Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0. This resolves another authentication bypass issuev1.0.4

author: starrheld <kevin@starrheld.co.uk> 2017-03-19 19:18:43 +0100
committer: Yehonal <yehonal.azeroth@gmail.com> 2017-04-19 21:38:33 +0200
commit: 65aa7f45780fd2ff277256a21df4edc021ed7030 (patch)
tree: 20bd8561789b83e01250a7c4cf2e1f796d0e1a89 /src/authserver/Server/AuthSocket.cpp
parent: ffd81423f84d40c0c86856fa074a0445c76e2bf6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/authserver/Server/AuthSocket.cpp b/src/authserver/Server/AuthSocket.cpp
index b9e935a6d0..b9671c0d12 100644
--- a/src/authserver/Server/AuthSocket.cpp
+++ b/src/authserver/Server/AuthSocket.cpp
@@ -557,7 +557,7 @@ bool AuthSocket::_HandleLogonProof()
     A.SetBinary(lp.A, 32);
 
     // SRP safeguard: abort if A == 0
-    if (A.isZero())
+    if ((A % N).isZero())
     {
         socket().shutdown();
         return true;
author	starrheld <kevin@starrheld.co.uk>	2017-03-19 19:18:43 +0100
committer	Yehonal <yehonal.azeroth@gmail.com>	2017-04-19 21:38:33 +0200
commit	65aa7f45780fd2ff277256a21df4edc021ed7030 (patch)
tree	20bd8561789b83e01250a7c4cf2e1f796d0e1a89 /src/authserver/Server/AuthSocket.cpp
parent	ffd81423f84d40c0c86856fa074a0445c76e2bf6 (diff)