If an invalid password is specified *and* the hostmask isn't recognized we

need to watch for a KeyError instead of assuming it is the owner trying to register a hostmask for another user.
2024-10-14 17:59:29 +02:00 · 2004-06-09 23:44:49 +00:00 · 2004-06-09 23:44:49 +00:00 · 06e92cdcb2
commit 06e92cdcb2
parent 32f39e0980
1 changed files with 5 additions and 1 deletions
--- a/src/User.py
+++ b/src/User.py
@ -222,7 +222,11 @@ class User(callbacks.Privmsg):
            pass
        if not user.checkPassword(password) and \
           not user.checkHostmask(msg.prefix):
-            u = ircdb.users.getUser(msg.prefix)
+            try:
+                u = ircdb.users.getUser(msg.prefix)
+            except KeyError:
+                irc.error(conf.supybot.replies.incorrectAuthentication())
+                return
            if not u.checkCapability('owner'):
                irc.error(conf.supybot.replies.incorrectAuthentication())
                return