From 09a87f5a0c7e67ce35478944cdb5b50ba3da0474 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Wed, 22 Apr 2020 00:16:03 +0200
Subject: ejabberd_stun: Handle hashed passwords gracefully

Don't crash when STUN/TURN authentication is performed against a
SCRAM-hashed password.
---
 src/ejabberd_stun.erl | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/ejabberd_stun.erl b/src/ejabberd_stun.erl
index b3527b3cf..a094f37ac 100644
--- a/src/ejabberd_stun.erl
+++ b/src/ejabberd_stun.erl
@@ -80,7 +80,14 @@ get_password(User, Realm) ->
 	Password when byte_size(Password) > 0 ->
 	    Password;
 	<<>> ->
-	    ejabberd_auth:get_password_s(User, Realm)
+	    case ejabberd_auth:get_password_s(User, Realm) of
+		Password when is_binary(Password) ->
+		    Password;
+		_ ->
+		    ?INFO_MSG("Cannot use hashed password of ~s@~s for "
+			      "STUN/TURN authentication", [User, Realm]),
+		    <<>>
+	    end
     end.
 
 %%%===================================================================
-- 
cgit v1.2.3