From a6c1beaad0f715a28495edab8b4ae0f53a8968a7 Mon Sep 17 00:00:00 2001
From: James Lu <james@overdrivenetworks.com>
Date: Fri, 30 Mar 2018 11:54:45 -0700
Subject: [PATCH] SECURITY: normalize account names before checking network /
 oper filters

---
 coremods/corecommands.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/coremods/corecommands.py b/coremods/corecommands.py
index 576fd46..bea0223 100644
--- a/coremods/corecommands.py
+++ b/coremods/corecommands.py
@@ -15,8 +15,10 @@ from pylinkirc.log import log
 
 def _login(irc, source, username):
     """Internal function to process logins."""
+    # Mangle case before we start checking for login data.
+    accounts = {k.lower(): v for k, v in conf.conf['login'].get('accounts', {}).items()}
 
-    logindata = conf.conf['login'].get('accounts', {}).get(username, {})
+    logindata = accounts.get(username.lower(), {})
     network_filter = logindata.get('networks')
     require_oper = logindata.get('require_oper', False)
     hosts_filter = logindata.get('hosts', [])