From 587c09e700a913c276f5b5c9aba790247475346d Mon Sep 17 00:00:00 2001
From: Jan Veen <jan.veen@posteo.de>
Date: Fri, 12 Mar 2021 14:43:59 +0100
Subject: [PATCH] crypto: Prohibit extending verification methods

Intersect the allowed methods passed from the user with the methods
supported by the other party. If the user added new methods to the
request, the remote party would cancel the verification.
---
 matrix_sdk_crypto/src/verification/sas/mod.rs | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/matrix_sdk_crypto/src/verification/sas/mod.rs b/matrix_sdk_crypto/src/verification/sas/mod.rs
index 62210d5e..4c0f3abf 100644
--- a/matrix_sdk_crypto/src/verification/sas/mod.rs
+++ b/matrix_sdk_crypto/src/verification/sas/mod.rs
@@ -705,18 +705,16 @@ impl AcceptSettings {
             AcceptContent::ToDevice(AcceptToDeviceEventContent {
                 method: AcceptMethod::MSasV1(c),
                 ..
-            }) => {
-                c.short_authentication_string = self.allowed_methods;
-                content
-            }
-            AcceptContent::Room(
+            })
+            | AcceptContent::Room(
                 _,
                 AcceptEventContent {
                     method: AcceptMethod::MSasV1(c),
                     ..
                 },
             ) => {
-                c.short_authentication_string = self.allowed_methods;
+                c.short_authentication_string
+                    .retain(|sas| self.allowed_methods.contains(sas));
                 content
             }
             _ => content,