Force a password if auth_user is sent in PASS.

Not doing this (and not having a password on the auth block) makes it really
easy for anyone to get access to that auth block.

diff --git a/modules/m_pass.c b/modules/m_pass.c
index 73b3c13abac57a9281193932dedfb29bcd40b59e..10f142a439c21c20a2ea5262ea6138a9e8947884 100644 (file)
--- a/modules/m_pass.c
+++ b/modules/m_pass.c
@@ -90,7 +90,7 @@ mr_pass(struct Client *client_p, struct Client *source_p, int parc, const char *
        
        client_p->localClient->passwd = *pass ? rb_strndup(pass, PASSWDLEN) : NULL;
        
-       if(auth_user && *auth_user)
+       if(auth_user && *auth_user && pass && *pass)
                client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);
 
        /* These are for servers only */