X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=7d6e07d04c58402a4a420e897823bb32363e5623;hp=bf3254c985807e62ff24232e46ab1f6babc32752;hb=48326e061aacd954e24f76c53ded10448cbc28eb;hpb=110be707c306683c666bd736a8dcd7aef86d9f21

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index bf3254c9..7d6e07d0 100644
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -18,7 +18,9 @@
 
 #include "imp.h"
 #include <assert.h>
+#include <ctype.h>
 #include <stdlib.h>
+#include <string.h>
 #include <strings.h>
 
 #include "conn-func.h"
@@ -86,7 +88,7 @@ IRC_PASS( CLIENT *Client, REQUEST *Req )
 					  Client_ID(Client));
 	}
 
-	Client_SetPassword(Client, Req->argv[0]);
+	Conn_SetPassword(Client_Conn(Client), Req->argv[0]);
 
 	/* Protocol version */
 	if (Req->argc >= 2 && strlen(Req->argv[1]) >= 4) {
@@ -399,9 +401,7 @@ GLOBAL bool
 IRC_USER(CLIENT * Client, REQUEST * Req)
 {
 	CLIENT *c;
-#ifdef IDENTAUTH
 	char *ptr;
-#endif
 
 	assert(Client != NULL);
 	assert(Req != NULL);
@@ -419,7 +419,20 @@ IRC_USER(CLIENT * Client, REQUEST * Req)
 						  Client_ID(Client),
 						  Req->command);
 
-		/* User name */
+		/* User name: only alphanumeric characters and limited
+		   punctuation is allowed.*/
+		ptr = Req->argv[0];
+		while (*ptr) {
+			if (!isalnum(*ptr) &&
+			    *ptr != '+' && *ptr != '-' &&
+			    *ptr != '.' && *ptr != '_') {
+				Conn_Close(Client_Conn(Client), NULL,
+					   "Invalid user name", true);
+				return DISCONNECTED;
+			}
+			ptr++;
+		}
+
 #ifdef IDENTAUTH
 		ptr = Client_User(Client);
 		if (!ptr || !*ptr || *ptr == '~')
@@ -533,10 +546,10 @@ IRC_SERVICE(CLIENT *Client, REQUEST *Req)
 	hops = atoi(Req->argv[4]);
 	info = Req->argv[5];
 
-	/* Validate service name ("nick name") */
+	/* Validate service name ("nickname") */
 	c = Client_Search(nick);
 	if(c) {
-		/* Nick name collission: disconnect (KILL) both clients! */
+		/* Nickname collission: disconnect (KILL) both clients! */
 		Log(LOG_ERR, "Server %s introduces already registered service \"%s\"!",
 		    Client_ID(Client), nick);
 		Kill_Nick(nick, "Nick collision");
@@ -887,9 +900,9 @@ IRC_PONG(CLIENT *Client, REQUEST *Req)
 
 
 /**
- * Kill all users with a specific nick name in the network.
+ * Kill all users with a specific nickname in the network.
  *
- * @param Nick		Nick name.
+ * @param Nick		Nickname.
  * @param Reason	Reason for the KILL.
  */
 static void