From b99118c030167dafd729774a2a73509b40b15ad3 Mon Sep 17 00:00:00 2001
From: Kevin Easton <keaston@users.sourceforge.net>
Date: Wed, 24 Sep 2014 06:54:00 +0000
Subject: [PATCH] Add sanity checking of incoming nicknames.

Check that at least the first character of an incoming nickname is valid (we
actually go a bit beyond the RFC by also allowing any char with bit 8 set - at
least Russian servers use nicknames like this).


git-svn-id: svn://svn.code.sf.net/p/bitchx/code/trunk@501 13b04d17-f746-0410-82c6-800466cd88b0
---
 Changelog      |  2 ++
 source/parse.c | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/Changelog b/Changelog
index 7023f28..17b0b96 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,7 @@
 [Changes 1.2c01]
 
+* Add sanity checking of incoming nicknames. (caf)
+
 * /MV (massvoice) shouldn't send +v for already-voiced users. (caf)
 
 * Fix lag check on recent 32 bit OpenBSD / NetBSD (reported by DJ). (caf)
diff --git a/source/parse.c b/source/parse.c
index 861aee9..fe9b98d 100644
--- a/source/parse.c
+++ b/source/parse.c
@@ -1950,6 +1950,17 @@ void parse_server(char *orig_line)
 	/* XXXX - i dont think 'from' can be null here.  */
 	if (!(comm = (*ArgList++)) || !from || !*ArgList)
 		return;		/* Serious protocol violation -- ByeBye  */
+
+	/* Check for egregiously bad nicknames */
+#define islegal(c) (((c) >= 'A' && (c) <= '}') || \
+	((c) >= '0' && (c) <= '9') || (c) == '-' || (c & 0x80))
+
+	if (*from && !strchr(from, '.') && !islegal(*from))
+	{
+		rfc1459_odd(from, comm, ArgList);
+		return;
+	}
+
 #ifdef WANT_TCL
 	if (check_tcl_raw(copy, comm))
 		return;