Merge pull request #2921 from BlackDex/issue-2909

Prevent DNS leak when icon regex is configured
pull/2868/head
Daniel García 2 years ago committed by GitHub
commit 366b1050ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -262,17 +262,8 @@ use cached::proc_macro::cached;
#[cached(key = "String", convert = r#"{ domain.to_string() }"#, size = 16, time = 60)] #[cached(key = "String", convert = r#"{ domain.to_string() }"#, size = 16, time = 60)]
#[allow(clippy::unused_async)] // This is needed because cached causes a false-positive here. #[allow(clippy::unused_async)] // This is needed because cached causes a false-positive here.
async fn is_domain_blacklisted(domain: &str) -> bool { async fn is_domain_blacklisted(domain: &str) -> bool {
if CONFIG.icon_blacklist_non_global_ips() { // First check the blacklist regex if there is a match.
if let Ok(s) = lookup_host((domain, 0)).await { // This prevents the blocked domain(s) from being leaked via a DNS lookup.
for addr in s {
if !is_global(addr.ip()) {
debug!("IP {} for domain '{}' is not a global IP!", addr.ip(), domain);
return true;
}
}
}
}
if let Some(blacklist) = CONFIG.icon_blacklist_regex() { if let Some(blacklist) = CONFIG.icon_blacklist_regex() {
// Use the pre-generate Regex stored in a Lazy HashMap if there's one, else generate it. // Use the pre-generate Regex stored in a Lazy HashMap if there's one, else generate it.
let is_match = if let Some(regex) = ICON_BLACKLIST_REGEX.get(&blacklist) { let is_match = if let Some(regex) = ICON_BLACKLIST_REGEX.get(&blacklist) {
@ -297,6 +288,18 @@ async fn is_domain_blacklisted(domain: &str) -> bool {
return true; return true;
} }
} }
if CONFIG.icon_blacklist_non_global_ips() {
if let Ok(s) = lookup_host((domain, 0)).await {
for addr in s {
if !is_global(addr.ip()) {
debug!("IP {} for domain '{}' is not a global IP!", addr.ip(), domain);
return true;
}
}
}
}
false false
} }

Binary file not shown.

Before

Width:  |  Height:  |  Size: 331 B

After

Width:  |  Height:  |  Size: 483 B

Loading…
Cancel
Save