dhcp: apply hostname validation to dnsmasq watcher as well. make the pattern a bit less restrictive

2026-03-14 00:24:40 +00:00 · 2023-06-21 15:54:36 +02:00 · 2023-06-21 15:54:36 +02:00 · 2b89ff975f
commit 2b89ff975f
parent d6d6aa4f9a
2 changed files with 14 additions and 10 deletions
--- a/src/opnsense/scripts/dhcp/dnsmasq_watcher.py
+++ b/src/opnsense/scripts/dhcp/dnsmasq_watcher.py
@ -35,6 +35,7 @@ import time
 import argparse
 import syslog
 import signal
+import re
 from configparser import ConfigParser
 sys.path.insert(0, "/usr/local/opnsense/site-python")
 from daemonize import Daemonize
@ -48,6 +49,7 @@ def run_watcher(target_filename, default_domain, watch_file, service_pid):
    # initiate lease watcher and setup cache
    dhcpdleases = watchers.dhcpd.DHCPDLease(watch_file)
    cached_leases = dict()
+    hostname_pattern = re.compile("(?!-)[A-Z0-9-]*(?<!-)$", re.IGNORECASE)

    # start watching dhcp leases
    last_cleanup = time.time()
@ -56,10 +58,16 @@ def run_watcher(target_filename, default_domain, watch_file, service_pid):
        for lease in dhcpdleases.watch():
            if 'ends' in lease and lease['ends'] > time.time() \
                    and 'client-hostname' in lease and 'address' in lease and lease['client-hostname']:
-                address = ipaddress.ip_address(lease['address'])
-                lease['domain'] = default_domain
-                cached_leases[lease['address']] = lease
-                dhcpd_changed = True
+                if all(hostname_pattern.match(part) for part in lease['client-hostname'].strip().split('.')):
+                    address = ipaddress.ip_address(lease['address'])
+                    lease['domain'] = default_domain
+                    cached_leases[lease['address']] = lease
+                    dhcpd_changed = True
+                else:
+                    syslog.syslog(
+                        syslog.LOG_WARNING,
+                        "dhcpd leases: %s not a valid hostname, ignoring" % lease['client-hostname']
+                    )

        if time.time() - last_cleanup > cleanup_interval:
            # cleanup every x seconds
--- a/src/opnsense/scripts/dhcp/unbound_watcher.py
+++ b/src/opnsense/scripts/dhcp/unbound_watcher.py
@ -63,11 +63,6 @@ def unbound_control(commands, input=None, output_stream=None):
    if output_stream:
        output_stream.seek(0)

-def valid_hostname(hostname):
-    hostname = hostname.rstrip('.')
-    correct = re.compile("(?!-)[A-Z0-9-]{1,63}(?<!-)$", re.IGNORECASE)
-    return all(correct.match(part) for part in hostname.split('.'))
-
 class UnboundLocalData:
    def __init__(self):
        self._map_by_address = dict()
@ -141,6 +136,7 @@ def run_watcher(target_filename, default_domain, watch_file, config):
    dhcpdleases = watchers.dhcpd.DHCPDLease(watch_file)
    cached_leases = dict()
    unbound_local_data = UnboundLocalData()
+    hostname_pattern = re.compile("(?!-)[A-Z0-9-]*(?<!-)$", re.IGNORECASE)

    # start watching dhcp leases
    last_cleanup = time.time()
@ -149,7 +145,7 @@ def run_watcher(target_filename, default_domain, watch_file, config):
        for lease in dhcpdleases.watch():
            if 'ends' in lease and lease['ends'] > time.time() \
                    and 'client-hostname' in lease and 'address' in lease and lease['client-hostname']:
-                if valid_hostname(lease['client-hostname']):
+                if all(hostname_pattern.match(part) for part in lease['client-hostname'].strip().split('.')):
                    address = ipaddress.ip_address(lease['address'])
                    lease['domain'] = default_domain
                    for lease_config in lease_configs: