BF: anchoring regex for IP with " *$" at the end + adjust regexp for <HOST>

to forbid matching IPs encoded in the hostname (like 1.2.3.4.xxx.yyyyy.zzz) prior doing actual DNS lookup. It is quite important and actually security hazard: DoS is easy to perform... Since now we don't do \S matching in <HOST> regexp, in the development branches we should also allow for unicode characters by adding 're.U' to HOST's regexp
2009-02-04 15:38:11 -05:00 · 2009-02-04 15:38:11 -05:00 · b54290affb
parent 3ecce6a188
commit b54290affb
2 changed files with 2 additions and 2 deletions
--- a/server/failregex.py
+++ b/server/failregex.py
@ -44,7 +44,7 @@ class Regex:
 		self._matchCache = None
 		# Perform shortcuts expansions.
 		# Replace "<HOST>" with default regular expression for host.
-		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)")
 		if regex.lstrip() == '':
 			raise RegexException("Cannot add empty regex")
 		try:
--- a/server/filter.py
+++ b/server/filter.py
@ -492,7 +492,7 @@ import socket, struct

 class DNSUtils:
 	
-	IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}")
+	IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}$")
 	
 	#@staticmethod
 	def dnsToIp(dns):