From ede5a353e89591b70be1a955b9ffb060e1d27dd1 Mon Sep 17 00:00:00 2001
From: HAMANO Tsukasa <code@cuspy.org>
Date: Thu, 8 Jan 2015 14:12:05 +0900
Subject: [PATCH] checking stringprep in scram authentication

---
 src/cyrsasl_scram.erl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/cyrsasl_scram.erl b/src/cyrsasl_scram.erl
index 1175af1e9..26e037001 100644
--- a/src/cyrsasl_scram.erl
+++ b/src/cyrsasl_scram.erl
@@ -76,9 +76,11 @@ mech_step(#state{step = 2} = State, ClientIn) ->
 		  UserName ->
 		      case parse_attribute(ClientNonceAttribute) of
 			{$r, ClientNonce} ->
-			    case (State#state.get_password)(UserName) of
+			    {Ret, _AuthModule} = (State#state.get_password)(UserName),
+			    case {Ret, jlib:resourceprep(Ret)} of
 			      {false, _} -> {error, <<"not-authorized">>, UserName};
-			      {Ret, _AuthModule} ->
+			      {_, error} -> ?WARNING_MSG("invalid password", []), {error, <<"not-authorized">>, UserName};
+			      {Ret, _} ->
 				  {StoredKey, ServerKey, Salt, IterationCount} =
 				      if is_tuple(Ret) -> Ret;
 					 true ->