diff options
| author | Mattias EngdegÄrd <mattiase@acm.org> | 2021-12-21 10:51:58 +0100 |
|---|---|---|
| committer | Mattias EngdegÄrd <mattiase@acm.org> | 2021-12-21 10:59:06 +0100 |
| commit | e56dd354c751ee67d0012a0209b769246207d74c (patch) | |
| tree | f6131453d890bffed0003144d61a276838d96d54 | |
| parent | c0e9785c7c788a591cbc67ba875c5bc2bd76f4df (diff) | |
| download | emacs-e56dd354c751ee67d0012a0209b769246207d74c.tar.gz emacs-e56dd354c751ee67d0012a0209b769246207d74c.tar.bz2 emacs-e56dd354c751ee67d0012a0209b769246207d74c.zip | |
Don't produce multibyte strings by accident in sasl-scram-rfc
* lisp/net/sasl-scram-rfc.el (sasl-scram--client-final-message):
The XOR of two unibyte strings should be a unibyte string.
This code previously worked by accident because of an overly tolerant
base64 encoder (bug#52670), but now causes a test failure.
| -rw-r--r-- | lisp/net/sasl-scram-rfc.el | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lisp/net/sasl-scram-rfc.el b/lisp/net/sasl-scram-rfc.el index 91d76663ef2..c0793691993 100644 --- a/lisp/net/sasl-scram-rfc.el +++ b/lisp/net/sasl-scram-rfc.el @@ -90,6 +90,8 @@ (sasl-mechanism-name (sasl-client-mechanism client)) (sasl-client-name client)))) (salt (base64-decode-string salt-base64)) + (string-xor (lambda (a b) + (apply #'unibyte-string (cl-mapcar #'logxor a b)))) (salted-password ;; Hi(str, salt, i): (let ((digest (concat salt (string 0 0 0 1))) @@ -98,7 +100,7 @@ (setq digest (funcall hmac-fun digest password)) (setq xored (if (null xored) digest - (cl-map 'string 'logxor xored digest)))))) + (funcall string-xor xored digest)))))) (client-key (funcall hmac-fun "Client Key" salted-password)) (stored-key (decode-hex-string (funcall hash-fun client-key))) @@ -108,7 +110,7 @@ step-data "," client-final-message-without-proof)) (client-signature (funcall hmac-fun (encode-coding-string auth-message 'utf-8) stored-key)) - (client-proof (cl-map 'string 'logxor client-key client-signature)) + (client-proof (funcall string-xor client-key client-signature)) (client-final-message (concat client-final-message-without-proof "," "p=" (base64-encode-string client-proof)))) |