1 files changed, 33 insertions, 15 deletions

diff --git a/src/ejabberd_auth_sql.erl b/src/ejabberd_auth_sql.erl
index 313e9faea..4228b3345 100644
--- a/src/ejabberd_auth_sql.erl
+++ b/src/ejabberd_auth_sql.erl
@@ -159,10 +159,13 @@ check_password(User, AuthzId, Server, Password, Digest,
 set_password(User, Server, Password) ->
     LServer = jid:nameprep(Server),
     LUser = jid:nodeprep(User),
+    LPassword = jid:resourceprep(Password),
     if (LUser == error) or (LServer == error) ->
             {error, invalid_jid};
        (LUser == <<>>) or (LServer == <<>>) ->
             {error, invalid_jid};
+       LPassword == error ->
+	   {error, invalid_password};
        true ->
             case is_scrammed() of
                 true ->
@@ -193,10 +196,13 @@ set_password(User, Server, Password) ->
 try_register(User, Server, Password) ->
     LServer = jid:nameprep(Server),
     LUser = jid:nodeprep(User),
+    LPassword = jid:resourceprep(Password),
     if (LUser == error) or (LServer == error) ->
             {error, invalid_jid};
        (LUser == <<>>) or (LServer == <<>>) ->
             {error, invalid_jid};
+       LPassword == error ->
+	   {error, invalid_password};
        true ->
             case is_scrammed() of
                 true ->
@@ -427,13 +433,18 @@ is_password_scram_valid_stored(Password, Scram, _, _) ->
     is_password_scram_valid(Password, Scram).
 
 is_password_scram_valid(Password, Scram) ->
-    IterationCount = Scram#scram.iterationcount,
-    Salt = jlib:decode_base64(Scram#scram.salt),
-    SaltedPassword = scram:salted_password(Password, Salt,
-					   IterationCount),
-    StoredKey =
-	scram:stored_key(scram:client_key(SaltedPassword)),
-    jlib:decode_base64(Scram#scram.storedkey) == StoredKey.
+    case jid:resourceprep(Password) of
+	error ->
+	    false;
+	_ ->
+	    IterationCount = Scram#scram.iterationcount,
+	    Salt = jlib:decode_base64(Scram#scram.salt),
+	    SaltedPassword = scram:salted_password(Password, Salt,
+						   IterationCount),
+	    StoredKey =
+		scram:stored_key(scram:client_key(SaltedPassword)),
+	    jlib:decode_base64(Scram#scram.storedkey) == StoredKey
+    end.
 
 -define(BATCH_SIZE, 1000).
 
@@ -466,14 +477,21 @@ convert_to_scram(Server) ->
                             {selected, Rs} ->
                                 lists:foreach(
                                   fun({LUser, Password}) ->
-                                          Scram = password_to_scram(Password),
-                                          set_password_scram_t(
-                                            LUser,
-                                            Scram#scram.storedkey,
-                                            Scram#scram.serverkey,
-                                            Scram#scram.salt,
-                                            Scram#scram.iterationcount
-                                           )
+					  case jid:resourceprep(Password) of
+					      error ->
+						  ?ERROR_MSG(
+						     "SASLprep failed for "
+						     "password of user ~s@~s",
+						     [LUser, LServer]);
+					      _ ->
+						  Scram = password_to_scram(Password),
+						  set_password_scram_t(
+						    LUser,
+						    Scram#scram.storedkey,
+						    Scram#scram.serverkey,
+						    Scram#scram.salt,
+						    Scram#scram.iterationcount)
+					  end
                                   end, Rs),
                                 continue;
                             Err -> {bad_reply, Err}