ud-mailgate: block punycode DNS entries

author Julien Cristau <jcristau@debian.org>

Tue, 8 Oct 2019 17:35:51 +0000 (19:35 +0200)

committer Julien Cristau <jcristau@debian.org>

Tue, 8 Oct 2019 17:35:51 +0000 (19:35 +0200)
author Julien Cristau <jcristau@debian.org>
Tue, 8 Oct 2019 17:35:51 +0000 (19:35 +0200)
committer Julien Cristau <jcristau@debian.org>
Tue, 8 Oct 2019 17:35:51 +0000 (19:35 +0200)
diff --git a/ud-mailgate b/ud-mailgate

index 0d6d330..baaf08a 100755 (executable)
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -371,6 +371,10 @@ def DoDNS(Str, Attrs, DnRecord):
         aaaarecord is None:
          return None
  
+    # Check for punycode.  We ought to validate it before we allow it in our zone.
+    if Str.lower().startswith('xn--') and Str.lower() != 'xn--mnchen-3ya':
+        return "Punycode not allowed: " + Str
+
      # Check if the name is already taken
      G = re.match(r'^([-\w+]+)\s', Str)
      if G is None:
author	Julien Cristau <jcristau@debian.org>
	Tue, 8 Oct 2019 17:35:51 +0000 (19:35 +0200)
committer	Julien Cristau <jcristau@debian.org>
	Tue, 8 Oct 2019 17:35:51 +0000 (19:35 +0200)