crypto: Prohibit extending verification methods
Intersect the allowed methods passed from the user with the methods supported by the other party. If the user added new methods to the request, the remote party would cancel the verification.master
parent
e9be23f853
commit
587c09e700
|
@ -705,18 +705,16 @@ impl AcceptSettings {
|
||||||
AcceptContent::ToDevice(AcceptToDeviceEventContent {
|
AcceptContent::ToDevice(AcceptToDeviceEventContent {
|
||||||
method: AcceptMethod::MSasV1(c),
|
method: AcceptMethod::MSasV1(c),
|
||||||
..
|
..
|
||||||
}) => {
|
})
|
||||||
c.short_authentication_string = self.allowed_methods;
|
| AcceptContent::Room(
|
||||||
content
|
|
||||||
}
|
|
||||||
AcceptContent::Room(
|
|
||||||
_,
|
_,
|
||||||
AcceptEventContent {
|
AcceptEventContent {
|
||||||
method: AcceptMethod::MSasV1(c),
|
method: AcceptMethod::MSasV1(c),
|
||||||
..
|
..
|
||||||
},
|
},
|
||||||
) => {
|
) => {
|
||||||
c.short_authentication_string = self.allowed_methods;
|
c.short_authentication_string
|
||||||
|
.retain(|sas| self.allowed_methods.contains(sas));
|
||||||
content
|
content
|
||||||
}
|
}
|
||||||
_ => content,
|
_ => content,
|
||||||
|
|
Loading…
Reference in New Issue