From: Dirk Koopman Date: Wed, 1 Feb 2023 09:07:06 +0000 (+0000) Subject: harden DXCIDR from router/proxy html measges X-Git-Url: http://dxcluster.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=d3568fec5fb3e19f72dc4813dd2e18a7031dd6bb;p=spider.git harden DXCIDR from router/proxy html measges That end ip in the badip files because of some local network problem. Examples include storing an HTML error message saying something like "could not access this URL" in one or more of the files instead of just leaving them empty. --- diff --git a/Changes b/Changes index 9a502165..6639a0b9 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,7 @@ +01Feb23======================================================================= +1. Harden DXCIDR (badip stuff) against format errors in downloaded badip files + downloaded using wget from the crontab. If these problems persist PLEASE + TELL me and send me examples of the errors that end up in the badip files. 30Jan23======================================================================= 1. Add ip addresses to outgoing PC93 messages 2. Get rid of (some of?) the uninitialised warnings diff --git a/cmd/set/badip.pl b/cmd/set/badip.pl index 1ed8225a..bfbd89ce 100644 --- a/cmd/set/badip.pl +++ b/cmd/set/badip.pl @@ -21,6 +21,10 @@ if ($in[0] =~ /^[_\d\w]+$/) { return (1, "set/badip: need [suffix (def: local])] IP, IP-IP or IP/24") unless @in; for my $ip (@in) { my $r; + unless (is_ipaddr($ip)) { + push @out, "set/badip: '$ip' is not an ip address, ignored"; + next; + } eval{ $r = DXCIDR::find($ip); }; return (1, "set/badip: $ip $@") if $@; if ($r) { @@ -34,6 +38,10 @@ my $count = @added; my $list = join ' ', @in; DXCIDR::clean_prep(); #$DB::single = 1; -DXCIDR::append($suffix, @added); -push @out, "set/badip: added $count entries to badip.$suffix : $list" if $count; +if ($count) { + DXCIDR::append($suffix, @added); + push @out, "set/badip: added $count entries to badip.$suffix : '$list'"; +} else { + push @out, "set/badip: No valid IPs, not updating badip.$suffix with '$list'"; +} return (1, @out); diff --git a/perl/DXCIDR.pm b/perl/DXCIDR.pm index 82115220..b702d7b8 100644 --- a/perl/DXCIDR.pm +++ b/perl/DXCIDR.pm @@ -38,13 +38,25 @@ sub _read $fn .= ".$suffix" if $suffix; my $fh = IO::File->new($fn); my @out; + my $ecount; + my $line; + if ($fh) { while (<$fh>) { chomp; + ++$line; next if /^\s*\#/; next unless /[\.:]/; next unless $_; + unless (is_ipaddr($_)) { + ++$ecount; + LogDbg('err', qq(DXCIDR: $fn line $line: '$_' not an ip address)); + if ($ecount > 10) { + LogDbg('err', qq(DXCIDR: More than 10 errors in $fn at/after line $line: '$_' - INVALID INPUT FILE)); + return (); + } + } push @out, $_; } $fh->close; @@ -58,6 +70,7 @@ sub _load { my $suffix = shift; my @in = _read($suffix); + return 0 unless @in; return scalar add(@in); } @@ -112,6 +125,7 @@ sub add for my $ip (@_) { # protect against stupid or malicious + next unless is_ipaddr($ip); next if $ip =~ /^127\./; next if $ip =~ /^::1$/; if ($ip =~ /\./) {