From 48d5bd91448adeddd2dfe74dc008f5979488a754 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Mon, 7 Dec 2020 03:51:52 -0500 Subject: [PATCH 1/2] fix #1436 --- irc/client_lookup_set.go | 4 ++++ irc/strings.go | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/irc/client_lookup_set.go b/irc/client_lookup_set.go index 8aef784e..61e257a6 100644 --- a/irc/client_lookup_set.go +++ b/irc/client_lookup_set.go @@ -117,6 +117,10 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick realname := client.realname client.stateMutex.RUnlock() + if newNick != accountName && strings.ContainsAny(newNick, disfavoredNameCharacters) { + return "", errNicknameInvalid, false + } + // recompute always-on status, because client.alwaysOn is not set for unregistered clients var alwaysOn, useAccountName bool if account != "" { diff --git a/irc/strings.go b/irc/strings.go index c59f1bed..88f626f4 100644 --- a/irc/strings.go +++ b/irc/strings.go @@ -31,6 +31,11 @@ const ( // @ separates username from hostname // : means trailing protocolBreakingNameCharacters = " ,*?.!@:" + + // #1436: we discovered that these characters are problematic, + // so we're disallowing them in new nicks/account names, but allowing + // previously registered names + disfavoredNameCharacters = `<>'"` ) var ( From 8abbc1072b365dd8d83785bb9199e588f9ef5bf0 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Mon, 21 Dec 2020 23:09:34 -0500 Subject: [PATCH 2/2] additionally disallow ; in nicknames --- irc/strings.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/irc/strings.go b/irc/strings.go index 88f626f4..241f1703 100644 --- a/irc/strings.go +++ b/irc/strings.go @@ -35,7 +35,7 @@ const ( // #1436: we discovered that these characters are problematic, // so we're disallowing them in new nicks/account names, but allowing // previously registered names - disfavoredNameCharacters = `<>'"` + disfavoredNameCharacters = `<>'";` ) var (