ScramSha1 extends SaslMechanism { // TODO: When channel binding (SCRAM-SHA1-PLUS) is supported in future, generalize this to indicate support and/or usage. final private static String GS2_HEADER = "n,,"; private String clientFirstMessageBare; - private byte[] serverFirstMessage; final private String clientNonce; private byte[] serverSignature = null; private static HMac HMAC; @@ -104,7 +103,7 @@ public class ScramSha1 extends SaslMechanism { if (challenge == null) { throw new AuthenticationException("challenge can not be null"); } - serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT); + byte[] serverFirstMessage = Base64.decode(challenge, Base64.DEFAULT); final Tokenizer tokenizer = new Tokenizer(serverFirstMessage); String nonce = ""; int iterationCount = -1; -- cgit v1.2.3