Module: ngircd.git Branch: master Commit: 695df6532ec717e5571e1ddc2c88a8c968603c5a URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=695df6532... Author: Alexander Barton <alex@barton.de> Date: Sat Jun 2 00:24:53 2012 +0200 IDENT reply: only allow alphanumeric characters in user name Only alphanumeric characters are allowed in the user name, so ignore all IDENT replies that would violate this rule and use the one supplied by the USER command. --- src/ngircd/conn.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index b6e6280..4d77871 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -2174,6 +2174,7 @@ cb_Read_Resolver_Result( int r_fd, UNUSED short events ) char *identptr; #ifdef IDENTAUTH char readbuf[HOST_LEN + 2 + CLIENT_USER_LEN]; + char *ptr; #else char readbuf[HOST_LEN + 1]; #endif @@ -2226,11 +2227,30 @@ cb_Read_Resolver_Result( int r_fd, UNUSED short events ) #ifdef IDENTAUTH ++identptr; if (*identptr) { - Log(LOG_INFO, "IDENT lookup for connection %d: \"%s\".", i, identptr); - Client_SetUser(c, identptr, true); - if (Conf_NoticeAuth) + ptr = identptr; + while (*ptr) { + if ((*ptr < '0' || *ptr > '9') && + (*ptr < 'A' || *ptr > 'Z') && + (*ptr < 'a' || *ptr > 'z')) + break; + ptr++; + } + if (*ptr) { + /* Erroneous IDENT reply */ + Log(LOG_NOTICE, + "Got invalid IDENT reply for connection %d! Ignored.", + i); + } else { + Log(LOG_INFO, + "IDENT lookup for connection %d: \"%s\".", + i, identptr); + Client_SetUser(c, identptr, true); + } + if (Conf_NoticeAuth) { (void)Conn_WriteStr(i, - "NOTICE AUTH :*** Got ident response"); + "NOTICE AUTH :*** Got %sident response", + *ptr == NULL ? "" : "invalid "); + } } else { Log(LOG_INFO, "IDENT lookup for connection %d: no result.", i); if (Conf_NoticeAuth && Conf_Ident)