From f34f86f7b7514946d55a10eaa8be039f8a1fa93c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20L=C3=B3pez=20Guimaraes?= <danielectra@outlook.com>
Date: Thu, 13 Feb 2025 21:50:11 +0000
Subject: [PATCH] fix(prudp): Check for matching user PID and ticket source PID

---
 prudp_endpoint.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/prudp_endpoint.go b/prudp_endpoint.go
index 8290e70..225ed54 100644
--- a/prudp_endpoint.go
+++ b/prudp_endpoint.go
@@ -509,6 +509,10 @@ func (pep *PRUDPEndPoint) readKerberosTicket(payload []byte) ([]byte, types.PID,
 		return nil, 0, 0, err
 	}
 
+	if userPID != ticket.SourcePID {
+		return nil, 0, 0, errors.New("User PID and ticket source PID mismatch")
+	}
+
 	_, err = checkDataStream.ReadUInt32LE() // * CID of secure server station url
 	if err != nil {
 		return nil, 0, 0, err