More stringent serverpart checks in user ids

May lead to new crashes due to nullptr returned from Connection::user()
on more utterly invalid content from the wire that the library still
doesn't properly invalidate. This has long been quite a good case for
exceptions, or another error-handling framework: Connection::user() can
return nullptr either when out of memory or when the id is invalid or
empty, and other places are likely to treat invalid ids in different
ways but probably just hope that memory exhaustion "never happens", or
try to handle it in a quite different way than an empty or invalid id.
Something to think of in 0.7.

2 files changed, 3 insertions, 3 deletions

diff --git a/lib/connection.cpp b/lib/connection.cpp
index d32c7472..b6a3198d 100644
--- a/lib/connection.cpp
+++ b/lib/connection.cpp
@@ -1150,7 +1150,7 @@ User* Connection::user(const QString& uId)
 {
     if (uId.isEmpty())
         return nullptr;
-    if (!uId.startsWith('@') || !uId.contains(':')) {
+    if (!uId.startsWith('@') || serverPart(uId).isEmpty()) {
         qCCritical(MAIN) << "Malformed userId:" << uId;
         return nullptr;
     }
diff --git a/lib/util.cpp b/lib/util.cpp
index 797f6d69..023645c1 100644
--- a/lib/util.cpp
+++ b/lib/util.cpp
@@ -116,13 +116,13 @@ qreal Quotient::stringToHueF(const QString& s)
 }
 
 static const auto ServerPartRegEx = QStringLiteral(
-    "(\\[[^]]+\\]|[^:@]+)" // Either IPv6 address or hostname/IPv4 address
+    "(\\[[^][:blank:]]+\\]|[-[:alnum:].]+)" // Either IPv6 address or hostname/IPv4 address
     "(?::(\\d{1,5}))?" // Optional port
 );
 
 QString Quotient::serverPart(const QString& mxId)
 {
-    static QString re = "^[@!#$+].+?:(" // Localpart and colon
+    static QString re = "^[@!#$+].*?:(" // Localpart and colon
                         % ServerPartRegEx % ")$";
     static QRegularExpression parser(
         re,