Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0. This resolves another authentication bypass issue

This commit is contained in:
starrheld
2017-03-19 19:18:43 +01:00
committed by Yehonal
parent ffd81423f8
commit 65aa7f4578
+1 -1
View File
@@ -557,7 +557,7 @@ bool AuthSocket::_HandleLogonProof()
A.SetBinary(lp.A, 32);
// SRP safeguard: abort if A == 0
if (A.isZero())
if ((A % N).isZero())
{
socket().shutdown();
return true;