From ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af Mon Sep 17 00:00:00 2001 From: Fabian Mauchle Date: Tue, 4 May 2021 22:39:21 +0200 Subject: [PATCH] add result validation to dyndisc example scripts reported by Philipp Jeitner and Haya Shulman, Fraunhofer SIT --- tools/naptr-eduroam.sh | 40 ++++++++++++++++++++++++++-------------- tools/radsec-dynsrv.sh | 20 ++++++++++++++++---- 2 files changed, 42 insertions(+), 18 deletions(-) diff --git a/tools/naptr-eduroam.sh b/tools/naptr-eduroam.sh index e310812..5402d18 100755 --- a/tools/naptr-eduroam.sh +++ b/tools/naptr-eduroam.sh @@ -19,41 +19,53 @@ DIGCMD=$(command -v dig) HOSTCMD=$(command -v host) PRINTCMD=$(command -v printf) +validate_host() { + echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$' +} + +validate_port() { + echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$' +} + dig_it_srv() { ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 | while read line; do - set $line ; PORT=$3 ; HOST=$4 - $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4) + if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then + $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + fi done } dig_it_naptr() { ${DIGCMD} +short naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k1 | while read line; do - set $line ; TYPE=$3 ; HOST=$6 - if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then - SRV_HOST=${HOST%.} - dig_it_srv - fi + set $line ; TYPE=$3 ; HOST=$(validate_host $6) + if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n "${HOST}" ]; then + SRV_HOST=${HOST%.} + dig_it_srv + fi done } host_it_srv() { ${HOSTCMD} -t srv $SRV_HOST | sort -n -k5 | while read line; do - set $line ; PORT=$7 ; HOST=$8 - $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8) + if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then + $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + fi done } host_it_naptr() { ${HOSTCMD} -t naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k5 | while read line; do - set $line ; TYPE=$7 ; HOST=${10} - if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then - SRV_HOST=${HOST%.} - host_it_srv - fi + set $line ; TYPE=$7 ; HOST=$(validate_host ${10}) + if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n "${HOST}" ]; then + SRV_HOST=${HOST%.} + host_it_srv + fi done } diff --git a/tools/radsec-dynsrv.sh b/tools/radsec-dynsrv.sh index 2eff080..68bb5ba 100755 --- a/tools/radsec-dynsrv.sh +++ b/tools/radsec-dynsrv.sh @@ -19,19 +19,31 @@ DIGCMD=$(command -v digaaa) HOSTCMD=$(command -v host) PRINTCMD=$(command -v printf) +validate_host() { + echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$' +} + +validate_port() { + echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$' +} + dig_it() { ${DIGCMD} +short srv _radsec._tcp.${REALM} | sort -n -k1 | while read line ; do - set $line ; PORT=$3 ; HOST=$4 - $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4) + if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then + $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + fi done } host_it() { ${HOSTCMD} -t srv _radsec._tcp.${REALM} | sort -n -k5 | while read line ; do - set $line ; PORT=$7 ; HOST=$8 - $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8) + if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then + $PRINTCMD "\thost ${HOST%.}:${PORT}\n" + fi done }