@@ -542,6 +542,8 @@ impl Peerstate {
542542/// * `old_addr`: Old address of the peerstate in case of an AEAP transition.
543543pub ( crate ) async fn save_to_db_ex ( & self , sql : & Sql , old_addr : Option < & str > ) -> Result < ( ) > {
544544 let trans_fn = |t : & mut rusqlite:: Transaction | {
545+ let verified_key_fingerprint =
546+ self . verified_key_fingerprint . as_ref ( ) . map ( |fp| fp. hex ( ) ) ;
545547 if let Some ( old_addr) = old_addr {
546548 // We are doing an AEAP transition to the new address and the SQL INSERT below will
547549 // save the existing peerstate as belonging to this new address. We now need to
@@ -551,11 +553,14 @@ impl Peerstate {
551553 // existing peerstate as this would break encryption to it. This is critical for
552554 // non-verified groups -- if we can't encrypt to the old address, we can't securely
553555 // remove it from the group (to add the new one instead).
556+ //
557+ // NB: We check that `verified_key_fingerprint` hasn't changed to protect from
558+ // possible races.
554559 t. execute (
555- "UPDATE acpeerstates \
556- \
557- ,
558- ( old_addr, ) ,
560+ "UPDATE acpeerstates
561+ SET verified_key=NULL, verified_key_fingerprint='', verifier=''
562+ WHERE addr=? AND verified_key_fingerprint=? " ,
563+ ( old_addr, & verified_key_fingerprint ) ,
559564 ) ?;
560565 }
561566 t. execute (
@@ -604,7 +609,7 @@ impl Peerstate {
604609 self . public_key_fingerprint . as_ref ( ) . map ( |fp| fp. hex ( ) ) ,
605610 self . gossip_key_fingerprint . as_ref ( ) . map ( |fp| fp. hex ( ) ) ,
606611 self . verified_key . as_ref ( ) . map ( |k| k. to_bytes ( ) ) ,
607- self . verified_key_fingerprint . as_ref ( ) . map ( |fp| fp . hex ( ) ) ,
612+ & verified_key_fingerprint,
608613 self . verifier . as_deref ( ) . unwrap_or ( "" ) ,
609614 self . secondary_verified_key . as_ref ( ) . map ( |k| k. to_bytes ( ) ) ,
610615 self . secondary_verified_key_fingerprint
0 commit comments