Call for inncheck testing

Florian Schlichting fschlich at CIS.FU-Berlin.DE
Sat Jul 9 00:41:56 UTC 2011 

On Thu, Jul 07, 2011 at 02:06:31PM +0200, Gunther Nitzsche wrote:
> /usr/local/news/etc/readers.conf:150: not a valid list of hostnames or
> netblocks: '192.109.14.*,193.254.23[89].*, ...
> /usr/local/news/etc/readers.conf:156: not a valid list of hostnames or
> netblocks: '194.8.19[2-9].*,194.8.2[01][0-9].* ...

that was useful to remind me that I need to work on the wildmat pattern,
and also on IPv6 more generally:

--- a/scripts/inncheck.in
+++ b/scripts/inncheck.in
@@ -164,15 +164,19 @@ get_config_word
 
 ##  Build regular expressions used for checking configuration values.
 my $dot = '\.';
+my $wildmat = '\[\]\*\?-'; # anybody needing ^ ! @ ??
 my $ip = '(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})';
 my $ipv4 = "$ip$dot$ip$dot$ip$dot$ip";
 my $ipv4_cidr = "$ip(?:$dot$ip){0,3}\\/[1-3]?\\d";
-my $ipv4_wildmat = '[\d\[\]\*]+(?:\.[\d\[\]\*]+){0,3}';
-my $ipv6 = '[\da-fA-F:.]+'; # e.g. ::ffff:192.168.0.10
-my $ipv6_cidr = '[\da-f:.]+(?:\\/1?\d?\d)?'; # matches $ipv6 as well
+my $ipv4_wildmat = "[\\d$wildmat]+(?:$dot\[\\d$wildmat\]+){0,3}";
+my $ip6 = '\da-fA-F:';
+my $ipv6 = "[$ip6]+(?:$ipv4)?"; # e.g. ::ffff:192.168.0.10
+my $ipv6_cidr = "[$ip6]+\\/1?\\d?\\d";
+my $ipv6_wildmat = "[$ip6$wildmat]+";
 my $hostname = '[\w-]+|[\w.-]+\.[a-zA-Z]{2,}'; # hostname, FQDN
+my $hostname_wildmat = '(?:[-\w\[\]\*\?]+\.)?'."(?:$hostname)"; # Assumption:  wildmat chars only in leftmost subdomain part
 my $hostnameRE = "(?:$hostname|$ipv4|$ipv6)";
-my $hostblockRE = '(?:(?:[-\w\[\]\*\?]+\.)?'."(?:$hostname)|$ipv4_wildmat|$ipv4_cidr|$ipv6_cidr)"; # Assumption:  wildmat chars only in leftmost subdomain part
+my $hostblockRE = "(?:$hostname_wildmat|$ipv4_cidr|$ipv4_wildmat|$ipv6|$ipv6_cidr|$ipv6_wildmat)";
 my %type_regex = (
     'boolean'                           => '^(?:true|false)$', # innfeed.conf doesn't allow other
     'floating-point number'             => '^\d+\.\d+$',       # no exponents


Julien, if you feel anybody might possibly use ^, ! or @ in an IP
address wildmat, by all means just add it to $wildmat. You're absolutely
right saying we should avoid false positives - when I think about those
expressions I always try to narrow them in order to be useful, but it's
probably way too complicated and only causes harm when it's too
restrictive.

BTW, in the other perl scripts I eliminated perl4-style subroutine calls
with &function; for some reason I forgot to do that to inncheck:

--- a/scripts/inncheck.in
+++ b/scripts/inncheck.in
@@ -369,7 +369,7 @@ control_ctl
     my ($msg, $from, $ng, $act);
 
     input: while ( <$IN> ) {
-	next input if &spacious($file, ++$line);
+	next input if spacious($file, ++$line);
 
         if (/^\/localencoding\//) {
             unless ( ($msg, $act) =
@@ -423,7 +423,7 @@ expire_ctl
     $groupbaseexpiry = $INN::Config::groupbaseexpiry;
     $groupbaseexpiry =~ tr/A-Z/a-z/;
     input: while ( <$IN> ) {
-	next input if &spacious($file, ++$line);
+	next input if spacious($file, ++$line);
 
 	if ( ($v) = m@/remember/:(.+)@ ) {
 	    eprint "$file:$line: more than one /remember/ line.\n"
@@ -653,7 +653,7 @@ moderators
     my ($k, $v);
 
     input: while ( <$IN> ) {
-	next input if &spacious($file, ++$line);
+	next input if spacious($file, ++$line);
 
 	unless ( ($k, $v) = /^([^:]+):(.+)$/ ) {
 	    eprint "$file:$line: malformed line.\n";
@@ -871,7 +871,7 @@ nntpsend_ctl
     my ($site, $fqdn, $flags, $f, $v);
 
     input: while ( <$IN> ) {
-	next input if &spacious($file, ++$line);
+	next input if spacious($file, ++$line);
 
