From 465c450d3fb809985fe3b008298bc3db876bf907 Mon Sep 17 00:00:00 2001
From: levlam <levlam@telegram.org>
Date: Fri, 6 Apr 2018 20:50:30 +0300
Subject: [PATCH] Check secure secret id.

GitOrigin-RevId: a2870d7aa8e9920a131f672b04167010738a5a7e
---
 td/telegram/PasswordManager.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/td/telegram/PasswordManager.cpp b/td/telegram/PasswordManager.cpp
index 78996471d..b3a083366 100644
--- a/td/telegram/PasswordManager.cpp
+++ b/td/telegram/PasswordManager.cpp
@@ -209,8 +209,12 @@ void PasswordManager::do_get_full_state(string password, PasswordState state, Pr
 
           auto r_secret = [&]() -> Result<secure_storage::Secret> {
             TRY_RESULT(encrypted_secret, secure_storage::EncryptedSecret::create(result->secure_secret_.as_slice()));
-            return encrypted_secret.decrypt(PSLICE() << result->secure_salt_.as_slice() << password
+            auto r_secret = encrypted_secret.decrypt(PSLICE() << result->secure_salt_.as_slice() << password
                                                      << result->secure_salt_.as_slice());
+            if (r_secret.is_ok() && result->secure_secret_id_ != r_secret.ok().get_hash()) {
+              return Status::Error("Secret hash mismatch");
+            }
+            return r_secret;
           }();
 
           private_state.secret = std::move(r_secret);