izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix pairing error handling when the hash doesn't match

Browse Source 
We shouldn't proceed to signature verification if we already failed hash verification
This commit is contained in:
Cameron Gutman
2023-05-05 18:00:26 -05:00
parent 663bf750d9
commit b59b885dbd
1 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/nvhttp.cpp
View File

@@ -375,14 +375,7 @@ namespace nvhttp {
auto hash = crypto::hash(data); auto hash = crypto::hash(data);
// if hash not correct, probably MITM // if hash not correct, probably MITM
if (std::memcmp(hash.data(), sess.clienthash.data(), hash.size())) { if (!std::memcmp(hash.data(), sess.clienthash.data(), hash.size()) && crypto::verify256(crypto::x509(client.cert), secret, sign)) {
// TODO: log
map_id_sess.erase(client.uniqueID);
tree.put("root.paired", 0);
}
if (crypto::verify256(crypto::x509(client.cert), secret, sign)) {
tree.put("root.paired", 1); tree.put("root.paired", 1);
add_cert->raise(crypto::x509(client.cert)); add_cert->raise(crypto::x509(client.cert));