Improved nameserver validation (WHOIS)

This commit is contained in:
Pinga 2025-04-23 12:29:20 +03:00
parent 6f7f767547
commit db00aaffeb
3 changed files with 46 additions and 6 deletions

View file

@ -112,4 +112,44 @@ function updatePermittedIPs($pool, $permittedIPsTable) {
foreach ($permittedIPs as $ip) {
$permittedIPsTable->set($ip, ['addr' => $ip]);
}
}
function isValidHostname($hostname) {
$hostname = trim($hostname);
// Convert IDN (Unicode) to ASCII if necessary
if (mb_detect_encoding($hostname, 'ASCII', true) === false) {
$hostname = idn_to_ascii($hostname, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
if ($hostname === false) {
return false; // Invalid IDN conversion
}
}
// Ensure there is at least **one dot** (to prevent single-segment hostnames)
if (substr_count($hostname, '.') < 1) {
return false;
}
// Regular expression for validating a hostname
$pattern = '/^((xn--[a-zA-Z0-9-]{1,63}|[a-zA-Z0-9-]{1,63})\.)*([a-zA-Z0-9-]{1,63}|xn--[a-zA-Z0-9-]{2,63})$/';
// Ensure it matches the hostname pattern
if (!preg_match($pattern, $hostname)) {
return false;
}
// Ensure no label exceeds 63 characters
$labels = explode('.', $hostname);
foreach ($labels as $label) {
if (strlen($label) > 63) {
return false;
}
}
// Ensure full hostname is not longer than 255 characters
if (strlen($hostname) > 255) {
return false;
}
return true;
}

View file

@ -657,12 +657,12 @@ $server->on('receive', function ($server, $fd, $reactorId, $data) use ($c, $pool
$nameserver = $convertedDomain;
}
}
if (!preg_match('/^((xn--[a-zA-Z0-9-]{1,63}|[a-zA-Z0-9-]{1,63})\.){2,}(xn--[a-zA-Z0-9-]{2,63}|[a-zA-Z]{2,63})$/', $nameserver)) {
if (!isValidHostname($nameserver)) {
$server->send($fd, "Nameserver contains invalid characters or is not in the correct format.");
$server->close($fd);
}
$query = "SELECT name,clid FROM host WHERE name = :nameserver";
$stmt = $pdo->prepare($query);
$stmt->bindParam(':nameserver', $nameserver, PDO::PARAM_STR);

View file

@ -295,12 +295,12 @@ $server->on('receive', function ($server, $fd, $reactorId, $data) use ($c, $pool
$nameserver = $convertedDomain;
}
}
if (!preg_match('/^((xn--[a-zA-Z0-9-]{1,63}|[a-zA-Z0-9-]{1,63})\.){2,}(xn--[a-zA-Z0-9-]{2,63}|[a-zA-Z]{2,63})$/', $nameserver)) {
if (!isValidHostname($nameserver)) {
$server->send($fd, "Nameserver contains invalid characters or is not in the correct format.");
$server->close($fd);
}
$query = "SELECT name,clid FROM host WHERE name = :nameserver";
$stmt = $pdo->prepare($query);
$stmt->bindParam(':nameserver', $nameserver, PDO::PARAM_STR);