projects
/
mirror
/
userdir-ldap.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
8a55266
)
ud-mailgate: block punycode DNS entries
author
Julien Cristau
<jcristau@debian.org>
Tue, 8 Oct 2019 17:35:51 +0000
(19:35 +0200)
committer
Julien Cristau
<jcristau@debian.org>
Tue, 8 Oct 2019 17:35:51 +0000
(19:35 +0200)
Keep an exception for a single existing domain.
ud-mailgate
patch
|
blob
|
history
diff --git
a/ud-mailgate
b/ud-mailgate
index
0d6d330
..
baaf08a
100755
(executable)
--- a/
ud-mailgate
+++ b/
ud-mailgate
@@
-371,6
+371,10
@@
def DoDNS(Str, Attrs, DnRecord):
aaaarecord is None:
return None
+ # Check for punycode. We ought to validate it before we allow it in our zone.
+ if Str.lower().startswith('xn--') and Str.lower() != 'xn--mnchen-3ya':
+ return "Punycode not allowed: " + Str
+
# Check if the name is already taken
G = re.match(r'^([-\w+]+)\s', Str)
if G is None: