Force a password if auth_user is sent in PASS.

Not doing this (and not having a password on the auth block) makes it really easy for anyone to get access to that auth block.
2010-11-24 04:46:36 -05:00 · 2010-11-24 04:46:36 -05:00 · 2e6fddcccf
parent ad06ad5710
commit 2e6fddcccf
1 changed files with 1 additions and 1 deletions
--- a/modules/m_pass.c
+++ b/modules/m_pass.c
@ -90,7 +90,7 @@ mr_pass(struct Client *client_p, struct Client *source_p, int parc, const char *
 	
 	client_p->localClient->passwd = *pass ? rb_strndup(pass, PASSWDLEN) : NULL;
 	
-	if(auth_user && *auth_user)
+	if(auth_user && *auth_user && pass && *pass)
 		client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);

 	/* These are for servers only */