Skip to content

Commit

Permalink
Merge pull request #11986 from rabbitmq/amqplain
Browse files Browse the repository at this point in the history
Restrict username and password in AMQPLAIN
  • Loading branch information
michaelklishin authored Aug 14, 2024
2 parents dad09e6 + 29437d0 commit 8ef8d18
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions deps/rabbit/src/rabbit_auth_mechanism_amqplain.erl
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,17 @@ should_offer(_Sock) ->
init(_Sock) ->
[].

-define(IS_STRING_TYPE(Type), Type =:= longstr orelse Type =:= shortstr).
-define(IS_STRING_TYPE(Type),
Type =:= longstr orelse
Type =:= shortstr orelse
Type =:= binary).

handle_response(Response, _State) ->
LoginTable = rabbit_binary_parser:parse_table(Response),
case {lists:keysearch(<<"LOGIN">>, 1, LoginTable),
lists:keysearch(<<"PASSWORD">>, 1, LoginTable)} of
{{value, {_, UserType, User}},
{value, {_, PassType, Pass}}} when ?IS_STRING_TYPE(UserType);
{value, {_, PassType, Pass}}} when ?IS_STRING_TYPE(UserType) andalso
?IS_STRING_TYPE(PassType) ->
rabbit_access_control:check_user_pass_login(User, Pass);
{{value, {_, _UserType, _User}},
Expand Down

0 comments on commit 8ef8d18

Please sign in to comment.