lib/pairing.c fix ancient bug that silently bypasses 2nd pair-verify step in pairing

FD- / RPiPlay

An open-source AirPlay mirroring server for the Raspberry Pi. Supports iOS 9 and up.

GNU General Public License v3.0

4.94k stars 353 forks source link

lib/pairing.c fix ancient bug that silently bypasses 2nd pair-verify step in pairing #299

Closed fduncanh closed 2 years ago

fduncanh commented 2 years ago

The bug is present in the original code imported by FD-, but is not in shairplay. It is also not in dsafa22's code as indirectly seen in his paper about it. see https://www.programmersought.com/article/2084789418/ or https://github.com/SteeBono/airplayreceiver/wiki/AirPlay2-Protocol (bug found during UxPlay development)

Bug is innocuous if pairing interaction between client and RPiPlay is correct, but the check made by the 2nd POST pair-verify call is part of the protocol.

fduncanh commented 2 years ago

somehow two distinct PRsgot combined; closing.