mirrors/ngircd
1
0
Fork 0
mirror of https://github.com/osmarks/ngircd.git synced 2024-10-28 04:46:17 +00:00
Code Issues Releases Wiki Activity

USER command: only allow alphanumeric characters in user name

Browse Source 
Only alphanumeric characters are allowed in the user name, so terminate
the connection if any "strage" characters have been supplied by the user.

This is how other IRC daemons (like ircd2.11 and ircd-seven) behave ...
This commit is contained in:
Alexander Barton 2012-06-01 23:57:51 +02:00
parent a21a7d8b66
commit 6680b536c4
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/ngircd/irc-login.c
View File

@ -400,9 +400,7 @@ GLOBAL bool
IRC_USER(CLIENT * Client, REQUEST * Req)
{
CLIENT *c;
#ifdef IDENTAUTH
char *ptr;
#endif
assert(Client != NULL);
assert(Req != NULL);
@ -420,7 +418,19 @@ IRC_USER(CLIENT * Client, REQUEST * Req)
Client_ID(Client),
Req->command);
/* User name */
/* User name: only alphanumeric characters are allowed! */
ptr = Req->argv[0];
while (*ptr) {
if ((*ptr < '0' || *ptr > '9') &&
(*ptr < 'A' || *ptr > 'Z') &&
(*ptr < 'a' || *ptr > 'z')) {
Conn_Close(Client_Conn(Client), NULL,
"Invalid user name", true);
return DISCONNECTED;
}
ptr++;
}
#ifdef IDENTAUTH
ptr = Client_User(Client);
if (!ptr || !*ptr || *ptr == '~')