miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist 

With the following ruleset:

ex.com
bc.ex.com

"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.

However, there is a more general rule that should be considered, ex.com.

So we need to perform at least two lookups in that case.
This commit is contained in:
Frank Denis 2018-01-21 19:47:19 +01:00
parent 6ca2697128
commit 29fee1585f
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dnscrypt-proxy/plugin_block_name.go
View File

@ -142,10 +142,18 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
revQname := StringReverse(qName) revQname := StringReverse(qName)
reject, reason := false, "" reject, reason := false, ""
if !reject { if !reject {
match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname)) if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname)); found {
if found {
if len(match) == len(qName) || revQname[len(match)] == '.' { if len(match) == len(qName) || revQname[len(match)] == '.' {
reject, reason = true, "*."+StringReverse(string(match)) reject, reason = true, "*."+StringReverse(string(match))
} else if len(match) < len(revQname) && len(revQname) > 0 {
if i := strings.LastIndex(revQname, "."); i > 0 {
pName := revQname[:i]
if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(pName)); found {
if len(match) == len(pName) || pName[len(match)] == '.' {
reject, reason = true, "*."+StringReverse(string(match))
}
}
}
} }
} }
} }