Simplify check for valid user names in IRC_USER().

[ngircd-alex.git] / src / ngircd / irc-login.c

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index 6c1c708a61d49532e29d8c86136228fb492e4af7..99cd26f45818a1fa3a42bb36c67f58a4c7ac86b2 100644 (file)
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -18,6 +18,7 @@
 
 #include "imp.h"
 #include <assert.h>
+#include <ctype.h>
 #include <stdlib.h>
 #include <string.h>
 #include <strings.h>
@@ -87,7 +88,7 @@ IRC_PASS( CLIENT *Client, REQUEST *Req )
                                          Client_ID(Client));
        }
 
-       Client_SetPassword(Client, Req->argv[0]);
+       Conn_SetPassword(Client_Conn(Client), Req->argv[0]);
 
        /* Protocol version */
        if (Req->argc >= 2 && strlen(Req->argv[1]) >= 4) {
@@ -400,9 +401,7 @@ GLOBAL bool
 IRC_USER(CLIENT * Client, REQUEST * Req)
 {
        CLIENT *c;
-#ifdef IDENTAUTH
        char *ptr;
-#endif
 
        assert(Client != NULL);
        assert(Req != NULL);
@@ -420,7 +419,20 @@ IRC_USER(CLIENT * Client, REQUEST * Req)
                                                  Client_ID(Client),
                                                  Req->command);
 
-               /* User name */
+               /* User name: only alphanumeric characters and limited
+                  punctuation is allowed.*/
+               ptr = Req->argv[0];
+               while (*ptr) {
+                       if (!isalnum(*ptr) &&
+                           *ptr != '+' && *ptr != '-' &&
+                           *ptr != '.' && *ptr != '_') {
+                               Conn_Close(Client_Conn(Client), NULL,
+                                          "Invalid user name", true);
+                               return DISCONNECTED;
+                       }
+                       ptr++;
+               }
+
 #ifdef IDENTAUTH
                ptr = Client_User(Client);
                if (!ptr || !*ptr || *ptr == '~')