From b6fe8e7a5b68c5d12b23056b6654157c739c7376 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Tue, 6 Feb 2024 12:59:37 +0100
Subject: [bugfix] Ensure activities sender always = activities actor (#2608)

---
 internal/federation/authenticate.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'internal/federation/authenticate.go')

diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go
index 6899e5ad3..59281fa65 100644
--- a/internal/federation/authenticate.go
+++ b/internal/federation/authenticate.go
@@ -214,6 +214,17 @@ func (f *Federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
 			err := gtserror.Newf("error dereferencing account %s: %w", pubKeyAuth.OwnerURI, err)
 			return nil, gtserror.NewErrorInternalError(err)
 		}
+
+		// Catch a possible (but very rare) race condition where
+		// we've fetched a key, then fetched the Actor who owns the
+		// key, but the Key of the Actor has changed in the meantime.
+		if !pubKeyAuth.Owner.PublicKey.Equal(pubKeyAuth.FetchedPubKey) {
+			err := gtserror.Newf(
+				"key mismatch: fetched key %s does not match pubkey of fetched Actor %s",
+				pubKeyID, pubKeyAuth.Owner.URI,
+			)
+			return nil, gtserror.NewErrorUnauthorized(err)
+		}
 	}
 
 	if !pubKeyAuth.Owner.SuspendedAt.IsZero() {
-- 
cgit v1.2.3