From 1b35c6887f6955cdb648c8c24fefae8ccebeb26b Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Mon, 6 Jan 2020 12:21:52 -0500
Subject: [PATCH 1/2] fix #733

---
 irc/accounts.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/irc/accounts.go b/irc/accounts.go
index 5b5540ed..ce18984b 100644
--- a/irc/accounts.go
+++ b/irc/accounts.go
@@ -1439,6 +1439,13 @@ func (ac *AccountCredentials) SetPassphrase(passphrase string, bcryptCost uint)
 }
 
 func (ac *AccountCredentials) AddCertfp(certfp string) (err error) {
+	// XXX we require that certfp is already normalized (rather than normalize here
+	// and pass back the normalized version as an additional return parameter);
+	// this is just a final sanity check:
+	if len(certfp) != 64 {
+		return utils.ErrInvalidCertfp
+	}
+
 	for _, current := range ac.Certfps {
 		if certfp == current {
 			return errNoop

From a120cc24436a69402f95644eb5e1ef92c04148b2 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Mon, 6 Jan 2020 12:53:21 -0500
Subject: [PATCH 2/2] never set the certfp lookup key before verification

---
 irc/accounts.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/irc/accounts.go b/irc/accounts.go
index ce18984b..0012d385 100644
--- a/irc/accounts.go
+++ b/irc/accounts.go
@@ -378,9 +378,6 @@ func (am *AccountManager) Register(client *Client, account string, callbackNames
 			tx.Set(registeredTimeKey, registeredTimeStr, setOptions)
 			tx.Set(credentialsKey, credStr, setOptions)
 			tx.Set(callbackKey, callbackSpec, setOptions)
-			if certfp != "" {
-				tx.Set(certFPKey, casefoldedAccount, setOptions)
-			}
 			return nil
 		})
 	}()