Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Sanitize the hostname and port number returned via DNS
  • Loading branch information
fmarier committed Jul 6, 2011
1 parent 93d2c52 commit 14b0c61
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion lib/Libravatar/URL.pm
Expand Up @@ -197,6 +197,19 @@ sub build_url {
return $url;
}

sub sanitize_target {
my ( $target, $port ) = @_;

unless ( $target =~ m/^[0-9a-zA-Z\-.]+$/ ) {
return ( undef, undef );
}
unless ( $port =~ m/^[0-9]{1,5}$/ ) {
return ( undef, undef );
}

return ( $target, $port )
}

sub federated_url {
my %args = @_;

Expand All @@ -215,7 +228,7 @@ sub federated_url {
my $packet = $fast_resolver->query($srv_prefix . '._tcp.' . $domain, 'SRV');

if ( $packet and $packet->answer ) {
my ( $target, $port ) = srv_hostname($packet->answer);
my ( $target, $port ) = sanitize_target(srv_hostname($packet->answer));
return build_url($target, $port, $args{https});
}
return undef;
Expand Down

0 comments on commit 14b0c61

Please sign in to comment.