diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-12-19 15:46:51 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-12-19 15:46:51 +0200 |
commit | 9896bd62c08a160b75a2dc6c969b4b14eea3d3fa (patch) | |
tree | f6845d8754b3b692903eb5dc6cf58d65944ec1c6 | |
parent | e11146fd1b10a8cf565ddf0c73b555ccfed21b59 (diff) | |
download | dnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.gz dnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.bz2 |
vhostcname: add checks for domain name validity
* vhostcname/vhostcname: New option --allow-wildcard-domains.
(valid_domain_name): new sub
(get_cnames): Skip domain names that don't pass the validity
check.
-rwxr-xr-x | vhostcname/vhostcname | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname index 917cd73..359101c 100755 --- a/vhostcname/vhostcname +++ b/vhostcname/vhostcname @@ -39,2 +39,3 @@ my $dry_run; # Dry-run mode. my $debug; # Debug level. +my $allow_wildcard_domains; @@ -78,2 +79,18 @@ sub read_config_file($) { +# Domain names may be formed from the set of alphanumeric ASCII characters +# (a-z, A-Z, 0-9). In addition the hyphen is permitted if it is surrounded +# by characters, digits or hyphens, although it is not to start or end a +# label. +sub valid_domain_name { + my $name = shift; + $name =~ s/^\*\.// if ($allow_wildcard_domains); + foreach my $label (split(/\./, $name)) { + $label =~ s/-+/-/g; + $label =~ s/[a-zA-Z0-9]-[a-zA-Z0-9]//g; + return 0 if $label =~ /^-/ or $label =~ /-$/; + return 0 if $label =~ /[^a-zA-Z0-9]/; + } + return 1; +} + sub get_cnames($) { @@ -90,2 +107,3 @@ sub get_cnames($) { }; + my $line = 0; while (<$fd>) { @@ -97,4 +115,15 @@ sub get_cnames($) { foreach my $name (split /\s+/, $2) { + unless (valid_domain_name($name)) { + print STDERR "$script: $file:$line: $name: invalid domain name\n"; + next; + } foreach my $z (@zone) { - $ret{$name} = $z if ($name =~ /.*\.$z/); + if ($name =~ /.*\.$z$/) { + if ($name =~ /^\*\.(.+)/ and $1 eq $z) { + print STDERR "$script: $file:$line: $name: first-level wildcard\n"; + next; + } + $ret{$name} = $z; + last; + } } @@ -287,2 +316,3 @@ GetOptions("help" => \$man, "server=s" => \$nameserver, + "allow-wildcard-domains" => \$allow_wildcard_domains ) or exit(3); @@ -428,2 +458,8 @@ Ignored +=item B<--allow-wildcard-domains> + +Allow the use of wildcard (B<*>). When this option is in effect, a wildcard +will be allowed if it is the very first label in a domain name and it is +separated from the base zone (see the B<--zone> option) by one or more labels. + =item B<--apache-config-directory=>I<DIR> |