Check authentication status of client as early as possible when receiving its commands to avoid unnecessary processing.

1 files changed, 8 insertions, 1 deletions

diff --git a/blabouncer.c b/blabouncer.c
index ae62487..a69ec71 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -4,7 +4,6 @@
 // - Get CAP from server and relay to client
 // - Keep track of changing user modes in channels
 // - Should replay log do more than PRIVMSGs?
-// - Check authentication before even getting to the send functions to save unnecessary processing
 // - Configurable auto channels
 // - Comma separated channel list in JOINs/PARTs
 // - Perhaps rename clients.ssl and server_ssl since they may not even be OpenSSL sockets
@@ -1028,6 +1027,14 @@ int processircmessage(SSL *server_ssl, char *str, int source, struct client *cli
         return 1;
       }
 
+      // We're past PASS in the list of possible commands, so ignore
+      // anything else the client says if they are not authenticated yet.
+      if (!clients[arrindex(clients, sourcefd)].authed) {
+        printf("Ignoring client command '%s' from sourcefd '%d' as not authenticated yet.\n", tokens[0], sourcefd);
+        free(strcopyPtr);
+        return 1;
+      }
+
       // USER received?  If so, assume this is a new client connecting and catch them on up on the state
       if (strncmp(tokens[0], "USER", strlen(tokens[0])) == 0) {
         // Somewhere to store the several strings we will need to build and send