From 0ee3505e1f0cc3df78651f2f9cb393c5ff3df26e Mon Sep 17 00:00:00 2001 From: Simon Zolin Date: Tue, 23 Jun 2020 12:39:19 +0300 Subject: [PATCH] * SB/PC: limit the number of hashes in request to 4 --- dnsfilter/dnsfilter_test.go | 6 ++++++ dnsfilter/security.go | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/dnsfilter/dnsfilter_test.go b/dnsfilter/dnsfilter_test.go index 6515b53d..f0dff6ec 100644 --- a/dnsfilter/dnsfilter_test.go +++ b/dnsfilter/dnsfilter_test.go @@ -146,6 +146,12 @@ func TestEtcHostsMatching(t *testing.T) { // SAFE BROWSING +func TestSafeBrowsingHash(t *testing.T) { + q, hashes := hostnameToHashParam("1.2.3.4.5.6") + assert.Equal(t, "0132d0fa.b5413b4e.5fa067c1.e7f6c011.", q) + assert.Equal(t, 4, len(hashes)) +} + func TestSafeBrowsing(t *testing.T) { d := NewForTest(&Config{SafeBrowsingEnabled: true}, nil) defer d.Close() diff --git a/dnsfilter/security.go b/dnsfilter/security.go index 7f2b397a..9de23add 100644 --- a/dnsfilter/security.go +++ b/dnsfilter/security.go @@ -157,6 +157,7 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) { } // for each dot, hash it and add it to string +// The maximum is 4 components: "a.b.c.d" func hostnameToHashParam(host string) (string, map[string]bool) { var hashparam bytes.Buffer hashes := map[string]bool{} @@ -166,6 +167,18 @@ func hostnameToHashParam(host string) (string, map[string]bool) { tld = "" } curhost := host + + nDots := 0 + for i := len(curhost) - 1; i >= 0; i-- { + if curhost[i] == '.' { + nDots++ + if nDots == 4 { + curhost = curhost[i+1:] // "xxx.a.b.c.d" -> "a.b.c.d" + break + } + } + } + for { if curhost == "" { // we've reached end of string