From a198e809d6f829cfe177ea4249f5b7d7b310fe2f Mon Sep 17 00:00:00 2001
From: Kris Braun <kris.braun@letscollide.io>
Date: Fri, 27 Oct 2023 14:42:54 -0400
Subject: [PATCH] Limit client flags to server capabilities

---
 lib/commands/server_handshake.js  | 2 +-
 lib/packets/handshake_response.js | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/commands/server_handshake.js b/lib/commands/server_handshake.js
index d93462e171..4fb5de2831 100644
--- a/lib/commands/server_handshake.js
+++ b/lib/commands/server_handshake.js
@@ -35,7 +35,7 @@ class ServerHandshake extends Command {
 
   readClientReply(packet, connection) {
     // check auth here
-    const clientHelloReply = Packets.HandshakeResponse.fromPacket(packet);
+    const clientHelloReply = Packets.HandshakeResponse.fromPacket(packet, this.args.capabilityFlags);
     // TODO check we don't have something similar already
     connection.clientHelloReply = clientHelloReply;
     if (this.args.authCallback) {
diff --git a/lib/packets/handshake_response.js b/lib/packets/handshake_response.js
index b2dee38c94..ace4628208 100644
--- a/lib/packets/handshake_response.js
+++ b/lib/packets/handshake_response.js
@@ -99,11 +99,11 @@ class HandshakeResponse {
     const p = this.serializeResponse(Packet.MockBuffer());
     return this.serializeResponse(Buffer.alloc(p.offset));
   }
-  static fromPacket(packet) {
+  static fromPacket(packet, serverFlags) {
     const args = {};
     args.clientFlags = packet.readInt32();
     function isSet(flag) {
-      return args.clientFlags & ClientConstants[flag];
+      return (args.clientFlags & serverFlags) & ClientConstants[flag];
     }
     args.maxPacketSize = packet.readInt32();
     args.charsetNumber = packet.readInt8();