summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2017-03-05 20:39:44 +0100
committerGitHub <noreply@github.com>2017-03-05 20:39:44 +0100
commitc79f9233725473b05dc92f9a85fd1775ba61a44c (patch)
treeadf054a1b11200dcd9b5792c5dd37481f4f391f7
parenta923a03031d0cd5869bb2f8e569ea21a1101c7d5 (diff)
parent0904978757187d40a7fd5a098887890d0b002700 (diff)
Merge pull request #1280 from Adam-/insp20+dnsblcheck
m_dnsbl: check returned results are in 127.0.0.0/8
Diffstat
-rw-r--r--src/modules/m_dnsbl.cpp9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp
index d4101686a..3dea080ce 100644
--- a/src/modules/m_dnsbl.cpp
+++ b/src/modules/m_dnsbl.cpp
@@ -70,8 +70,8 @@ class DNSBLResolver : public Resolver
int i = countExt.get(them);
if (i)
countExt.set(them, i - 1);
- // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d
- if(result.length())
+ // All replies should be in 127.0.0.0/8
+ if (result.compare(0, 4, "127.") == 0)
{
unsigned int bitmask = 0, record = 0;
bool match = false;
@@ -82,6 +82,7 @@ class DNSBLResolver : public Resolver
switch (ConfEntry->type)
{
case DNSBLConfEntry::A_BITMASK:
+ // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d
bitmask = resultip.s_addr >> 24; /* Last octet (network byte order) */
bitmask &= ConfEntry->bitmask;
match = (bitmask != 0);
@@ -196,7 +197,11 @@ class DNSBLResolver : public Resolver
ConfEntry->stats_misses++;
}
else
+ {
+ if (!result.empty())
+ ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), result.c_str());
ConfEntry->stats_misses++;
+ }
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 05:51:19 +0000