diff options
| author | Simon Kelley <simon@thekelleys.org.uk> | 2021-12-08 23:51:38 +0000 |
|---|---|---|
| committer | Simon Kelley <simon@thekelleys.org.uk> | 2021-12-08 23:51:38 +0000 |
| commit | 1176cd58c90fc37bf98a6f774b26fc1adc8fd8e9 (patch) | |
| tree | 6949e13c032b57921c131dbe1019a6aa271d49ab | |
| parent | 44a4643b620a86f1dea25235db1d4e75d21b4727 (diff) | |
| download | dnsmasq-1176cd58c90fc37bf98a6f774b26fc1adc8fd8e9.tar.gz | |
Fix regression in --rebind-domain-ok in 2.86
The 2.86 domain-match rewrite changed matching from
whole-labels to substring matching, so example.com
would match example.com and www.example.com, as before,
but also goodexample.com, which is a regression. This
restores the original behaviour.
Also restore the behaviour of --rebind-domain-ok=//
to match domains with onlt a single label and no dots.
Thanks to Sung Pae for reporting these bugs and supplying
an initial patch.
| -rw-r--r-- | src/forward.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/forward.c b/src/forward.c index 163da09..f22c080 100644 --- a/src/forward.c +++ b/src/forward.c @@ -153,11 +153,20 @@ static int domain_no_rebind(char *domain) { struct rebind_domain *rbd; size_t tlen, dlen = strlen(domain); - + char *dots = strchr(domain, '.'); + + /* Match whole labels only. Empty domain matches no dots (any single label) */ for (rbd = daemon->no_rebind; rbd; rbd = rbd->next) - if (dlen >= (tlen = strlen(rbd->domain)) && strcmp(rbd->domain, &domain[dlen - tlen]) == 0) + { + if (dlen >= (tlen = strlen(rbd->domain)) && + hostname_isequal(rbd->domain, &domain[dlen - tlen]) && + (dlen == tlen || domain[dlen - tlen - 1] == '.')) return 1; + if (tlen == 0 && !dots) + return 1; + } + return 0; } |