jyapayne/Sunshine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix pairing error handling when the hash doesn't match

Browse source 
We shouldn't proceed to signature verification if we already failed hash verification
This commit is contained in:
Cameron Gutman 2023-05-05 18:00:26 -05:00
commit b59b885dbd
1 changed files with 1 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/nvhttp.cpp
View file

@ -375,14 +375,7 @@ namespace nvhttp {
auto hash = crypto::hash(data);
// if hash not correct, probably MITM
if (std::memcmp(hash.data(), sess.clienthash.data(), hash.size())) {
// TODO: log
map_id_sess.erase(client.uniqueID);
tree.put("root.paired", 0);
}
if (crypto::verify256(crypto::x509(client.cert), secret, sign)) {
if (!std::memcmp(hash.data(), sess.clienthash.data(), hash.size()) && crypto::verify256(crypto::x509(client.cert), secret, sign)) {
tree.put("root.paired", 1);
add_cert->raise(crypto::x509(client.cert));