commit - 4c121f277da634d62a382457eb1df354cfb77b9b
commit + 8644cbf197807909e4caea184278872cdeca1963
blob - ef2dbbba0bc6d874f886e6a311bef9a233887d6d
blob + 00ae3cd7e93d5f415a596d3d4c6b50ffb27c7817
--- src/ngircd/parse.c
+++ src/ngircd/parse.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001,2002 by Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2008 Alexander Barton (alex@barton.de)
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -8,12 +8,9 @@
  * (at your option) any later version.
  * Please read the file COPYING, README and AUTHORS for more information.
  */
-
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: parse.c,v 1.72 2008/02/17 13:26:42 alex Exp $";
-
 /**
  * @file
  * IRC command parser and validator.
@@ -341,12 +338,25 @@ Validate_Command( UNUSED CONN_ID Idx, UNUSED REQUEST *
 
 
 static bool
-Validate_Args( UNUSED CONN_ID Idx, UNUSED REQUEST *Req, bool *Closed )
+Validate_Args(CONN_ID Idx, REQUEST *Req, bool *Closed)
 {
+	int i;
+
 	assert( Idx >= 0 );
 	assert( Req != NULL );
 	*Closed = false;
 
+	for (i = 0; i < Req->argc; i++) {
+		if (strchr(Req->argv[i], '\r') || strchr(Req->argv[i], '\n')) {
+			Log(LOG_ERR,
+			    "Invalid character(s) in parameter (connection %d, command %s)!?",
+			    Idx, Req->command);
+			if (!Conn_WriteStr(Idx,
+					   "ERROR :Invalid character(s) in parameter!"))
+				*Closed = true;
+			return false;
+		}
+	}
 	return true;
 } /* Validate_Args */