crypto: Prohibit extending verification methods

Intersect the allowed methods passed from the user with the methods
supported by the other party. If the user added new methods to the
request, the remote party would cancel the verification.
master
Jan Veen 2021-03-12 14:43:59 +01:00
parent e9be23f853
commit 587c09e700
1 changed files with 4 additions and 6 deletions

View File

@ -705,18 +705,16 @@ impl AcceptSettings {
AcceptContent::ToDevice(AcceptToDeviceEventContent { AcceptContent::ToDevice(AcceptToDeviceEventContent {
method: AcceptMethod::MSasV1(c), method: AcceptMethod::MSasV1(c),
.. ..
}) => { })
c.short_authentication_string = self.allowed_methods; | AcceptContent::Room(
content
}
AcceptContent::Room(
_, _,
AcceptEventContent { AcceptEventContent {
method: AcceptMethod::MSasV1(c), method: AcceptMethod::MSasV1(c),
.. ..
}, },
) => { ) => {
c.short_authentication_string = self.allowed_methods; c.short_authentication_string
.retain(|sas| self.allowed_methods.contains(sas));
content content
} }
_ => content, _ => content,