abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist

With the following ruleset:

ex.com
bc.ex.com

"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.

However, there is a more general rule that should be considered, ex.com.

So we need to perform at least two lookups in that case.
This commit is contained in:
Frank Denis 2018-01-21 19:47:19 +01:00
parent 6ca2697128
commit 29fee1585f
1 changed files with 10 additions and 2 deletions

View File

@ -142,10 +142,18 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
revQname := StringReverse(qName)
reject, reason := false, ""
if !reject {
match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname))
if found {
if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname)); found {
if len(match) == len(qName) || revQname[len(match)] == '.' {
reject, reason = true, "*."+StringReverse(string(match))
} else if len(match) < len(revQname) && len(revQname) > 0 {
if i := strings.LastIndex(revQname, "."); i > 0 {
pName := revQname[:i]
if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(pName)); found {
if len(match) == len(pName) || pName[len(match)] == '.' {
reject, reason = true, "*."+StringReverse(string(match))
}
}
}
}
}
}