The redmine is extremely slow right now and I don't think I have an account so I've given up waiting for it. Here's a patch created against 1.2.3-RC2, but applies cleanly to my 2.0-ALPHA box as well. Works on both. Simple enough.
Keenan Chris Buechler wrote: > Yeah it assumes if the file is downloaded successfully that it's legit > data. First I've heard of anyone running into something like this, we > should have more verification on that file though. > http://redmine.pfsense.org/issues/show/183
*** rc.update_bogons.sh.old Fri Nov 27 00:43:59 2009 --- rc.update_bogons.sh Fri Nov 27 01:00:44 2009 *************** *** 4,9 **** --- 4,11 ---- # Part of the pfSense project # www.pfsense.com + BOGONS_URL="http://files.pfsense.org/bogon-bn-nonagg.txt"; + echo "rc.update_bogons.sh is starting up." | logger # Grab a random value *************** *** 17,31 **** echo "rc.update_bogons.sh is beginning the update cycle." | logger /etc/rc.conf_mount_rw ! /usr/bin/fetch -q -o /tmp/bogons "http://files.pfsense.org/bogon-bn-nonagg.txt"; if [ ! -f /tmp/bogons ]; then ! echo "Could not download http://files.pfsense.org/bogon-bn-nonagg.txt"; | logger # Relaunch and sleep sh /etc/rc.update_bogons.sh & exit fi egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1` rm /tmp/bogons ! echo "Bogons file downloaded: $RESULT" | logger --- 19,46 ---- echo "rc.update_bogons.sh is beginning the update cycle." | logger /etc/rc.conf_mount_rw ! /usr/bin/fetch -q -o /tmp/bogons "$BOGONS_URL" if [ ! -f /tmp/bogons ]; then ! echo "Could not download $BOGONS_URL" | logger # Relaunch and sleep sh /etc/rc.update_bogons.sh & exit fi + + # Find any lines that aren't a valid CIDR + egrep -v '^[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]/[0-9][0-9]?$' /tmp/bogons > /dev/null 2>&1 + + if [ $? -eq 0 ]; then + echo "Retrieved invalid bogons file from ${BOGONS_URL}." | logger + # Relaunch and sleep + sh /etc/rc.update_bogons.sh & + exit + fi + + # Count lines that are a valid CIDR egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1` rm /tmp/bogons ! valid_lines=`egrep '^[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]/[0-9][0-9]?$' /etc/bogons | wc -l` ! echo "Bogons file downloaded containing $valid_lines prefixes: $RESULT" | logger
signature.asc
Description: OpenPGP digital signature
