X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=99cd26f45818a1fa3a42bb36c67f58a4c7ac86b2;hp=bf3254c985807e62ff24232e46ab1f6babc32752;hb=005340c83f3f481bdcdc6a03ae9b9b2973248ceb;hpb=76565022fbda9a4054d7f74a46439db4145e5655

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index bf3254c9..99cd26f4 100644
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -18,7 +18,9 @@
 
 #include "imp.h"
 #include <assert.h>
+#include <ctype.h>
 #include <stdlib.h>
+#include <string.h>
 #include <strings.h>
 
 #include "conn-func.h"
@@ -86,7 +88,7 @@ IRC_PASS( CLIENT *Client, REQUEST *Req )
 					  Client_ID(Client));
 	}
 
-	Client_SetPassword(Client, Req->argv[0]);
+	Conn_SetPassword(Client_Conn(Client), Req->argv[0]);
 
 	/* Protocol version */
 	if (Req->argc >= 2 && strlen(Req->argv[1]) >= 4) {
@@ -399,9 +401,7 @@ GLOBAL bool
 IRC_USER(CLIENT * Client, REQUEST * Req)
 {
 	CLIENT *c;
-#ifdef IDENTAUTH
 	char *ptr;
-#endif
 
 	assert(Client != NULL);
 	assert(Req != NULL);
@@ -419,7 +419,20 @@ IRC_USER(CLIENT * Client, REQUEST * Req)
 						  Client_ID(Client),
 						  Req->command);
 
-		/* User name */
+		/* User name: only alphanumeric characters and limited
+		   punctuation is allowed.*/
+		ptr = Req->argv[0];
+		while (*ptr) {
+			if (!isalnum(*ptr) &&
+			    *ptr != '+' && *ptr != '-' &&
+			    *ptr != '.' && *ptr != '_') {
+				Conn_Close(Client_Conn(Client), NULL,
+					   "Invalid user name", true);
+				return DISCONNECTED;
+			}
+			ptr++;
+		}
+
 #ifdef IDENTAUTH
 		ptr = Client_User(Client);
 		if (!ptr || !*ptr || *ptr == '~')