diff options
author | Adam <Adam@anope.org> | 2017-01-08 14:18:24 -0500 |
---|---|---|
committer | Adam <Adam@anope.org> | 2017-01-11 20:12:11 -0500 |
commit | 0904978757187d40a7fd5a098887890d0b002700 (patch) | |
tree | adf054a1b11200dcd9b5792c5dd37481f4f391f7 /src/modules/m_dnsbl.cpp | |
parent | a923a03031d0cd5869bb2f8e569ea21a1101c7d5 (diff) |
m_dnsbl: check returned results are in 127.0.0.0/8
Diffstat (limited to 'src/modules/m_dnsbl.cpp')
-rw-r--r-- | src/modules/m_dnsbl.cpp | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp index d4101686a..3dea080ce 100644 --- a/src/modules/m_dnsbl.cpp +++ b/src/modules/m_dnsbl.cpp @@ -70,8 +70,8 @@ class DNSBLResolver : public Resolver int i = countExt.get(them); if (i) countExt.set(them, i - 1); - // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d - if(result.length()) + // All replies should be in 127.0.0.0/8 + if (result.compare(0, 4, "127.") == 0) { unsigned int bitmask = 0, record = 0; bool match = false; @@ -82,6 +82,7 @@ class DNSBLResolver : public Resolver switch (ConfEntry->type) { case DNSBLConfEntry::A_BITMASK: + // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d bitmask = resultip.s_addr >> 24; /* Last octet (network byte order) */ bitmask &= ConfEntry->bitmask; match = (bitmask != 0); @@ -196,7 +197,11 @@ class DNSBLResolver : public Resolver ConfEntry->stats_misses++; } else + { + if (!result.empty()) + ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), result.c_str()); ConfEntry->stats_misses++; + } } } |