From ff55c112417199e4b04098a32c5f4805b59356f9 Mon Sep 17 00:00:00 2001 From: Ainar Garipov Date: Mon, 12 Jul 2021 12:38:46 +0300 Subject: [PATCH] filtering: fix letter case in cname matching --- CHANGELOG.md | 2 ++ internal/dnsforward/dnsforward_test.go | 31 ++++++++++++++------------ internal/filtering/filtering.go | 2 ++ 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d88206c89a5..2ef4528cac9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -62,6 +62,7 @@ released by then. ### Fixed +- Letter case mismatches in `CNAME` filtering ([#3335]). - Occasional breakages on network errors with DNS-over-HTTP upstreams ([#3217]). - Errors when setting static IP on Linux ([#3257]). - Treatment of domain names and FQDNs in custom rules with `$dnsrewrite` that @@ -101,6 +102,7 @@ released by then. [#3217]: https://github.com/AdguardTeam/AdGuardHome/issues/3217 [#3256]: https://github.com/AdguardTeam/AdGuardHome/issues/3256 [#3257]: https://github.com/AdguardTeam/AdGuardHome/issues/3257 +[#3335]: https://github.com/AdguardTeam/AdGuardHome/issues/3335 diff --git a/internal/dnsforward/dnsforward_test.go b/internal/dnsforward/dnsforward_test.go index e42ad30cab5..35477696cbd 100644 --- a/internal/dnsforward/dnsforward_test.go +++ b/internal/dnsforward/dnsforward_test.go @@ -58,7 +58,7 @@ func createTestServer( t.Helper() rules := `||nxdomain.example.org -||null.example.org^ +||NULL.example.org^ 127.0.0.1 host.example.org @@||whitelist.example.org^ ||127.0.0.255` @@ -581,13 +581,13 @@ func TestServerCustomClientUpstream(t *testing.T) { // testCNAMEs is a map of names and CNAMEs necessary for the TestUpstream work. var testCNAMEs = map[string]string{ - "badhost.": "null.example.org.", - "whitelist.example.org.": "null.example.org.", + "badhost.": "NULL.example.org.", + "whitelist.example.org.": "NULL.example.org.", } // testIPv4 is a map of names and IPv4s necessary for the TestUpstream work. var testIPv4 = map[string][]net.IP{ - "null.example.org.": {{1, 2, 3, 4}}, + "NULL.example.org.": {{1, 2, 3, 4}}, "example.org.": {{127, 0, 0, 255}}, } @@ -609,7 +609,7 @@ func TestBlockCNAMEProtectionEnabled(t *testing.T) { addr := s.dnsProxy.Addr(proxy.ProtoUDP) - // 'badhost' has a canonical name 'null.example.org' which should be + // 'badhost' has a canonical name 'NULL.example.org' which should be // blocked by filters, but protection is disabled so it is not. req := createTestMessage("badhost.") @@ -644,13 +644,13 @@ func TestBlockCNAME(t *testing.T) { want bool }{{ host: "badhost.", - // 'badhost' has a canonical name 'null.example.org' which is + // 'badhost' has a canonical name 'NULL.example.org' which is // blocked by filters: response is blocked. want: true, }, { host: "whitelist.example.org.", // 'whitelist.example.org' has a canonical name - // 'null.example.org' which is blocked by filters + // 'NULL.example.org' which is blocked by filters // but 'whitelist.example.org' is in a whitelist: // response isn't blocked. want: false, @@ -671,8 +671,11 @@ func TestBlockCNAME(t *testing.T) { assert.Equal(t, dns.RcodeSuccess, reply.Rcode) if tc.want { require.Len(t, reply.Answer, 1) - a, ok := reply.Answer[0].(*dns.A) - require.True(t, ok) + + ans := reply.Answer[0] + a, ok := ans.(*dns.A) + require.Truef(t, ok, "got %T", ans) + assert.True(t, a.A.IsUnspecified()) } }) @@ -701,7 +704,7 @@ func TestClientRulesForCNAMEMatching(t *testing.T) { addr := s.dnsProxy.Addr(proxy.ProtoUDP) - // 'badhost' has a canonical name 'null.example.org' which is blocked by + // 'badhost' has a canonical name 'NULL.example.org' which is blocked by // filters: response is blocked. req := dns.Msg{ MsgHdr: dns.MsgHdr{ @@ -742,7 +745,7 @@ func TestNullBlockedRequest(t *testing.T) { RecursionDesired: true, }, Question: []dns.Question{{ - Name: "null.example.org.", + Name: "NULL.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET, }}, @@ -757,7 +760,7 @@ func TestNullBlockedRequest(t *testing.T) { } func TestBlockedCustomIP(t *testing.T) { - rules := "||nxdomain.example.org^\n||null.example.org^\n127.0.0.1 host.example.org\n@@||whitelist.example.org^\n||127.0.0.255\n" + rules := "||nxdomain.example.org^\n||NULL.example.org^\n127.0.0.1 host.example.org\n@@||whitelist.example.org^\n||127.0.0.255\n" filters := []filtering.Filter{{ ID: 0, Data: []byte(rules), @@ -802,7 +805,7 @@ func TestBlockedCustomIP(t *testing.T) { addr := s.dnsProxy.Addr(proxy.ProtoUDP) - req := createTestMessageWithType("null.example.org.", dns.TypeA) + req := createTestMessageWithType("NULL.example.org.", dns.TypeA) reply, err := dns.Exchange(req, addr.String()) require.NoError(t, err) @@ -813,7 +816,7 @@ func TestBlockedCustomIP(t *testing.T) { assert.True(t, net.IP{0, 0, 0, 1}.Equal(a.A)) - req = createTestMessageWithType("null.example.org.", dns.TypeAAAA) + req = createTestMessageWithType("NULL.example.org.", dns.TypeAAAA) reply, err = dns.Exchange(req, addr.String()) require.NoError(t, err) diff --git a/internal/filtering/filtering.go b/internal/filtering/filtering.go index d1ce6f9414d..2e4a3ac92e6 100644 --- a/internal/filtering/filtering.go +++ b/internal/filtering/filtering.go @@ -403,6 +403,8 @@ func (d *DNSFilter) CheckHostRules(host string, qtype uint16, setts *Settings) ( return Result{}, nil } + host = strings.ToLower(host) + return d.matchHost(host, qtype, setts) }