IDENT reply: only allow alphanumeric characters in user name

Only alphanumeric characters are allowed in the user name, so ignore
all IDENT replies that would violate this rule and use the one supplied
by the USER command.

diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c
index b6e628092633fb68a34b8175e383b195033d9b0f..4d778719a2c8623c60570e9c839877595b38e0a2 100644 (file)
--- a/src/ngircd/conn.c
+++ b/src/ngircd/conn.c
@@ -2174,6 +2174,7 @@ cb_Read_Resolver_Result( int r_fd, UNUSED short events )
        char *identptr;
 #ifdef IDENTAUTH
        char readbuf[HOST_LEN + 2 + CLIENT_USER_LEN];
+       char *ptr;
 #else
        char readbuf[HOST_LEN + 1];
 #endif
@@ -2226,11 +2227,30 @@ cb_Read_Resolver_Result( int r_fd, UNUSED short events )
 #ifdef IDENTAUTH
                ++identptr;
                if (*identptr) {
-                       Log(LOG_INFO, "IDENT lookup for connection %d: \"%s\".", i, identptr);
-                       Client_SetUser(c, identptr, true);
-                       if (Conf_NoticeAuth)
+                       ptr = identptr;
+                       while (*ptr) {
+                               if ((*ptr < '0' || *ptr > '9') &&
+                                   (*ptr < 'A' || *ptr > 'Z') &&
+                                   (*ptr < 'a' || *ptr > 'z'))
+                                       break;
+                               ptr++;
+                       }
+                       if (*ptr) {
+                               /* Erroneous IDENT reply */
+                               Log(LOG_NOTICE,
+                                   "Got invalid IDENT reply for connection %d! Ignored.",
+                                   i);
+                       } else {
+                               Log(LOG_INFO,
+                                   "IDENT lookup for connection %d: \"%s\".",
+                                   i, identptr);
+                               Client_SetUser(c, identptr, true);
+                       }
+                       if (Conf_NoticeAuth) {
                                (void)Conn_WriteStr(i,
-                                       "NOTICE AUTH :*** Got ident response");
+                                       "NOTICE AUTH :*** Got %sident response",
+                                       *ptr == NULL ? "" : "invalid ");
+                       }
                } else {
                        Log(LOG_INFO, "IDENT lookup for connection %d: no result.", i);
                        if (Conf_NoticeAuth && Conf_Ident)