| Message ID | 20201230093441.3296-1-ahb.ipfire@gmail.com |
|---|---|
| State | Accepted |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4D5R2x2dmRz3wg8 for <patchwork@web04.haj.ipfire.org>; Wed, 30 Dec 2020 09:35:05 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4D5R2t73cXzj1; Wed, 30 Dec 2020 09:35:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4D5R2t5swmz2xmM; Wed, 30 Dec 2020 09:35:02 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4D5R2t0qm1z2xmL for <development@lists.ipfire.org>; Wed, 30 Dec 2020 09:35:02 +0000 (UTC) Received: from smtpq3.tb.mail.iss.as9143.net (smtpq3.tb.mail.iss.as9143.net [212.54.42.166]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4D5R2s1F15zj1 for <development@lists.ipfire.org>; Wed, 30 Dec 2020 09:35:01 +0000 (UTC) Received: from [212.54.42.110] (helo=smtp7.tb.mail.iss.as9143.net) by smtpq3.tb.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ahb.ipfire@gmail.com>) id 1kuXsi-0007zp-2F; Wed, 30 Dec 2020 10:35:00 +0100 Received: from j103033.upc-j.chello.nl ([24.132.103.33] helo=rhea.saturn.pimb.org) by smtp7.tb.mail.iss.as9143.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from <ahb.ipfire@gmail.com>) id 1kuXsh-00EQnV-O5; Wed, 30 Dec 2020 10:34:59 +0100 Received: from hyperion.saturn.pimb.org (hyperion.saturn.pimb.org [192.168.26.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by rhea.saturn.pimb.org (Postfix) with ESMTPSA id D9D943EF6; Wed, 30 Dec 2020 10:34:56 +0100 (CET) From: Adolf Belka <ahb.ipfire@gmail.com> To: development@lists.ipfire.org Subject: [PATCH] general-functions.pl: Update to fix bug #12428 Date: Wed, 30 Dec 2020 10:34:41 +0100 Message-Id: <20201230093441.3296-1-ahb.ipfire@gmail.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SourceIP: 24.132.103.33 X-Authenticated-Sender: adolf.belka@ziggo.nl (via SMTP) X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.4 cv=Ff+JeLy6 c=1 sm=1 tr=0 ts=5fec49c3 a=N0UC3/faf55XGTeY5t7zSQ==:17 a=9+rZDBEiDlHhcck0kWbJtElFXBc=:19 a=zTNgK-yGK50A:10 a=x7bEGLp0ZPQA:10 a=6yxbeI8x3IIA:10 a=pGLkceISAAAA:8 a=Z_ibbLdTpEcLSuRw3zcA:9 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1609320901; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=4t57YytrzV2j7DkeVC7n5NiscYwZXhk+01dKtv3OyG0=; b=LF/UQhmyv1TiQboRso931HrUdOMISw138RoG0qZ6gV1GCDmvMf1G2XX4YdBtOdbrlO/Agb 7Oen5tPziQpOzANQCOoCDLjxiWNGEZxtAPW0PbxpLpcLx+3xS8xsSRdmHiEm6Aughy/rRl N442YunnUhacHil81z18k8aMIwawH1L8Pp1k1flavOjxI+m2XZoypPitJDziPrOK7lsh3G M9Sl/Ph8L38wXA5ZSlYf0nNxZbz4Aw+YnSCGy07fVZqikYTiB2z9BrHLJnV/IMJEUIQZkG AaUQRRSZNFTgzRCmEYT2XRuhrqkjh8CKuHzrVUrXl8ZEwcIS7jUwR5PSkQU0aQ== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=none; spf=softfail (mail01.ipfire.org: 212.54.42.166 is neither permitted nor denied by domain of ahbipfire@gmail.com) smtp.mailfrom=ahbipfire@gmail.com ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1609320901; a=rsa-sha256; cv=none; b=vJ1F1dIBF6csYEmErI+pXzVnSqrfzCiJDTehEZQ7+Vz5QrNWAfkQs2v3aibLe0UiBuRFyb HEWv3/cwCe75TWTsFGVI8zumATjv/zRAi8Or18+b16t7ThkJpQG27PHut8qhS75sWh8b8i JOxwvbZOIh9hHUf0KdLU60NQUgv16gG+e/7vWUgWTrSZf9NYfQ2OmIGwSB+rMp+CpZoXFm c2iLtBVLIRaP81WyjCAcjQl44n2C7atC1PwhSLL/Lzb022y5UE7Y36pcB/pKf4Wwb9wCiX PdWOKoYH3+3sDnvg/smKtoHPCDr5P4ZX8wQAZvJXqBNm/fx//f1rayqoXZ97fw== Authentication-Results: mail01.ipfire.org; dkim=none; spf=softfail (mail01.ipfire.org: 212.54.42.166 is neither permitted nor denied by domain of ahbipfire@gmail.com) smtp.mailfrom=ahbipfire@gmail.com; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=gmail.com (policy=none) X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-0.73 / 11.