Improved nameserver validation (WHOIS)

2025-07-25 11:58:19 +02:00 · 2025-04-23 12:29:20 +03:00 · 2025-04-23 12:29:20 +03:00 · db00aaffeb
commit db00aaffeb
parent 6f7f767547
3 changed files with 46 additions and 6 deletions
--- a/whois/port43/helpers.php
+++ b/whois/port43/helpers.php
@ -113,3 +113,43 @@ function updatePermittedIPs($pool, $permittedIPsTable) {
        $permittedIPsTable->set($ip, ['addr' => $ip]);
    }
 }
+
+function isValidHostname($hostname) {
+    $hostname = trim($hostname);
+
+    // Convert IDN (Unicode) to ASCII if necessary
+    if (mb_detect_encoding($hostname, 'ASCII', true) === false) {
+        $hostname = idn_to_ascii($hostname, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
+        if ($hostname === false) {
+            return false; // Invalid IDN conversion
+        }
+    }
+
+    // Ensure there is at least **one dot** (to prevent single-segment hostnames)
+    if (substr_count($hostname, '.') < 1) {
+        return false;
+    }
+
+    // Regular expression for validating a hostname
+    $pattern = '/^((xn--[a-zA-Z0-9-]{1,63}|[a-zA-Z0-9-]{1,63})\.)*([a-zA-Z0-9-]{1,63}|xn--[a-zA-Z0-9-]{2,63})$/';
+
+    // Ensure it matches the hostname pattern
+    if (!preg_match($pattern, $hostname)) {
+        return false;
+    }
+
+    // Ensure no label exceeds 63 characters
+    $labels = explode('.', $hostname);
+    foreach ($labels as $label) {
+        if (strlen($label) > 63) {
+            return false;
+        }
+    }
+
+    // Ensure full hostname is not longer than 255 characters
+    if (strlen($hostname) > 255) {
+        return false;
+    }
+
+    return true;
+}
--- a/whois/port43/start_whois.php
+++ b/whois/port43/start_whois.php
@ -658,7 +658,7 @@ $server->on('receive', function ($server, $fd, $reactorId, $data) use ($c, $pool
                    }
                }

-                if (!preg_match('/^((xn--[a-zA-Z0-9-]{1,63}|[a-zA-Z0-9-]{1,63})\.){2,}(xn--[a-zA-Z0-9-]{2,63}|[a-zA-Z]{2,63})$/', $nameserver)) {
+                if (!isValidHostname($nameserver)) {
                    $server->send($fd, "Nameserver contains invalid characters or is not in the correct format.");
                    $server->close($fd);
                }
--- a/whois/port43/whois_limited.php
+++ b/whois/port43/whois_limited.php
@ -296,7 +296,7 @@ $server->on('receive', function ($server, $fd, $reactorId, $data) use ($c, $pool
                    }
                }

-                if (!preg_match('/^((xn--[a-zA-Z0-9-]{1,63}|[a-zA-Z0-9-]{1,63})\.){2,}(xn--[a-zA-Z0-9-]{2,63}|[a-zA-Z]{2,63})$/', $nameserver)) {
+                if (!isValidHostname($nameserver)) {
                    $server->send($fd, "Nameserver contains invalid characters or is not in the correct format.");
                    $server->close($fd);
                }