Author: Fabian Mauchle <fabian.mauchle@switch.ch>
Last-Update: 2021-05-04
Description: add result validation to dyndisc example scripts

Original Commit ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af Mon Sep 17 00:00:00 2001
reported by Philipp Jeitner and Haya Shulman, Fraunhofer SIT

---
 tools/naptr-eduroam.sh | 40 ++++++++++++++++++++++++++--------------
 tools/radsec-dynsrv.sh | 20 ++++++++++++++++----
 2 files changed, 42 insertions(+), 18 deletions(-)

diff --git a/tools/naptr-eduroam.sh b/tools/naptr-eduroam.sh
index e310812..5402d18 100755
--- a/tools/naptr-eduroam.sh
+++ b/tools/naptr-eduroam.sh
@@ -19,41 +19,53 @@ DIGCMD=$(command -v dig)
 HOSTCMD=$(command -v host)
 PRINTCMD=$(command -v printf)
 
+validate_host() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
+}
+
+validate_port() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
+}
+
 dig_it_srv() {
     ${DIGCMD} +short srv $SRV_HOST | sort -n -k1 |
     while read line; do
-	set $line ; PORT=$3 ; HOST=$4
-	$PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+        set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
+        if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
+            $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+        fi
     done
 }
 
 dig_it_naptr() {
     ${DIGCMD} +short naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k1 |
     while read line; do
-	set $line ; TYPE=$3 ; HOST=$6
-	if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
-	    SRV_HOST=${HOST%.}
-	    dig_it_srv
-	fi
+        set $line ; TYPE=$3 ; HOST=$(validate_host $6)
+        if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n "${HOST}" ]; then
+            SRV_HOST=${HOST%.}
+            dig_it_srv
+        fi
     done
 }
 
 host_it_srv() {
     ${HOSTCMD} -t srv $SRV_HOST | sort -n -k5 |
     while read line; do
-	set $line ; PORT=$7 ; HOST=$8 
-	$PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+        set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8) 
+        if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
+            $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+        fi
     done
 }
 
 host_it_naptr() {
     ${HOSTCMD} -t naptr ${REALM} | grep x-eduroam:radius.tls | sort -n -k5 |
     while read line; do
-	set $line ; TYPE=$7 ; HOST=${10}
-	if [ "$TYPE" = "\"s\"" -o "$TYPE" = "\"S\"" ]; then
-	    SRV_HOST=${HOST%.}
-	    host_it_srv
-	fi
+        set $line ; TYPE=$7 ; HOST=$(validate_host ${10})
+        if ( [ "$TYPE" = "\"s\"" ] || [ "$TYPE" = "\"S\"" ] ) && [ -n "${HOST}" ]; then
+            SRV_HOST=${HOST%.}
+            host_it_srv
+        fi
     done
 }
 
diff --git a/tools/radsec-dynsrv.sh b/tools/radsec-dynsrv.sh
index 2eff080..68bb5ba 100755
--- a/tools/radsec-dynsrv.sh
+++ b/tools/radsec-dynsrv.sh
@@ -19,19 +19,31 @@ DIGCMD=$(command -v digaaa)
 HOSTCMD=$(command -v host)
 PRINTCMD=$(command -v printf)
 
+validate_host() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[_0-9a-zA-Z][-._0-9a-zA-Z]*$'
+}
+
+validate_port() {
+         echo ${@} | tr -d '\n\t\r' | grep -E '^[0-9]+$'
+}
+
 dig_it() {
    ${DIGCMD} +short srv _radsec._tcp.${REALM} | sort -n -k1 |
    while read line ; do
-      set $line ; PORT=$3 ; HOST=$4 
-      $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+      set $line ; PORT=$(validate_port $3) ; HOST=$(validate_host $4)
+      if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then 
+         $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+      fi
    done
 }
 
 host_it() {
    ${HOSTCMD} -t srv _radsec._tcp.${REALM} | sort -n -k5 |
    while read line ; do
-      set $line ; PORT=$7 ; HOST=$8 
-      $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+      set $line ; PORT=$(validate_port $7) ; HOST=$(validate_host $8) 
+      if [ -n "${HOST}" ] && [ -n "${PORT}" ]; then
+         $PRINTCMD "\thost ${HOST%.}:${PORT}\n"
+      fi
    done
 }
 
