Bug #9023: is_fqdn() validation - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #9023

closed

is_fqdn() validation

Added by Nano Caiordo about 6 years ago. Updated over 4 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Renato Botelho

Category:

Web Interface

Target version:

2.5.0

Start date:

10/07/2018

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

Affected Architecture:

Description

Hello,

current validation doesn't follow any RFC guideline and it's pretty much broken.

var_dump(is_fqdn('a!@#$%^&0.b%^a1'));
bool(true)

A patch is ready and I'll generate the push request right after this gets submitted.

Files

is_fqdn.txt (2.61 KB) is_fqdn.txt

speed and domain validation comparison file

Nano Caiordo, 11/30/2018 03:47 AM

History
Notes
Property changes

Actions

Copy link

Updated by Nano Caiordo about 6 years ago

Ulterior information on this patch:

As per php.net/manual/en/filter.filters.validate.php: FILTER_VALIDATE_DOMAIN

Validates domain names against RFC 1034, RFC 1035, RFC 952, RFC 1123, RFC 2732, RFC 2181, and RFC 1123. Optional flag FILTER_FLAG_HOSTNAME adds ability to specifically validate hostnames (they must start with an alphanumberic character and contain only alphanumerics or hyphens).

filter_var() returns false on failure or the entire unmodified input string on success, on this the patch removes any valid trailing dot before counting parts.
Sure the patch could be modified to trim and count on success only.

Above RFCs are pretty old but updated only for domain DNS names, records with underscore, and SMTP mail transport specifications.
This patch will not validate a domain DNS name such as _tcp.example.test, as I suppose is_fqdn() target RFC 1123.

bool(true) 'sub.domain.test.'
bool(true) 'sub.domain.test'
bool(true) 'xn--sub.xn--domain.test'

bool(false) 'domain.test.'
bool(false) 'domain.test'
bool(false) '-sub.domain.test'
bool(false) '_sub.domain.test'
bool(false) 's_ub.domain.test'

Actions

Copy link

Updated by Nano Caiordo almost 6 years ago

File is_fqdn.txt is_fqdn.txt added

I'm testing via System Patcher since https://github.com/pfsense/pfsense/pull/3998 went into approved/needs testing and so far unbound reloads are quite faster, placebo effect? Could anyone confirm?

As a reference I'm also adding here a speed and domain validation comparison file over thousands of iterations (cannot quite remember the exact number).

Actions

Copy link

Updated by Renato Botelho over 5 years ago

Status changed from New to Feedback
Assignee set to Renato Botelho
Priority changed from High to Normal
Target version set to 2.5.0
% Done changed from 0 to 100

PR has been merged. Thanks!

Actions

Copy link

Updated by Jim Pingle over 5 years ago

Category set to Web Interface

Actions

Copy link

Updated by Viktor Gurov over 4 years ago

Status changed from Feedback to Resolved

tested on 2.5.0.a.20200424.1759

looks good:

domain.test. true
domain.test true
_sub.domain.test true
s_ub.domain.test true
xn--sub.xn--domain.test true
sub.domain.test true
sub.domain.test. true
123domain.test true
domain123.test true
domain123.test123 false
domain-.test false
domain.test- false
-sub.domain.test false

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #9023

is_fqdn() validation

Updated by Nano Caiordo about 6 years ago

Updated by Nano Caiordo almost 6 years ago

Updated by Renato Botelho over 5 years ago

Updated by Jim Pingle over 5 years ago

Updated by Viktor Gurov over 4 years ago