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_MISSING_CHARSET(2.50)[]; RWL_MAILSPIKE_GOOD(0.00)[212.54.42.166:from]; IP_REPUTATION_HAM(-1.63)[asn: 33915(-0.23), country: NL(-0.00), ip: 212.54.42.166(-0.58)]; BROKEN_CONTENT_TYPE(1.50)[]; R_SPF_SOFTFAIL(0.00)[~all]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCVD_COUNT_THREE(0.00)[4]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; R_DKIM_NA(0.00)[]; HAS_X_AS(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[212.54.42.166:from]; TAGGED_FROM(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; BAYES_HAM(-3.00)[99.99%]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RECEIVED_SPAMHAUS_PBL(0.00)[24.132.103.33:received]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FREEMAIL_CC(0.00)[gmail.com]; RCVD_TLS_ALL(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[gmail.com : No valid SPF, No valid DKIM,none] X-Rspamd-Queue-Id: 4D5R2s1F15zj1 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
general-functions.pl: Update to fix bug #12428
|
|
Commit Message
Adolf Belka
Dec. 30, 2020, 9:34 a.m. UTC
- Patch of general-functions.pl for implementation of fix provided
by Bernhard Bitsch. Prevents spaces being put into hostnames
- Patch implemented into testbed system and confirmed working
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
---
config/cfgroot/general-functions.pl | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
Comments
Hello Adolf, thank you for working on this. (In my point of view, the web interface lacks some input validation quite often, so it's good to see some improvements here... :-) ) Your patch looks fine to me, except when it comes to underscores in host- or domain names. While I have never seen them in production, Michael commited something allowing underscores in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39fbb929cf56615934 Thanks, and best regards, Peter Müller > - Patch of general-functions.pl for implementation of fix provided > by Bernhard Bitsch. Prevents spaces being put into hostnames > - Patch implemented into testbed system and confirmed working > > Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> > --- > config/cfgroot/general-functions.pl | 10 +++------- > 1 file changed, 3 insertions(+), 7 deletions(-) > > diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl > index 9be1e7708..318be2c01 100644 > --- a/config/cfgroot/general-functions.pl > +++ b/config/cfgroot/general-functions.pl > @@ -640,13 +640,9 @@ sub validhostname > if (length ($hostname) < 1 || length ($hostname) > 63) { > return 0;} > # Only valid characters are a-z, A-Z, 0-9 and - > - if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { > - return 0;} > - # First character can only be a letter or a digit > - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { > - return 0;} > - # Last character can only be a letter or a digit > - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { > + # First and last character can only be letter or decimal digit > + # else letter, decimal digits and hyphen are allowed > + if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { > return 0;} > return 1; > } >
RFC1035 and RFC1101 demand the syntax proposed by me. I didn't find an updated version of this, yet. - Bernhard > Gesendet: Donnerstag, 31. Dezember 2020 um 11:46 Uhr > Von: "Peter Müller" <peter.mueller@ipfire.org> > An: "Adolf Belka" <ahb.ipfire@gmail.com> > Cc: development@lists.ipfire.org > Betreff: Re: [PATCH] general-functions.pl: Update to fix bug #12428 > > Hello Adolf, > > thank you for working on this. > > (In my point of view, the web interface lacks some input validation quite often, so it's > good to see some improvements here... :-) ) > > Your patch looks fine to me, except when it comes to underscores in host- or domain names. > While I have never seen them in production, Michael commited something allowing underscores > in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39fbb929cf56615934 > > Thanks, and best regards, > Peter Müller > > > > - Patch of general-functions.pl for implementation of fix provided > > by Bernhard Bitsch. Prevents spaces being put into hostnames > > - Patch implemented into testbed system and confirmed working > > > > Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> > > --- > > config/cfgroot/general-functions.pl | 10 +++------- > > 1 file changed, 3 insertions(+), 7 deletions(-) > > > > diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl > > index 9be1e7708..318be2c01 100644 > > --- a/config/cfgroot/general-functions.pl > > +++ b/config/cfgroot/general-functions.pl > > @@ -640,13 +640,9 @@ sub validhostname > > if (length ($hostname) < 1 || length ($hostname) > 63) { > > return 0;} > > # Only valid characters are a-z, A-Z, 0-9 and - > > - if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { > > - return 0;} > > - # First character can only be a letter or a digit > > - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { > > - return 0;} > > - # Last character can only be a letter or a digit > > - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { > > + # First and last character can only be letter or decimal digit > > + # else letter, decimal digits and hyphen are allowed > > + if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { > > return 0;} > > return 1; > > } > > >
Hi Peter, Yes, when I was working on the patch I saw that the domain-name check includes an underscore. I therefore did a search and found references to several RFC's. What I found indicated that Domain names are allowed to have underscores but host names are not allowed to have underscores. I found a lot of questions marks regarding FQDN's. Some information suggested that the hostname portion must not have underscores but the domain name portion could but there was also some information saying that if used as a FQDN all of it must not have underscores. As the FQDN is so unclear, and I could not find an RFC related to FQDN's that mentioned the allowed syntax, I decided to leave the FQDN alone for now. However for the hostname it seems clear that there must be no underscores. Regards, Adolf. On 31/12/2020 12:56, Bernhard Bitsch wrote: > RFC1035 and RFC1101 demand the syntax proposed by me. > I didn't find an updated version of this, yet. > > - Bernhard > >> Gesendet: Donnerstag, 31. Dezember 2020 um 11:46 Uhr >> Von: "Peter Müller" <peter.mueller@ipfire.org> >> An: "Adolf Belka" <ahb.ipfire@gmail.com> >> Cc: development@lists.ipfire.org >> Betreff: Re: [PATCH] general-functions.pl: Update to fix bug #12428 >> >> Hello Adolf, >> >> thank you for working on this. >> >> (In my point of view, the web interface lacks some input validation quite often, so it's >> good to see some improvements here... :-) ) >> >> Your patch looks fine to me, except when it comes to underscores in host- or domain names. >> While I have never seen them in production, Michael commited something allowing underscores >> in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39fbb929cf56615934 >> >> Thanks, and best regards, >> Peter Müller >> >> >>> - Patch of general-functions.pl for implementation of fix provided >>> by Bernhard Bitsch. Prevents spaces being put into hostnames >>> - Patch implemented into testbed system and confirmed working >>> >>> Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> >>> --- >>> config/cfgroot/general-functions.pl | 10 +++------- >>> 1 file changed, 3 insertions(+), 7 deletions(-) >>> >>> diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl >>> index 9be1e7708..318be2c01 100644 >>> --- a/config/cfgroot/general-functions.pl >>> +++ b/config/cfgroot/general-functions.pl >>> @@ -640,13 +640,9 @@ sub validhostname >>> if (length ($hostname) < 1 || length ($hostname) > 63) { >>> return 0;} >>> # Only valid characters are a-z, A-Z, 0-9 and - >>> - if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { >>> - return 0;} >>> - # First character can only be a letter or a digit >>> - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { >>> - return 0;} >>> - # Last character can only be a letter or a digit >>> - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { >>> + # First and last character can only be letter or decimal digit >>> + # else letter, decimal digits and hyphen are allowed >>> + if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { >>> return 0;} >>> return 1; >>> } >>> >>
