USER command: only allow alphanumeric characters in user name
Only alphanumeric characters are allowed in the user name, so terminate the connection if any "strage" characters have been supplied by the user. This is how other IRC daemons (like ircd2.11 and ircd-seven) behave ...
This commit is contained in:
Alexander Barton
parent
a21a7d8b66
commit
6680b536c4
|
|
@ -400,9 +400,7 @@ GLOBAL bool
|
|||
IRC_USER(CLIENT * Client, REQUEST * Req)
|
||||
{
|
||||
CLIENT *c;
|
||||
#ifdef IDENTAUTH
|
||||
char *ptr;
|
||||
#endif
|
||||
|
||||
assert(Client != NULL);
|
||||
assert(Req != NULL);
|
||||
|
|
@ -420,7 +418,19 @@ IRC_USER(CLIENT * Client, REQUEST * Req)
|
|||
Client_ID(Client),
|
||||
Req->command);
|
||||
|
||||
/* User name */
|
||||
/* User name: only alphanumeric characters are allowed! */
|
||||
ptr = Req->argv[0];
|
||||
while (*ptr) {
|
||||
if ((*ptr < '0' || *ptr > '9') &&
|
||||
(*ptr < 'A' || *ptr > 'Z') &&
|
||||
(*ptr < 'a' || *ptr > 'z')) {
|
||||
Conn_Close(Client_Conn(Client), NULL,
|
||||
"Invalid user name", true);
|
||||
return DISCONNECTED;
|
||||
}
|
||||
ptr++;
|
||||
}
|
||||
|
||||
#ifdef IDENTAUTH
|
||||
ptr = Client_User(Client);
|
||||
if (!ptr || !*ptr || *ptr == '~')
|
||||
|
|
|
|||
Loading…
Reference in New Issue