Permalink
Browse files

Do not modify the stored SASL password in authentication mechanisms

  • Loading branch information...
1 parent 6de010e commit bd3d266e2ed932aa768ba12183e9f0fe15f959a4 @dominikh dominikh committed Sep 1, 2012
Showing with 6 additions and 0 deletions.
  1. +6 −0 lib/cinch/sasl/dh_blowfish.rb
View
6 lib/cinch/sasl/dh_blowfish.rb
@@ -35,6 +35,12 @@ def unpack_payload(payload)
# @param [String] payload
# @return [String]
def generate(user, password, payload)
+ # duplicate the passed strings because we are modifying them
+ # later and they might come from the configuration store or
+ # similar
+ user = user.dup
+ password = password.dup
+
data = Base64.decode64(payload).force_encoding("ASCII-8BIT")
p, g, y = unpack_payload(data)

0 comments on commit bd3d266

Please sign in to comment.