Module: ngircd.git Branch: master Commit: 6680b536c4da7dc27e11490fe098e98cb0393fa2 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=6680b...
Author: Alexander Barton alex@barton.de Date: Fri Jun 1 23:57:51 2012 +0200
USER command: only allow alphanumeric characters in user name
Only alphanumeric characters are allowed in the user name, so terminate the connection if any "strage" characters have been supplied by the user.
This is how other IRC daemons (like ircd2.11 and ircd-seven) behave ...
---
src/ngircd/irc-login.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 6c1c708..3fb1b90 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -400,9 +400,7 @@ GLOBAL bool IRC_USER(CLIENT * Client, REQUEST * Req) { CLIENT *c; -#ifdef IDENTAUTH char *ptr; -#endif
assert(Client != NULL); assert(Req != NULL); @@ -420,7 +418,19 @@ IRC_USER(CLIENT * Client, REQUEST * Req) Client_ID(Client), Req->command);
- /* User name */ + /* User name: only alphanumeric characters are allowed! */ + ptr = Req->argv[0]; + while (*ptr) { + if ((*ptr < '0' || *ptr > '9') && + (*ptr < 'A' || *ptr > 'Z') && + (*ptr < 'a' || *ptr > 'z')) { + Conn_Close(Client_Conn(Client), NULL, + "Invalid user name", true); + return DISCONNECTED; + } + ptr++; + } + #ifdef IDENTAUTH ptr = Client_User(Client); if (!ptr || !*ptr || *ptr == '~')