Commit 11cd138c authored by Nick Mathewson's avatar Nick Mathewson 👁
Browse files

Fix a security issue (!) in link handshake validation.

When making sure that the peer had the right RSA identity, we
were comparing the RSA identity with itself, not with the RSA
identity we expected.

Found via unit testing (!).
parent 29464c45
......@@ -344,7 +344,7 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static> UnverifiedChannel<T> {
return Err(Error::ChanProto("Peer ed25519 id not as expected".into()));
}
if pkrsa.to_rsa_identity() != rsa_id {
if *peer.rsa_identity() != rsa_id {
return Err(Error::ChanProto("Peer RSA id not as expected".into()));
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment