about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2017-10-04 00:33:56 +0200
committerGitHub <noreply@github.com>2017-10-04 00:33:56 +0200
commitc743b5e1fdb938d52d8c023bb6ef1bf9b397226c (patch)
treebd179103fe9800e2823b46de81cbbb139a6efebf
parentdfaa219f8820224d37cd060d253a507111c63460 (diff)
Fix possible acct: uri usurpation in ActivityPub account discovery (#5208)
Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>
-rw-r--r--app/services/activitypub/fetch_remote_account_service.rb6
1 files changed, 2 insertions, 4 deletions
diff --git a/app/services/activitypub/fetch_remote_account_service.rb b/app/services/activitypub/fetch_remote_account_service.rb
index 3eeca585e..cb6e40748 100644
--- a/app/services/activitypub/fetch_remote_account_service.rb
+++ b/app/services/activitypub/fetch_remote_account_service.rb
@@ -30,14 +30,12 @@ class ActivityPub::FetchRemoteAccountService < BaseService
     return true if @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero?
 
     webfinger                            = Goldfinger.finger("acct:#{confirmed_username}@#{confirmed_domain}")
-    confirmed_username, confirmed_domain = split_acct(webfinger.subject)
+    @username, @domain                   = split_acct(webfinger.subject)
     self_reference                       = webfinger.link('self')
 
+    return false unless @username.casecmp(confirmed_username).zero? && @domain.casecmp(confirmed_domain).zero?
     return false if self_reference&.href != @uri
 
-    @username = confirmed_username
-    @domain   = confirmed_domain
-
     true
   rescue Goldfinger::Error
     false