From fca2f59e08da2936f6d899a95fb0f6ed9aa07f0c Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Thu, 20 Oct 2016 16:57:06 +0200
Subject: [PATCH] Fix SCRAM-SHA1 mechanism creating invalid c-nonce

Because of the condition "c >= 32", Smack would possible return a
c-nonce containing ASCII whitespace characters (32d, 0x20), which are
not allowed in the c-nonce as per RFC 5802.

This commit applies the correct condition: "c > 32".

Fixes SMACK-735.
---
 .../org/jivesoftware/smack/sasl/core/SCRAMSHA1Mechanism.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/smack-core/src/main/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1Mechanism.java b/smack-core/src/main/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1Mechanism.java
index 217ace4e9..4d15a8f91 100644
--- a/smack-core/src/main/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1Mechanism.java
+++ b/smack-core/src/main/java/org/jivesoftware/smack/sasl/core/SCRAMSHA1Mechanism.java
@@ -257,7 +257,10 @@ public class SCRAMSHA1Mechanism extends SASLMechanism {
         if (c == ',') {
             return false;
         }
-        return c >= 32 && c < 127;
+        // RFC 5802 § 7. 'printable': Contains all chars within 0x21 (33d) to 0x2b (43d) and 0x2d (45d) to 0x7e (126)
+        // aka. "Printable ASCII except ','". Since we already filter the ASCII ',' (0x2c, 44d) above, we only have to
+        // ensure that c is within [33, 126].
+        return c > 32 && c < 127;
     }
 
     /**