Fix argument counting for REGISTER and fix a vulnerability wherein an already-registe...

git-svn-id: https://www.cernu.us/~pdbogen/svn/destult2@107 088b83a4-0077-4247-935c-42ec02c2848b

diff --git a/commands.yaml b/commands.yaml
index 8c7f463..f04ecdd 100644 (file)
--- a/commands.yaml
+++ b/commands.yaml
@@ -249,18 +249,25 @@ REGISTER: |-
   sub {
     use Digest::MD5 qw( md5_hex );
     my( $kernel, $heap, $who, $what, $src, $dest, $replypath ) = @_;
+    $what =~ s/\s+$//;
     my $nargs = ($what =~ s/ / /g);
     if( !$nargs ) {
-       $nargs = 1;
+      if( $what =~ /.+/ ) {
+        $nargs = 1;
+      } else {
+        $nargs = 0;
+      }
     } else {
-       $nargs++;
+      $nargs++;
     }
+    
     if( $nargs < 1 || $nargs > 2 ) {
-      $kernel->post( $src, $replypath, "Usage: REGISTER [<name>] <password>", $dest );
+      $kernel->post( $src, $replypath, "Usage: REGISTER [<name>] <password> ($nargs args received)", $dest );
       return;
     }
-
+    
     my( $whom, $password );
+    
     if( $nargs == 1 ) {
       $password = $what;
       $whom = $who;
@@ -269,6 +276,11 @@ REGISTER: |-
       ( $whom, $password ) = split( / /, $what, 2 );
     }
 
+    if( exists( $heap->{ 'users' }->{ uc( $whom ) } ) ) {
+      $kernel->post( $src, $replypath, "Sorry, but the nick '$whom' is already registered.", $dest );
+      return;
+    }
+
     if( $password ) {
       $heap->{ 'users' }->{ uc( $whom ) } = md5_hex( $password );
       DumpFile( "users.yaml", $heap->{ 'users' } );