[raop] Fix crash when keys of incorrect length are used for legacy pa…

…iring Happens if the user has paied with Airplay 2, and afterwards activates Airplay 1 for the same device, since the keys in device->auth_keys will then be incorrect length. Closes #1703
owntone · Dec 28, 2023 · c28d108 · c28d108
1 parent 3fe4c9f
commit c28d108
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 7 deletions.
diff --git a/src/outputs/airplay.c b/src/outputs/airplay.c
@@ -2748,7 +2748,7 @@ payload_make_pair_verify1(struct evrtsp_request *req, struct airplay_session *rs
   rs->pair_verify_ctx = pair_verify_new(rs->pair_type, device->auth_key, NULL, NULL, device_id_hex);
   if (!rs->pair_verify_ctx)
     {
-      DPRINTF(E_LOG, L_AIRPLAY, "Out of memory for verification verify context\n");
+      DPRINTF(E_LOG, L_AIRPLAY, "Couldn't create verification verify context (invalid auth key?)\n");
       return -1;
     }
 

diff --git a/src/outputs/raop.c b/src/outputs/raop.c
@@ -3966,7 +3966,15 @@ raop_pair_verify(struct raop_session *rs)
   if (!device)
     goto error;
 
-  CHECK_NULL(L_RAOP, rs->pair_verify_ctx = pair_verify_new(PAIR_CLIENT_FRUIT, device->auth_key, NULL, NULL, NULL));
+  rs->pair_verify_ctx = pair_verify_new(PAIR_CLIENT_FRUIT, device->auth_key, NULL, NULL, NULL);
+  if (!rs->pair_verify_ctx)
+    {
+      DPRINTF(E_LOG, L_RAOP, "Verification authorization key invalid, resetting\n");
+
+      free(device->auth_key);
+      device->auth_key = NULL;
+      goto error;
+    }
 
   ret = raop_pair_request_send(4, rs, raop_cb_pair_verify_step1);
   if (ret < 0)
@@ -4450,11 +4458,17 @@ raop_device_start_generic(struct output_device *device, int callback_id, bool on
     return -1;
 
   if (device->auth_key)
-    ret = raop_pair_verify(rs);
-  else if (device->requires_auth)
-    ret = raop_send_req_pin_start(rs, raop_cb_pin_start, "device_start");
-  else
-    ret = raop_send_req_options(rs, raop_cb_startup_options, "device_start");
+    {
+      ret = raop_pair_verify(rs);
+    }
+
+  if (!device->auth_key) // If no auth keys or if raop_pair_verify() cleared the key
+    {
+      if (device->requires_auth)
+	ret = raop_send_req_pin_start(rs, raop_cb_pin_start, "device_start");
+      else
+	ret = raop_send_req_options(rs, raop_cb_startup_options, "device_start");
+    }
 
   if (ret < 0)
     {