- Patch of general-functions.pl for implementation of fix provided by Bernhard Bitsch. Prevents spaces being put into hostnames - Patch implemented into testbed system and confirmed working
Signed-off-by: Adolf Belka ahb.ipfire@gmail.com --- config/cfgroot/general-functions.pl | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 9be1e7708..318be2c01 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -640,13 +640,9 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { + # First and last character can only be letter or decimal digit + # else letter, decimal digits and hyphen are allowed + if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { return 0;} return 1; }
Hello Adolf,
thank you for working on this.
(In my point of view, the web interface lacks some input validation quite often, so it's good to see some improvements here... :-) )
Your patch looks fine to me, except when it comes to underscores in host- or domain names. While I have never seen them in production, Michael commited something allowing underscores in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39...
Thanks, and best regards, Peter Müller
- Patch of general-functions.pl for implementation of fix provided by Bernhard Bitsch. Prevents spaces being put into hostnames
- Patch implemented into testbed system and confirmed working
Signed-off-by: Adolf Belka ahb.ipfire@gmail.com
config/cfgroot/general-functions.pl | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 9be1e7708..318be2c01 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -640,13 +640,9 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and -
- if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) {
return 0;}- # First character can only be a letter or a digit
- if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}- # Last character can only be a letter or a digit
- if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) {
- # First and last character can only be letter or decimal digit
- # else letter, decimal digits and hyphen are allowed
- if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { return 0;} return 1;
}
RFC1035 and RFC1101 demand the syntax proposed by me. I didn't find an updated version of this, yet.
- Bernhard
Gesendet: Donnerstag, 31. Dezember 2020 um 11:46 Uhr Von: "Peter Müller" peter.mueller@ipfire.org An: "Adolf Belka" ahb.ipfire@gmail.com Cc: development@lists.ipfire.org Betreff: Re: [PATCH] general-functions.pl: Update to fix bug #12428
Hello Adolf,
thank you for working on this.
(In my point of view, the web interface lacks some input validation quite often, so it's good to see some improvements here... :-) )
Your patch looks fine to me, except when it comes to underscores in host- or domain names. While I have never seen them in production, Michael commited something allowing underscores in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39...
Thanks, and best regards, Peter Müller
- Patch of general-functions.pl for implementation of fix provided by Bernhard Bitsch. Prevents spaces being put into hostnames
- Patch implemented into testbed system and confirmed working
Signed-off-by: Adolf Belka ahb.ipfire@gmail.com
config/cfgroot/general-functions.pl | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 9be1e7708..318be2c01 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -640,13 +640,9 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and -
- if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) {
return 0;}- # First character can only be a letter or a digit
- if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}- # Last character can only be a letter or a digit
- if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) {
- # First and last character can only be letter or decimal digit
- # else letter, decimal digits and hyphen are allowed
- if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { return 0;} return 1;
}
Hi Peter,
Yes, when I was working on the patch I saw that the domain-name check includes an underscore. I therefore did a search and found references to several RFC's. What I found indicated that Domain names are allowed to have underscores but host names are not allowed to have underscores.
I found a lot of questions marks regarding FQDN's. Some information suggested that the hostname portion must not have underscores but the domain name portion could but there was also some information saying that if used as a FQDN all of it must not have underscores.
As the FQDN is so unclear, and I could not find an RFC related to FQDN's that mentioned the allowed syntax, I decided to leave the FQDN alone for now.
However for the hostname it seems clear that there must be no underscores.
Regards, Adolf.
On 31/12/2020 12:56, Bernhard Bitsch wrote:
RFC1035 and RFC1101 demand the syntax proposed by me. I didn't find an updated version of this, yet.
- Bernhard
Gesendet: Donnerstag, 31. Dezember 2020 um 11:46 Uhr Von: "Peter Müller" peter.mueller@ipfire.org An: "Adolf Belka" ahb.ipfire@gmail.com Cc: development@lists.ipfire.org Betreff: Re: [PATCH] general-functions.pl: Update to fix bug #12428
Hello Adolf,
thank you for working on this.
(In my point of view, the web interface lacks some input validation quite often, so it's good to see some improvements here... :-) )
Your patch looks fine to me, except when it comes to underscores in host- or domain names. While I have never seen them in production, Michael commited something allowing underscores in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39...
Thanks, and best regards, Peter Müller
- Patch of general-functions.pl for implementation of fix provided by Bernhard Bitsch. Prevents spaces being put into hostnames
- Patch implemented into testbed system and confirmed working
Signed-off-by: Adolf Belka ahb.ipfire@gmail.com
config/cfgroot/general-functions.pl | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 9be1e7708..318be2c01 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -640,13 +640,9 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and -
- if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) {
return 0;}- # First character can only be a letter or a digit
- if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
return 0;}- # Last character can only be a letter or a digit
- if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) {
- # First and last character can only be letter or decimal digit
- # else letter, decimal digits and hyphen are allowed
- if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { return 0;} return 1; }
Hello Adolf, hello Bernhard, hello *,
thank you for your replies.
I see, this patch makes sense to me then. :-)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
Thanks, and best regards, Peter Müller
Hi Peter,
Yes, when I was working on the patch I saw that the domain-name check includes an underscore. I therefore did a search and found references to several RFC's. What I found indicated that Domain names are allowed to have underscores but host names are not allowed to have underscores.
I found a lot of questions marks regarding FQDN's. Some information suggested that the hostname portion must not have underscores but the domain name portion could but there was also some information saying that if used as a FQDN all of it must not have underscores.
As the FQDN is so unclear, and I could not find an RFC related to FQDN's that mentioned the allowed syntax, I decided to leave the FQDN alone for now.
However for the hostname it seems clear that there must be no underscores.
Regards, Adolf.
On 31/12/2020 12:56, Bernhard Bitsch wrote:
RFC1035 and RFC1101 demand the syntax proposed by me. I didn't find an updated version of this, yet.
- Bernhard
Gesendet: Donnerstag, 31. Dezember 2020 um 11:46 Uhr Von: "Peter Müller" peter.mueller@ipfire.org An: "Adolf Belka" ahb.ipfire@gmail.com Cc: development@lists.ipfire.org Betreff: Re: [PATCH] general-functions.pl: Update to fix bug #12428
Hello Adolf,
thank you for working on this.
(In my point of view, the web interface lacks some input validation quite often, so it's good to see some improvements here... :-) )
Your patch looks fine to me, except when it comes to underscores in host- or domain names. While I have never seen them in production, Michael commited something allowing underscores in 2016: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=03306ff6a25238e01a1f2b39...
Thanks, and best regards, Peter Müller
- Patch of general-functions.pl for implementation of fix provided
by Bernhard Bitsch. Prevents spaces being put into hostnames
- Patch implemented into testbed system and confirmed working
Signed-off-by: Adolf Belka ahb.ipfire@gmail.com
config/cfgroot/general-functions.pl | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 9be1e7708..318be2c01 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -640,13 +640,9 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { - return 0;} - # First character can only be a letter or a digit - if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { - return 0;} - # Last character can only be a letter or a digit - if (substr ($hostname, -1, 1) !~ /^[a-zA-Z0-9]*$/) { + # First and last character can only be letter or decimal digit + # else letter, decimal digits and hyphen are allowed + if ($hostname !~ /^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/) { return 0;} return 1; }
-
Adolf Belka -
Bernhard Bitsch -
Peter Müller