X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Firc-login.c;h=9e1abdd59e8b0349b535b9b1299989f994a3827c;hp=6c1c708a61d49532e29d8c86136228fb492e4af7;hb=55859c1befa7cd04a130f1816cb73a9629637105;hpb=f01b09ce847b6895c84be378a324482170d3b56f

diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c
index 6c1c708a..9e1abdd5 100644
--- a/src/ngircd/irc-login.c
+++ b/src/ngircd/irc-login.c
@@ -87,7 +87,7 @@ IRC_PASS( CLIENT *Client, REQUEST *Req )
 					  Client_ID(Client));
 	}
 
-	Client_SetPassword(Client, Req->argv[0]);
+	Conn_SetPassword(Client_Conn(Client), Req->argv[0]);
 
 	/* Protocol version */
 	if (Req->argc >= 2 && strlen(Req->argv[1]) >= 4) {
@@ -400,9 +400,7 @@ GLOBAL bool
 IRC_USER(CLIENT * Client, REQUEST * Req)
 {
 	CLIENT *c;
-#ifdef IDENTAUTH
 	char *ptr;
-#endif
 
 	assert(Client != NULL);
 	assert(Req != NULL);
@@ -420,7 +418,19 @@ IRC_USER(CLIENT * Client, REQUEST * Req)
 						  Client_ID(Client),
 						  Req->command);
 
-		/* User name */
+		/* User name: only alphanumeric characters are allowed! */
+		ptr = Req->argv[0];
+		while (*ptr) {
+			if ((*ptr < '0' || *ptr > '9') &&
+			    (*ptr < 'A' || *ptr > 'Z') &&
+			    (*ptr < 'a' || *ptr > 'z')) {
+				Conn_Close(Client_Conn(Client), NULL,
+					   "Invalid user name", true);
+				return DISCONNECTED;
+			}
+			ptr++;
+		}
+
 #ifdef IDENTAUTH
 		ptr = Client_User(Client);
 		if (!ptr || !*ptr || *ptr == '~')