Hello Adolf, hello Bernhard, hello *, thank you for your replies. I see, this patch makes sense to me then. :-) Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Thanks, and best regards, Peter Müller > Hi Peter, > > Yes, when I was working on the patch I saw that the domain-name check includes an underscore. I therefore did a search and found references to several RFC's. What I found indicated that Domain names are allowed to have underscores but host names are not allowed to have underscores. > > I found a lot of questions marks regarding FQDN's. Some information suggested that the hostname portion must not have underscores but the domain name portion could but there was also some information saying that if used as a FQDN all of it must not have underscores. > > As the FQDN is so unclear, and I could not find an RFC related to FQDN's that mentioned the allowed syntax, I decided to leave the FQDN alone for now. > > However for the hostname it seems clear that there must be no underscores. > > Regards, > Adolf. > > > On 31/12/2020 12:56, Bernhard Bitsch wrote: >> RFC1035 and RFC1101 demand the syntax proposed by me. >> I didn't find an updated version of this, yet. >> >> - Bernhard >> >>> Gesendet: Donnerstag, 31. Dezember 2020 um 11:46 Uhr >>> Von: "Peter Müller" <peter.mueller@ipfire.org> >>> An: "Adolf Belka" <ahb.ipfire@gmail.com> >>> Cc: development@lists.ipfire.org >>> Betreff: Re: [PATCH] general-functions.pl: Update to fix bug #12428 >>> >>> Hello Adolf, >>> >>> thank you for working on this. >>> >>> (In my point of view, the web interface lacks some input validation quite often, so it's >>> good to see some improvements here... :-) ) >>> >>> Your patch looks fine to me, except when it comes to underscores in host- or domain names. >>> While I have never seen them in production, Michael commited something allowing underscores >>> in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39fbb929cf56615934 >>> >>> Thanks, and best regards, >>> Peter Müller >>> >>> >>>> - Patch of general-functions.pl for implementation of fix provided >>>> by Bernhard Bitsch. Prevents spaces being put into hostnames >>>> - Patch implemented into testbed system and confirmed working >>>> >>>> Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> >>>> --- >>>> config/cfgroot/general-functions.pl | 10 +++------- >>>> 1 file changed, 3 insertions(+), 7 deletions(-) >>>> >>>> diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl >>>> index 9be1e7708..318be2c01 100644 >>>> --- a/config/cfgroot/general-functions.pl >>>> +++ b/config/cfgroot/general-functions.pl >>>> @@ -640,13 +640,9 @@ sub validhostname >>>> if (length ($hostname) < 1 || length ($hostname) > 63) { >>>> return 0;} >>>> # Only valid characters are a-z, A-Z, 0-9 and - >>>> - if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { >>>> - return 0;} >>>> - # First character can only be a letter or a digit >>>> - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { >>>> - return 0;} >>>> - # Last character can only be a letter or a digit >>>> - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { >>>> + # First and last character can only be letter or decimal digit >>>> + # else letter, decimal digits and hyphen are allowed >>>> + if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { >>>> return 0;} >>>> return 1; >>>> } >>>> >>>
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 9be1e7708..318be2c01 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -640,13 +640,9 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { + # First and last character can only be letter or decimal digit + # else letter, decimal digits and hyphen are allowed + if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { return 0;} return 1; }