From 65aa7f45780fd2ff277256a21df4edc021ed7030 Mon Sep 17 00:00:00 2001
From: starrheld <kevin@starrheld.co.uk>
Date: Sun, 19 Mar 2017 19:18:43 +0100
Subject: Core/Auth: Per SRP6a protocol, terminate connection of A % N == 0.
 This resolves another authentication bypass issue

---
 src/authserver/Server/AuthSocket.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/authserver/Server/AuthSocket.cpp b/src/authserver/Server/AuthSocket.cpp
index b9e935a6d0..b9671c0d12 100644
--- a/src/authserver/Server/AuthSocket.cpp
+++ b/src/authserver/Server/AuthSocket.cpp
@@ -557,7 +557,7 @@ bool AuthSocket::_HandleLogonProof()
     A.SetBinary(lp.A, 32);
 
     // SRP safeguard: abort if A == 0
-    if (A.isZero())
+    if ((A % N).isZero())
     {
         socket().shutdown();
         return true;
-- 
cgit v1.2.3