summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAdam <Adam@anope.org>2017-01-08 14:18:24 -0500
committerAdam <Adam@anope.org>2017-01-11 20:12:11 -0500
commit0904978757187d40a7fd5a098887890d0b002700 (patch)
treeadf054a1b11200dcd9b5792c5dd37481f4f391f7 /src
parenta923a03031d0cd5869bb2f8e569ea21a1101c7d5 (diff)
m_dnsbl: check returned results are in 127.0.0.0/8
Diffstat (limited to 'src')
-rw-r--r--src/modules/m_dnsbl.cpp9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp
index d4101686a..3dea080ce 100644
--- a/src/modules/m_dnsbl.cpp
+++ b/src/modules/m_dnsbl.cpp
@@ -70,8 +70,8 @@ class DNSBLResolver : public Resolver
int i = countExt.get(them);
if (i)
countExt.set(them, i - 1);
- // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d
- if(result.length())
+ // All replies should be in 127.0.0.0/8
+ if (result.compare(0, 4, "127.") == 0)
{
unsigned int bitmask = 0, record = 0;
bool match = false;
@@ -82,6 +82,7 @@ class DNSBLResolver : public Resolver
switch (ConfEntry->type)
{
case DNSBLConfEntry::A_BITMASK:
+ // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d
bitmask = resultip.s_addr >> 24; /* Last octet (network byte order) */
bitmask &= ConfEntry->bitmask;
match = (bitmask != 0);
@@ -196,7 +197,11 @@ class DNSBLResolver : public Resolver
ConfEntry->stats_misses++;
}
else
+ {
+ if (!result.empty())
+ ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), result.c_str());
ConfEntry->stats_misses++;
+ }
}
}