From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: validfqdn
Date: Thu, 13 Dec 2018 16:36:48 +0000 [thread overview]
Message-ID: <08830C86-C35B-492D-BF8C-9BF9C772FA78@ipfire.org> (raw)
In-Reply-To: <pus370$nkt$1@tuscan3.grantura.co.uk>
[-- Attachment #1: Type: text/plain, Size: 2420 bytes --]
Hello Bob,
Thank you for submitting your patch.
> On 12 Dec 2018, at 22:48, Bob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>
> I am porting the old ipcop addon 'Banish' to IPFire and during testing have
> found a problem in general-functions.pl which causes validfqdn to return 1
> when testing valid and invalid ip addresses when it should return 0.
What does the add-on do? I could not find an old version for IPCop on the Internet…
> As this is not a problem with IPCop 2 a comparison of the validfqdn section
> in IPFire's general-functions.pl shows a missing segment that checks the TLD
> can only be a-z or A-Z.
What requires this change?
I do not know of any ASCII TLDs that have numbers, but there is no reason that they can’t in the future. Furthermore, we have some non-ASCII TLDs which will have to be encoded into ASCII using the puny-codes. That will result in something like this:
XN--FHBEI
XN--FIQ228C5HS
XN--FIQ64B
XN--FIQS8S
XN—FIQZ9S
This is just a couple of random TLDs I picked from here:
http://data.iana.org/TLD/tlds-alpha-by-domain.txt
I assume that those will no longer be usable after your patch. Can you confirm that?
Best,
-Michael
> Applying the patch below to general-functions.pl corrects the problem with
> my Banish port and I haven't found any problems affecting IPFire's
> operation.
>
> Regards
>
> Rob
>
> --- /tmp/general-functions.pl 2018-09-19 10:32:37.000000000 +0100
> +++ /tmp/general-functions.pl.new 2018-12-12 22:13:37.394653609 +0000
> @@ -666,9 +666,13 @@
> }
>
> sub validfqdn
> +# modified to add addition test to confirm TL is only a-z or A-Z
> +# as per ipcop rwb 12/12/18
> +
> {
> my $part;
> -
> + my $tld;
> +
> # Checks a fully qualified domain name against RFC1035
> my $fqdn = $_[0];
> my @parts = split (/\./, $fqdn); # Split hostname at the '.'
> @@ -689,7 +693,14 @@
> # Last character can only be a letter or a digit
> if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) {
> return 0;}
> - }
> + # Store for additional check on TLD
> + $tld = $part;
> + }
> +
> + # TLD valid characters are a-z, A-Z
> + if ($tld !~ /^[a-zA-Z]*$/) {
> + return 0;
> + }
> return 1;
> }
>
next prev parent reply other threads:[~2018-12-13 16:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-12 22:48 validfqdn Bob Brewer
2018-12-13 16:36 ` Michael Tremer [this message]
2018-12-13 21:06 ` validfqdn Bob Brewer
2018-12-14 8:25 ` validfqdn Tapani Tarvainen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=08830C86-C35B-492D-BF8C-9BF9C772FA78@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox