From patchwork Thu Dec 13 09:48:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rob Brewer X-Patchwork-Id: 1995 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 2642A8ABD89 for ; Wed, 12 Dec 2018 22:48:13 +0000 (GMT) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 2E9EC21B9E57; Wed, 12 Dec 2018 22:48:12 +0000 (GMT) Received: from tuscan3.grantura.co.uk (grantura.co.uk [217.169.17.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id A941A21B9E4E for ; Wed, 12 Dec 2018 22:48:07 +0000 (GMT) Received: from tuscan3.grantura.co.uk (localhost [127.0.0.1]) by tuscan3.grantura.co.uk (8.15.2/8.15.2/Debian-12) with ESMTP id wBCMm0Li024884 for ; Wed, 12 Dec 2018 22:48:00 GMT Received: (from news@localhost) by tuscan3.grantura.co.uk (8.15.2/8.15.2/Submit) id wBCMm0tW024878 for development@lists.ipfire.org; Wed, 12 Dec 2018 22:48:00 GMT To: development@lists.ipfire.org From: Bob Brewer Newsgroups: grantura.local.ipfire-devel Subject: validfqdn Date: Wed, 12 Dec 2018 22:48 +0000 Organization: Megadodo Publications Lines: 48 Message-ID: Mime-Version: 1.0 User-Agent: KNode/4.14.10 X-Spam-Status: No, score=2.49 X-Rspamd-Server: mail01.i.ipfire.org Authentication-Results: mail01.ipfire.org X-Spamd-Result: default: False [2.49 / 11.00]; ARC_NA(0.00)[]; MX_INVALID(0.50)[greylisted]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_MED(-0.20)[29.17.169.217.list.dnswl.org : 127.0.6.2]; DMARC_NA(0.00)[grantura.co.uk]; IP_SCORE(-0.01)[country: GB(-0.07)]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[ipfire-devel@grantura.co.uk,news@tuscan3.grantura.co.uk]; R_DKIM_NA(0.00)[]; CTE_CASE(0.50)[]; ASN(0.00)[asn:20712, ipnet:217.169.0.0/19, country:GB]; FROM_NEQ_ENVFROM(0.00)[ipfire-devel@grantura.co.uk,news@tuscan3.grantura.co.uk]; RCVD_TLS_LAST(0.00)[] X-Spam-Level: ** X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" I am porting the old ipcop addon 'Banish' to IPFire and during testing have found a problem in general-functions.pl which causes validfqdn to return 1 when testing valid and invalid ip addresses when it should return 0. As this is not a problem with IPCop 2 a comparison of the validfqdn section in IPFire's general-functions.pl shows a missing segment that checks the TLD can only be a-z or A-Z. Applying the patch below to general-functions.pl corrects the problem with my Banish port and I haven't found any problems affecting IPFire's operation. Regards Rob --- /tmp/general-functions.pl 2018-09-19 10:32:37.000000000 +0100 +++ /tmp/general-functions.pl.new 2018-12-12 22:13:37.394653609 +0000 @@ -666,9 +666,13 @@ } sub validfqdn +# modified to add addition test to confirm TL is only a-z or A-Z +# as per ipcop rwb 12/12/18 + { my $part; - + my $tld; + # Checks a fully qualified domain name against RFC1035 my $fqdn = $_[0]; my @parts = split (/\./, $fqdn); # Split hostname at the '.' @@ -689,7 +693,14 @@ # Last character can only be a letter or a digit if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) { return 0;} - } + # Store for additional check on TLD + $tld = $part; + } + + # TLD valid characters are a-z, A-Z + if ($tld !~ /^[a-zA-Z]*$/) { + return 0; + } return 1; }