Force a password if auth_user is sent in PASS.

Not doing this (and not having a password on the auth block) makes it really
easy for anyone to get access to that auth block.
This commit is contained in:
JD Horelick 2010-11-24 04:46:36 -05:00
parent ad06ad5710
commit 2e6fddcccf
1 changed files with 1 additions and 1 deletions

View File

@ -90,7 +90,7 @@ mr_pass(struct Client *client_p, struct Client *source_p, int parc, const char *
client_p->localClient->passwd = *pass ? rb_strndup(pass, PASSWDLEN) : NULL;
if(auth_user && *auth_user)
if(auth_user && *auth_user && pass && *pass)
client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);
/* These are for servers only */