Skip to content

Commit 31e56ed

Browse files
DerDreschnerDerDreschner
committed
fix(DnsPinning): Ensure to always lookup based on FQDN
Signed-off-by: David Dreschner <david.dreschner@nextcloud.com>
1 parent 753e6ee commit 31e56ed

File tree

2 files changed

+9
-8
lines changed

2 files changed

+9
-8
lines changed

lib/private/Http/Client/DnsPinMiddleware.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ private function dnsResolve(string $target, int $recursionCount) : array {
5252
$recursionCount++;
5353
$targetIps = [];
5454

55+
$target = str_ends_with($target, '.') ? $target : "$target.";
5556
$soaDnsEntry = $this->soaRecord($target);
5657
$dnsNegativeTtl = $soaDnsEntry['minimum-ttl'] ?? null;
5758
$canHaveCnameRecord = true;

tests/lib/Http/Client/DnsPinMiddlewareTest.php

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ static function (RequestInterface $request, array $options) {
6161
->method('dnsGetRecord')
6262
->willReturnCallback(function (string $hostname, int $type) {
6363
// example.com SOA
64-
if ($hostname === 'example.com') {
64+
if ($hostname === 'example.com.') {
6565
return match ($type) {
6666
DNS_SOA => [
6767
[
@@ -76,7 +76,7 @@ static function (RequestInterface $request, array $options) {
7676
}
7777

7878
// example.com A, AAAA, CNAME
79-
if ($hostname === 'www.example.com') {
79+
if ($hostname === 'www.example.com.') {
8080
return match ($type) {
8181
DNS_A => [],
8282
DNS_AAAA => [],
@@ -154,7 +154,7 @@ static function (RequestInterface $request, array $options) {
154154
->method('dnsGetRecord')
155155
->willReturnCallback(function (string $hostname, int $type) {
156156
// example.com SOA
157-
if ($hostname === 'example.com') {
157+
if ($hostname === 'example.com.') {
158158
return match ($type) {
159159
DNS_SOA => [
160160
[
@@ -169,7 +169,7 @@ static function (RequestInterface $request, array $options) {
169169
}
170170

171171
// example.com A, AAAA, CNAME
172-
if ($hostname === 'www.example.com') {
172+
if ($hostname === 'www.example.com.') {
173173
return match ($type) {
174174
DNS_A => [],
175175
DNS_AAAA => [],
@@ -378,7 +378,7 @@ static function (RequestInterface $request, array $options): void {
378378
->method('dnsGetRecord')
379379
->willReturnCallback(function (string $hostname, int $type) {
380380
// example.com SOA
381-
if ($hostname === 'example.com') {
381+
if ($hostname === 'example.com.') {
382382
return match ($type) {
383383
DNS_SOA => [
384384
[
@@ -393,7 +393,7 @@ static function (RequestInterface $request, array $options): void {
393393
}
394394

395395
// example.com A, AAAA, CNAME
396-
if ($hostname === 'www.example.com') {
396+
if ($hostname === 'www.example.com.') {
397397
return match ($type) {
398398
DNS_A => [],
399399
DNS_AAAA => [],
@@ -496,7 +496,7 @@ static function (RequestInterface $request, array $options): void {
496496
$dnsQueries[] = $hostname . $type;
497497

498498
// example.com SOA
499-
if ($hostname === 'example.com') {
499+
if ($hostname === 'example.com.') {
500500
return match ($type) {
501501
DNS_SOA => [
502502
[
@@ -511,7 +511,7 @@ static function (RequestInterface $request, array $options): void {
511511
}
512512

513513
// example.net A, AAAA, CNAME
514-
if ($hostname === 'subsubdomain.subdomain.example.com') {
514+
if ($hostname === 'subsubdomain.subdomain.example.com.') {
515515
return match ($type) {
516516
DNS_A => [
517517
[

0 commit comments

Comments
 (0)