malformed list is naively accepted, in some cases problematically
rwv37 opened this issue · 2 comments
This morning, I woke up to find that none of my computers could get to the internet.
Just to remind you of a bit of background info: About a year ago, I noticed that the file "mdl_void_hosts.txt" was (essentially) empty. This didn't seem to cause any issues, but looking into it a little more I found that the website it was being pulled from was no longer maintained. So, I suggested here that maybe void-zone-tools shouldn't pull from there anymore at all, and you then updated void-zone-tools so that it doesn't.
Back to this morning: I found that my internet problems were really DNS problems, and narrowed it down to my unbound server, which was not running. Upon trying to start it up, it complained about syntax errors, and immediately shut itself down because of them. These syntax errors were coming from within the void hosts list file. The problematic lines looked like snippets of HTML and/or Javascript. I found that these were coming from mdl_void_hosts.txt, which had been updated while I was asleep.
That was surprising, as you had updated void-zones-tools so that it no longer used that file. Turns out, that change never made it into the FreeBSD version of void-zones-tools. I have submitted a bug report on FreeBSD's bugzilla, so hopefully they'll soon update from upstream, and this will no longer be an issue.
However, even if they do, that still leaves that void-zones-tools is accepting whatever it gets from its sources, without bothering to check that it's actually a void zones list, potentially resulting in serious issues (such as happened to me here), so I thought I should report it to you as well.
Oh, and I left out one thing: The reason why this suddenly became problematic this morning is that the site in question, malwaredomainlist.com, is now no longer serving the essentially empty list it had been serving. Instead, it's now a domain parking page, and the HTML source of that domain parking page is what void-zone-tools is inappropriately treating as if it were a void zones list.