From 347cc30ed4ec36dbe10c8500941a6ea7f6a1fd50 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Fri, 16 Oct 2020 16:57:33 -0400 Subject: [PATCH] fix a potential conflict with delayed verification of confusable names 0. Enable email verification 1. Register `dog` 2. Register `d0g` 3. Verify `dog` 4. Verify `d0g`: verification succeeds but the nick cannot be used --- irc/accounts.go | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/irc/accounts.go b/irc/accounts.go index 9fd73186..61e83b79 100644 --- a/irc/accounts.go +++ b/irc/accounts.go @@ -830,6 +830,34 @@ func (am *AccountManager) Verify(client *Client, account string, code string) er am.serialCacheUpdateMutex.Lock() defer am.serialCacheUpdateMutex.Unlock() + // do a final check for confusability (in case someone already verified + // a confusable identifier): + var unfoldedName string + err = am.server.store.View(func(tx *buntdb.Tx) error { + unfoldedName, err = tx.Get(accountNameKey) + return err + }) + if err != nil { + err = errAccountDoesNotExist + return + } + skeleton, err = Skeleton(unfoldedName) + if err != nil { + err = errAccountDoesNotExist + return + } + err = func() error { + am.RLock() + defer am.RUnlock() + if _, ok := am.skeletonToAccount[skeleton]; ok { + return errConfusableIdentifier + } + return nil + }() + if err != nil { + return + } + err = am.server.store.Update(func(tx *buntdb.Tx) error { raw, err = am.loadRawAccount(tx, casefoldedAccount) if err == errAccountDoesNotExist { @@ -878,7 +906,6 @@ func (am *AccountManager) Verify(client *Client, account string, code string) er }) if err == nil { - skeleton, _ = Skeleton(raw.Name) am.Lock() am.nickToAccount[casefoldedAccount] = casefoldedAccount am.skeletonToAccount[skeleton] = casefoldedAccount