From c28d108b96bd42bb45b28f6bce73ebab9fa62bab Mon Sep 17 00:00:00 2001
From: ejurgensen <espenjurgensen@gmail.com>
Date: Thu, 28 Dec 2023 13:54:52 +0100
Subject: [PATCH] [raop] Fix crash when keys of incorrect length are used for
 legacy pairing

Happens if the user has paied with Airplay 2, and afterwards activates Airplay 1
for the same device, since the keys in device->auth_keys will then be incorrect
length.

Closes #1703
---
 src/outputs/airplay.c |  2 +-
 src/outputs/raop.c    | 26 ++++++++++++++++++++------
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/outputs/airplay.c b/src/outputs/airplay.c
index f0af94a0..afd53b50 100644
--- a/src/outputs/airplay.c
+++ b/src/outputs/airplay.c
@@ -2748,7 +2748,7 @@ payload_make_pair_verify1(struct evrtsp_request *req, struct airplay_session *rs
   rs->pair_verify_ctx = pair_verify_new(rs->pair_type, device->auth_key, NULL, NULL, device_id_hex);
   if (!rs->pair_verify_ctx)
     {
-      DPRINTF(E_LOG, L_AIRPLAY, "Out of memory for verification verify context\n");
+      DPRINTF(E_LOG, L_AIRPLAY, "Couldn't create verification verify context (invalid auth key?)\n");
       return -1;
     }
 
diff --git a/src/outputs/raop.c b/src/outputs/raop.c
index 2e59ed5f..2f433e01 100644
--- a/src/outputs/raop.c
+++ b/src/outputs/raop.c
@@ -3966,7 +3966,15 @@ raop_pair_verify(struct raop_session *rs)
   if (!device)
     goto error;
 
-  CHECK_NULL(L_RAOP, rs->pair_verify_ctx = pair_verify_new(PAIR_CLIENT_FRUIT, device->auth_key, NULL, NULL, NULL));
+  rs->pair_verify_ctx = pair_verify_new(PAIR_CLIENT_FRUIT, device->auth_key, NULL, NULL, NULL);
+  if (!rs->pair_verify_ctx)
+    {
+      DPRINTF(E_LOG, L_RAOP, "Verification authorization key invalid, resetting\n");
+
+      free(device->auth_key);
+      device->auth_key = NULL;
+      goto error;
+    }
 
   ret = raop_pair_request_send(4, rs, raop_cb_pair_verify_step1);
   if (ret < 0)
@@ -4450,11 +4458,17 @@ raop_device_start_generic(struct output_device *device, int callback_id, bool on
     return -1;
 
   if (device->auth_key)
-    ret = raop_pair_verify(rs);
-  else if (device->requires_auth)
-    ret = raop_send_req_pin_start(rs, raop_cb_pin_start, "device_start");
-  else
-    ret = raop_send_req_options(rs, raop_cb_startup_options, "device_start");
+    {
+      ret = raop_pair_verify(rs);
+    }
+
+  if (!device->auth_key) // If no auth keys or if raop_pair_verify() cleared the key
+    {
+      if (device->requires_auth)
+	ret = raop_send_req_pin_start(rs, raop_cb_pin_start, "device_start");
+      else
+	ret = raop_send_req_options(rs, raop_cb_startup_options, "device_start");
+    }
 
   if (ret < 0)
     {