From b59b885dbdc2ab5060a270dcdc99346884770934 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Fri, 5 May 2023 18:00:26 -0500
Subject: [PATCH] Fix pairing error handling when the hash doesn't match

We shouldn't proceed to signature verification if we already failed hash verification
---
 src/nvhttp.cpp | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/nvhttp.cpp b/src/nvhttp.cpp
index f2e65f20..25942555 100644
--- a/src/nvhttp.cpp
+++ b/src/nvhttp.cpp
@@ -375,14 +375,7 @@ namespace nvhttp {
     auto hash = crypto::hash(data);
 
     // if hash not correct, probably MITM
-    if (std::memcmp(hash.data(), sess.clienthash.data(), hash.size())) {
-      // TODO: log
-
-      map_id_sess.erase(client.uniqueID);
-      tree.put("root.paired", 0);
-    }
-
-    if (crypto::verify256(crypto::x509(client.cert), secret, sign)) {
+    if (!std::memcmp(hash.data(), sess.clienthash.data(), hash.size()) && crypto::verify256(crypto::x509(client.cert), secret, sign)) {
       tree.put("root.paired", 1);
       add_cert->raise(crypto::x509(client.cert));