site: Replace remote's caps after verifying MSG3

author Mark Wooding <mdw@distorted.org.uk>

Sat, 28 Sep 2019 15:13:45 +0000 (16:13 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Sat, 28 Sep 2019 15:25:09 +0000 (16:25 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Sat, 28 Sep 2019 15:13:45 +0000 (16:13 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Sat, 28 Sep 2019 15:25:09 +0000 (16:25 +0100)
diff --git a/site.c b/site.c

index 3b8f34d47c8ff455a0d69bf931598093cacc6a25..edf4c50d11cfd7fe3c101d851e27fed22e1a67a1 100644 (file)
--- a/site.c
+++ b/site.c
@@ -913,7 +913,6 @@ static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
              capab_adv_late, st->remote_capabilities, m.remote_capabilities);
         return False;
      }
-    st->remote_capabilities|=m.remote_capabilities;
  
  #define CHOSE_CRYPTO(kind, what) do {                                  \
      struct kind##_if *iface;                                           \
@@ -937,6 +936,16 @@ kind##_found:                                                              \
      if (!process_msg3_msg4(st,&m))
         return False;
  
+    /* Update our idea of the remote site's capabilities, now that we've
+     * verified that its message was authentic.
+     *
+     * Our previous idea of the remote site's capabilities came from the
+     * unauthenticated MSG1.  We've already checked that this new message
+     * doesn't change any of the bits we relied upon in the past, but it may
+     * also have set additional capability bits.  We simply throw those away
+     * now, and use the authentic capabilities from this MSG3. */
+    st->remote_capabilities=m.remote_capabilities;
+
      /* Terminate their DH public key with a '0' */
      m.pk[m.pklen]=0;
      /* Invent our DH secret key */
author	Mark Wooding <mdw@distorted.org.uk>
	Sat, 28 Sep 2019 15:13:45 +0000 (16:13 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sat, 28 Sep 2019 15:25:09 +0000 (16:25 +0100)