Mercurial > dnsbl
comparison src/dnsbl.cpp @ 23:06de5ab6a232
add url decoding stage, allow http:/ single / in yahoo redirector, allow ip address hostnames
| author | carl |
|---|---|
| date | Wed, 12 May 2004 13:23:22 -0700 |
| parents | c21b888cc175 |
| children | 2e23b7184d2b |
comparison
equal
deleted
inserted
replaced
| 22:c21b888cc175 | 23:06de5ab6a232 |
|---|---|
| 357 // very hard, just using the default resolver retry settings. | 357 // very hard, just using the default resolver retry settings. |
| 358 // If we cannot get an answer, we just accept the mail. The | 358 // If we cannot get an answer, we just accept the mail. The |
| 359 // caller must ensure thread safety. | 359 // caller must ensure thread safety. |
| 360 // | 360 // |
| 361 // | 361 // |
| 362 static int dns_interface(char *question); | 362 static int dns_interface(char *question, bool maybe_ip); |
| 363 static int dns_interface(char *question) { | 363 static int dns_interface(char *question, bool maybe_ip) { |
| 364 #ifdef NS_PACKETSZ | 364 #ifdef NS_PACKETSZ |
| 365 u_char answer[NS_PACKETSZ]; | 365 u_char answer[NS_PACKETSZ]; |
| 366 int length = res_search(question, ns_c_in, ns_t_a, answer, sizeof(answer)); | 366 int length = res_search(question, ns_c_in, ns_t_a, answer, sizeof(answer)); |
| 367 if (length < 0) return 0; // error in getting answer | 367 if (length >= 0) { // no error yet |
| 368 // parse the answer | 368 // parse the answer |
| 369 ns_msg handle; | 369 ns_msg handle; |
| 370 ns_rr rr; | 370 ns_rr rr; |
| 371 if (ns_initparse(answer, length, &handle) != 0) return 0; | 371 if (ns_initparse(answer, length, &handle) == 0) { |
| 372 int rrnum = 0; | 372 int rrnum = 0; |
| 373 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) { | 373 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) { |
| 374 if (ns_rr_type(rr) == ns_t_a) { | 374 if (ns_rr_type(rr) == ns_t_a) { |
| 375 int address; | 375 int address; |
| 376 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); | 376 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); |
| 377 return address; | 377 return address; |
| 378 } | |
| 379 } | |
| 380 } | |
| 381 } | |
| 382 if (maybe_ip) { | |
| 383 // might be a bare ip address | |
| 384 in_addr ip; | |
| 385 if (inet_aton(question, &ip)) { | |
| 386 return ip.s_addr; | |
| 378 } | 387 } |
| 379 } | 388 } |
| 380 return 0; | 389 return 0; |
| 381 #else | 390 #else |
| 382 struct hostent *host = gethostbyname(question); | 391 struct hostent *host = gethostbyname(question); |
| 386 memcpy(&address, host->h_addr, sizeof(address)); | 395 memcpy(&address, host->h_addr, sizeof(address)); |
| 387 return address; | 396 return address; |
| 388 #endif | 397 #endif |
| 389 } | 398 } |
| 390 | 399 |
| 391 static int protected_dns_interface(char *question); | 400 static int protected_dns_interface(char *question, bool maybe_ip); |
| 392 static int protected_dns_interface(char *question) { | 401 static int protected_dns_interface(char *question, bool maybe_ip) { |
| 393 int ans; | 402 int ans; |
| 394 pthread_mutex_lock(&resolve_mutex); | 403 pthread_mutex_lock(&resolve_mutex); |
| 395 ans = dns_interface(question); | 404 ans = dns_interface(question, maybe_ip); |
| 396 pthread_mutex_unlock(&resolve_mutex); | 405 pthread_mutex_unlock(&resolve_mutex); |
| 397 return ans; | 406 return ans; |
| 398 | 407 |
| 399 } | 408 } |
| 400 | 409 |
| 411 #else | 420 #else |
| 412 char question[1000]; | 421 char question[1000]; |
| 413 #endif | 422 #endif |
| 414 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix); | 423 snprintf(question, sizeof(question), "%u.%u.%u.%u.%s.", src[3], src[2], src[1], src[0], suffix); |
| 415 // ask the question, if we get an A record it implies a blacklisted ip address | 424 // ask the question, if we get an A record it implies a blacklisted ip address |
| 416 return (protected_dns_interface(question)) ? reject : oksofar; | 425 return (protected_dns_interface(question, false)) ? reject : oksofar; |
| 417 } | 426 } |
| 418 | 427 |
| 419 | 428 |
| 420 //////////////////////////////////////////////// | 429 //////////////////////////////////////////////// |
| 421 // check a single dnsbl | 430 // check a single dnsbl |
| 469 if (debug_syslog) { | 478 if (debug_syslog) { |
| 470 char buf[200]; | 479 char buf[200]; |
| 471 snprintf(buf, sizeof(buf), "looking for host %s", host); | 480 snprintf(buf, sizeof(buf), "looking for host %s", host); |
| 472 my_syslog(buf); | 481 my_syslog(buf); |
| 473 } | 482 } |
| 474 ip = protected_dns_interface(host); | 483 ip = protected_dns_interface(host, true); |
| 475 if (ip) { | 484 if (ip) { |
| 476 if (debug_syslog) { | 485 if (debug_syslog) { |
| 477 char adr[sizeof "255.255.255.255"]; | 486 char adr[sizeof "255.255.255.255"]; |
| 478 adr[0] = '\0'; | 487 adr[0] = '\0'; |
| 479 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr)); | 488 inet_ntop(AF_INET, (const u_char *)&ip, adr, sizeof(adr)); |