From 44963f7c48fa76b2bbf1cc8b63b84519c0cc4c6e Mon Sep 17 00:00:00 2001
From: Michael Krelin <hacker@klever.net>
Date: Mon, 30 Jun 2014 18:29:32 +0000
Subject: reject zero A from the client (as per CLP-01-017)

---
diff --git a/backend/node/src/clipperz.js b/backend/node/src/clipperz.js
index 72b6c9f..842de31 100644
--- a/backend/node/src/clipperz.js
+++ b/backend/node/src/clipperz.js
@@ -173,6 +173,8 @@ var CLIPPERZ = module.exports = function(CONFIG) {
        }]
       },function(e,r) {
        if(e) return cb(e);
+       var A = BIGNUM(ppp.A,16);
+       if(A.eq(0)) return cb(new Error('Ground Zero'));
        req.session.C = ppp.C; req.session.A = ppp.A;
        req.session.s = r.u.u_srp_s; req.session.v = r.u.u_srp_v;
        req.session.u = r.u.u_id;
--
cgit v0.9.0.2