Only alphanumeric characters are allowed in the user name, so terminate
the connection if any "strage" characters have been supplied by the user.
This is how other IRC daemons (like ircd2.11 and ircd-seven) behave ...
IRC_USER(CLIENT * Client, REQUEST * Req)
{
CLIENT *c;
IRC_USER(CLIENT * Client, REQUEST * Req)
{
CLIENT *c;
assert(Client != NULL);
assert(Req != NULL);
assert(Client != NULL);
assert(Req != NULL);
Client_ID(Client),
Req->command);
Client_ID(Client),
Req->command);
+ /* User name: only alphanumeric characters are allowed! */
+ ptr = Req->argv[0];
+ while (*ptr) {
+ if ((*ptr < '0' || *ptr > '9') &&
+ (*ptr < 'A' || *ptr > 'Z') &&
+ (*ptr < 'a' || *ptr > 'z')) {
+ Conn_Close(Client_Conn(Client), NULL,
+ "Invalid user name", true);
+ return DISCONNECTED;
+ }
+ ptr++;
+ }
+
#ifdef IDENTAUTH
ptr = Client_User(Client);
if (!ptr || !*ptr || *ptr == '~')
#ifdef IDENTAUTH
ptr = Client_User(Client);
if (!ptr || !*ptr || *ptr == '~')