 	##  Ignore the size info for now.
 	unless ( ($site, $fqdn, $flags) =
@@ -906,7 +906,7 @@ passwd_nntp
     my ($name, $pass);
 
     input: while ( <$IN> ) {
-	next input if &spacious($file, ++$line);
+	next input if spacious($file, ++$line);
 
 	unless ( ($name, $pass) = /[\w\-\.]+:([^:]*):([^:]*)(:authinfo)?$/ ) {
 	    eprint "$file:$line: malformed line.\n";
@@ -1143,35 +1143,35 @@ check_all_perms
     my ($newsbin) = $paths{'newsbin'};
 
     foreach ( @directories ) {
-	&checkperm($paths{$_}, [0755, 0775]);
+	checkperm($paths{$_}, [0755, 0775]);
     }
-    &checkperm($paths{'innddir'}, [0750, 0775]);
-    &checkperm($paths{'innbind'}, [04500, 04550], 'root', $INN::Config::runasgroup);
+    checkperm($paths{'innddir'}, [0750, 0775]);
+    checkperm($paths{'innbind'}, [04500, 04550], 'root', $INN::Config::runasgroup);
     foreach ( keys %prog_modes ) {
-	&checkperm($paths{$_}, $prog_modes{$_});
+	checkperm($paths{$_}, $prog_modes{$_});
     }
     foreach ( keys %paths ) {
-	&checkperm($paths{$_}, $modes{$_})
+	checkperm($paths{$_}, $modes{$_})
 	    if defined $modes{$_};
     }
-    &checkperm($paths{'history'}, [0600, $INN::Config::filemode]);
+    checkperm($paths{'history'}, [0600, $INN::Config::filemode]);
     # Commented out for now since it depends on the history type.
-    #&checkperm($paths{'history'} . ".dir", [0600, $INN::Config::filemode]);
-    #&checkperm($paths{'history'} . ".index", [0600, $INN::Config::filemode]);
-    #&checkperm($paths{'history'} . ".hash", [0600, $INN::Config::filemode]);
+    #checkperm($paths{'history'} . ".dir", [0600, $INN::Config::filemode]);
+    #checkperm($paths{'history'} . ".index", [0600, $INN::Config::filemode]);
+    #checkperm($paths{'history'} . ".hash", [0600, $INN::Config::filemode]);
     foreach ( @newsbin_private ) {
-	&checkperm("$newsbin/$_", [0500, 0550]);
+	checkperm("$newsbin/$_", [0500, 0550]);
     }
     foreach ( @newsbin_public ) {
-	&checkperm("$newsbin/$_", [0500, 0555]);
+	checkperm("$newsbin/$_", [0500, 0555]);
     }
     foreach ( @rnews_programs ) {
-	&checkperm("$rnewsprogs/$_", [0500, 0555]);
+	checkperm("$rnewsprogs/$_", [0500, 0555]);
     }
 
     ##  Also make sure that @rnews_programs are the *only* programs in there;
     ##  anything else is probably someone trying to spoof rnews into being bad.
-    &intersect($rnewsprogs, @rnews_programs);
+    intersect($rnewsprogs, @rnews_programs);
 
     return;
 }
@@ -1230,7 +1230,7 @@ arg: foreach ( @ARGV ) {
     push(@todo, $_);
 }
 
-&Usage("Can't use `--fix' without `--perm'")
+Usage("Can't use `--fix' without `--perm'")
     if $fix && $perms < 1;
 $pfx = $fix ? '# ' : '';
 
@@ -1249,13 +1249,13 @@ action: foreach my $workfile ( @todo ) {
 	eprint "$pfx$workfile:0: can't open $!\n";
 	next action;
     }
-    &checkperm($file, $modes{$workfile})
+    checkperm($file, $modes{$workfile})
 	if $perms == -1 && defined $modes{$workfile};
     $line = 0;
     $checklist{$workfile}();
     close($IN);
 }
 
-&check_all_perms()
+check_all_perms()
     if $perms == 1;
 exit($exitval);


Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5557 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20110709/f2dafbc1/attachment.bin>

More information about the inn-workers mailing list