mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Merge pull request #1510 from drwetter/rDNS_fixes
Fix for non compliant DNS PTR records
This commit is contained in:
commit
64fea03f66
15
testssl.sh
15
testssl.sh
@ -19209,7 +19209,7 @@ determine_ip_addresses() {
|
|||||||
|
|
||||||
determine_rdns() {
|
determine_rdns() {
|
||||||
local saved_openssl_conf="$OPENSSL_CONF"
|
local saved_openssl_conf="$OPENSSL_CONF"
|
||||||
local nodeip=""
|
local nodeip="" rdns="" line=""
|
||||||
|
|
||||||
[[ -n "$NODNS" ]] && rDNS="(instructed to minimize DNS queries)" && return 0 # PTR records were not asked for
|
[[ -n "$NODNS" ]] && rDNS="(instructed to minimize DNS queries)" && return 0 # PTR records were not asked for
|
||||||
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for DNS we do not need the square brackets of IPv6 addresses
|
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for DNS we do not need the square brackets of IPv6 addresses
|
||||||
@ -19231,10 +19231,15 @@ determine_rdns() {
|
|||||||
rDNS=$(strip_lf "$(nslookup -type=PTR $nodeip 2>/dev/null | grep -v 'canonical name =' | grep 'name = ' | awk '{ print $NF }' | sed 's/\.$//')")
|
rDNS=$(strip_lf "$(nslookup -type=PTR $nodeip 2>/dev/null | grep -v 'canonical name =' | grep 'name = ' | awk '{ print $NF }' | sed 's/\.$//')")
|
||||||
fi
|
fi
|
||||||
OPENSSL_CONF="$saved_openssl_conf" # see https://github.com/drwetter/testssl.sh/issues/134
|
OPENSSL_CONF="$saved_openssl_conf" # see https://github.com/drwetter/testssl.sh/issues/134
|
||||||
rDNS="$(echo $rDNS)"
|
# First, rDNS can contain multilines due to multiple PTR DNS records, though this is not recommended.
|
||||||
# remove chars which under weird circumstances can show up here
|
# So we use a loop to check for each FQDN returned. There we remove chars which under weird
|
||||||
rDNS=${rDNS// /}
|
# circumstances (see #1506) can show up here. The blacklist is taken from RFC 1912 ("Allowable characters in a
|
||||||
rDNS=${rDNS//;/}
|
# label for a host name are only ASCII, letters, digits, and the `-' character")
|
||||||
|
while read -r line; do
|
||||||
|
line="$(tr -dc '[a-zA-Z0-9-_.]' <<< "$line")"
|
||||||
|
[[ -z "$rdns" ]] && rdns="$line" || rdns="$rdns $line"
|
||||||
|
done <<< "$rDNS"
|
||||||
|
rDNS="$rdns"
|
||||||
[[ -z "$rDNS" ]] && rDNS="--"
|
[[ -z "$rDNS" ]] && rDNS="--"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user