crypto: Prohibit extending verification methods
Intersect the allowed methods passed from the user with the methods supported by the other party. If the user added new methods to the request, the remote party would cancel the verification.
This commit is contained in:
parent
e9be23f853
commit
587c09e700
1 changed files with 4 additions and 6 deletions
|
@ -705,18 +705,16 @@ impl AcceptSettings {
|
|||
AcceptContent::ToDevice(AcceptToDeviceEventContent {
|
||||
method: AcceptMethod::MSasV1(c),
|
||||
..
|
||||
}) => {
|
||||
c.short_authentication_string = self.allowed_methods;
|
||||
content
|
||||
}
|
||||
AcceptContent::Room(
|
||||
})
|
||||
| AcceptContent::Room(
|
||||
_,
|
||||
AcceptEventContent {
|
||||
method: AcceptMethod::MSasV1(c),
|
||||
..
|
||||
},
|
||||
) => {
|
||||
c.short_authentication_string = self.allowed_methods;
|
||||
c.short_authentication_string
|
||||
.retain(|sas| self.allowed_methods.contains(sas));
|
||||
content
|
||||
}
|
||||
_ => content,
|
||||
|
|
Loading…
Reference in a new issue