commit 41a23d20e4bb5dfaebc7be3241addc5251ebc158
from: Alexander Barton <alex@barton.de>
date: Sun Aug 17 15:37:36 2008 UTC

SECURITY: Fixed a message handling bug which could crash the daemon.

Some message targets could lead to a NULL pointer dereference and therefore
could crash the daemon (denial of service).
(cherry picked from commit e493ad2d30ff80bca2556cde2212e367cb006517)

commit - c769cbecb6214f518135c4bb2a52479747c2bf7b
commit + 41a23d20e4bb5dfaebc7be3241addc5251ebc158
blob - c49a77a4fcf13444afeaf8b79119eec7709416e6
blob + 77cc7c1ea2c1196ba86d8e142d18b174e60351cd
--- src/ngircd/irc.c
+++ src/ngircd/irc.c
@@ -397,7 +397,7 @@ Send_Message(CLIENT * Client, REQUEST * Req, int Force
 			for (cl = Client_First(); cl != NULL; cl = Client_Next(cl)) {
 				if (Client_Type(cl) != CLIENT_USER)
 					continue;
-				if (nick != NULL) {
+				if (nick != NULL && host != NULL) {
 					if (strcmp(nick, Client_ID(cl)) == 0 &&
 					    strcmp(user, Client_User(cl)) == 0 &&
 					    strcasecmp(host, Client_Hostname(cl)) == 0)