abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist

With the following ruleset: ex.com bc.ex.com "abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's not at a label boundary, it is not rejected. However, there is a more general rule that should be considered, ex.com. So we need to perform at least two lookups in that case.
2018-01-21 19:47:19 +01:00 · 2018-01-21 19:47:19 +01:00 · 29fee1585f
parent 6ca2697128
commit 29fee1585f
1 changed files with 10 additions and 2 deletions
--- a/dnscrypt-proxy/plugin_block_name.go
+++ b/dnscrypt-proxy/plugin_block_name.go
@ -142,10 +142,18 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
 	revQname := StringReverse(qName)
 	reject, reason := false, ""
 	if !reject {
-		match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname))
-		if found {
+		if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname)); found {
 			if len(match) == len(qName) || revQname[len(match)] == '.' {
 				reject, reason = true, "*."+StringReverse(string(match))
+			} else if len(match) < len(revQname) && len(revQname) > 0 {
+				if i := strings.LastIndex(revQname, "."); i > 0 {
+					pName := revQname[:i]
+					if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(pName)); found {
+						if len(match) == len(pName) || pName[len(match)] == '.' {
+							reject, reason = true, "*."+StringReverse(string(match))
+						}
+					}
+				}
 			}
 		}
 	}