From 575ada3b27b67a8453da57ffffd0b8ddcb91206c Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Wed, 27 May 2020 13:53:28 +0200 Subject: [PATCH] fix scram crash for broken metronome servers --- .../eu/siacs/conversations/crypto/sasl/ScramMechanism.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java index 6949daec4..4d40d2b74 100644 --- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java +++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java @@ -195,6 +195,10 @@ abstract class ScramMechanism extends SaslMechanism { final byte[] clientProof = new byte[keys.clientKey.length]; + if (clientSignature.length < keys.clientKey.length) { + throw new AuthenticationException("client signature was shorter than clientKey"); + } + for (int i = 0; i < clientProof.length; i++) { clientProof[i] = (byte) (keys.clientKey[i] ^ clientSignature[i]); }