From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: validfqdn Date: Thu, 13 Dec 2018 16:36:48 +0000 Message-ID: <08830C86-C35B-492D-BF8C-9BF9C772FA78@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9087579035975894667==" List-Id: --===============9087579035975894667== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Bob, Thank you for submitting your patch. > On 12 Dec 2018, at 22:48, Bob Brewer wrote: >=20 > I am porting the old ipcop addon 'Banish' to IPFire and during testing have= =20 > found a problem in general-functions.pl which causes validfqdn to return 1 = > when testing valid and invalid ip addresses when it should return 0.=20 What does the add-on do? I could not find an old version for IPCop on the Int= ernet=E2=80=A6 > As this is not a problem with IPCop 2 a comparison of the validfqdn section= =20 > in IPFire's general-functions.pl shows a missing segment that checks the TL= D=20 > can only be a-z or A-Z. What requires this change? I do not know of any ASCII TLDs that have numbers, but there is no reason tha= t they can=E2=80=99t in the future. Furthermore, we have some non-ASCII TLDs = which will have to be encoded into ASCII using the puny-codes. That will resu= lt in something like this: XN--FHBEI XN--FIQ228C5HS XN--FIQ64B XN--FIQS8S XN=E2=80=94FIQZ9S This is just a couple of random TLDs I picked from here: http://data.iana.org/TLD/tlds-alpha-by-domain.txt I assume that those will no longer be usable after your patch. Can you confir= m that? Best, -Michael > Applying the patch below to general-functions.pl corrects the problem with = > my Banish port and I haven't found any problems affecting IPFire's=20 > operation. >=20 > Regards >=20 > Rob >=20 > --- /tmp/general-functions.pl 2018-09-19 10:32:37.000000000 +0100 > +++ /tmp/general-functions.pl.new 2018-12-12 22:13:37.394653609 +0000 > @@ -666,9 +666,13 @@ > } >=20 > sub validfqdn > +# modified to add addition test to confirm TL is only a-z or A-Z > +# as per ipcop rwb 12/12/18 > + > { > my $part; > - > + my $tld; > + =20 > # Checks a fully qualified domain name against RFC1035 > my $fqdn =3D $_[0]; > my @parts =3D split (/\./, $fqdn); # Split hostname at the '.' > @@ -689,7 +693,14 @@ > # Last character can only be a letter or a digit > if (substr ($part, -1, 1) !~ /^[a-zA-Z0-9]*$/) { > return 0;} > - } > + # Store for additional check on TLD > + $tld =3D $part; > + }=20 > + > + # TLD valid characters are a-z, A-Z > + if ($tld !~ /^[a-zA-Z]*$/) { > + return 0; > + } > return 1; > } >=20 --===============9087579035975894667==--