ElderShell/EverWrath
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0. This resolves another authentication bypass issue

Browse source
This commit is contained in:
starrheld 2017-03-19 19:18:43 +01:00 committed by HeartWell
parent 6908181569
commit a67ceca682
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/authserver/Server/AuthSocket.cpp
View file

@ -557,7 +557,7 @@ bool AuthSocket::_HandleLogonProof()
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A == 0
if (A.isZero())
if ((A % N).isZero())
{
socket().shutdown();
return true;