Closed trigonometr closed 1 year ago
@elprans, looks like all the checks have passed, so could you, please, review these two small changes?)
I'm seeing the error multiple times a day on an AWS Lambda connecting to RDS, so happy to throw in everything from moral support to providing code changes where asked!
quick question - what's the timeline for a patch release including this? considering where to throw my resources at - monkeypatching?
According to RFC5802 server-first-message has the following form: [reserved-mext ","] nonce "," salt "," iteration-count ["," extensions]. Where nonce is a sequence of random printable ASCII characters excluding ','. So the nonce can potentially contain the substring "s=". In the previous version of parsing, the salt could be taken from the nonce part of the message because of that.
For instance, the server first message was b'r=Cipys==4,s=c2FsdA==,i=4096', then the old parsing would have b'=4' as a salt, which is wrong. The same problem could be with iteration-count.