From 8c511a19e9ba121e6dcf0066c4d94019ab6b01f7 Mon Sep 17 00:00:00 2001
From: z3APA3A <3APA3A@3proxy.ru>
Date: Thu, 6 Aug 2020 17:56:28 +0300
Subject: [PATCH] Do not resolve hostname to IP on ACL destination

---
 src/common.c | 70 ++++++++++++++++++++++++++++++----------------------
 src/proxy.h  |  1 +
 2 files changed, 42 insertions(+), 29 deletions(-)

diff --git a/src/common.c b/src/common.c
index 1be40a3..a859d3a 100644
--- a/src/common.c
+++ b/src/common.c
@@ -861,11 +861,42 @@ unsigned long getip(unsigned char *name){
 }
 #endif
 
+int afdetect(unsigned char *name){
+	int ndots=0, ncols=0, nhex=0;
+	int i;
+
+	for(i=0; name[i]; i++){
+		if(name[i] == '.'){
+			if(++ndots > 3) {
+				return -1;
+			}
+		}
+		else if(name[i] == ':'){
+			if(++ncols > 7) {
+				return -1;
+			}
+		}
+		else if(name[i] == '%' || (name[i] >= 'a' && name[i] <= 'f') || (name[i] >= 'A' && name[i] <= 'F')){
+			nhex++;
+		}
+		else if(name[i] <'0' || name[i] >'9') {
+				return -1;
+		}
+	}
+	if(ndots == 3 && ncols == 0 && nhex == 0){
+		return AF_INET;
+	}
+	if(ncols >= 2) {
+		return AF_INET6;
+	}
+	return -1;
+
+}
+
 unsigned long getip46(int family, unsigned char *name,  struct sockaddr *sa){
 #ifndef NOIPV6
-	int ndots=0, ncols=0, nhex=0;
+	int detect;
 	struct addrinfo *ai, hint;
-	int i;
         RESOLVFUNC tmpresolv;
 
 	if(!sa) return 0;
@@ -877,34 +908,15 @@ unsigned long getip46(int family, unsigned char *name,  struct sockaddr *sa){
 #endif
 #ifndef NOIPV6
 	}
-	for(i=0; name[i]; i++){
-		if(name[i] == '.'){
-			if(++ndots > 3) {
-				break;
-			}
-		}
-		else if(name[i] == ':'){
-			if(++ncols > 7) {
-				break;
-			}
-		}
-		else if(name[i] == '%' || (name[i] >= 'a' && name[i] <= 'f') || (name[i] >= 'A' && name[i] <= 'F')){
-			nhex++;
-		}
-		else if(name[i] <'0' || name[i] >'9') {
-			break;
-		}
-	}
-	if(!name[i]){
-		if(ndots == 3 && ncols == 0 && nhex == 0){
-			*SAFAMILY(sa)=(family == 6)?AF_INET6 : AF_INET;
-			return inet_pton(*SAFAMILY(sa), (char *)name, SAADDR(sa))? *SAFAMILY(sa) : 0; 
-		}
-		if(ncols >= 2) {
-			*SAFAMILY(sa)=AF_INET6;
-			return inet_pton(AF_INET6, (char *)name, SAADDR(sa))?(family==4? 0:AF_INET6) : 0;
-		}
+
+	detect = afdetect(name);
+	if(detect != -1){
+		if(family == 4 && detect != 4) return 0;
+		*SAFAMILY(sa) = (family == 6)? AF_INET6 : detect;
+		return inet_pton(*SAFAMILY(sa), (char *)name, SAADDR(sa))? *SAFAMILY(sa) : 0; 
 	}
+
+
 	if((tmpresolv = resolvfunc)){
 		int f = (family == 6 || family == 64)?AF_INET6:AF_INET;
 		*SAFAMILY(sa) = f;
diff --git a/src/proxy.h b/src/proxy.h
index 34e29e2..b09c901 100644
--- a/src/proxy.h
+++ b/src/proxy.h
@@ -196,6 +196,7 @@ extern struct nserver nservers[MAXNSERVERS];
 extern struct nserver authnserver;
 unsigned long getip(unsigned char *name);
 unsigned long getip46(int family, unsigned char *name,  struct sockaddr *sa);
+int afdetect(unsigned char *name);
 unsigned long myresolver(int, unsigned char *, unsigned char *);
 unsigned long fakeresolver (int, unsigned char *, unsigned char*);
 int inithashtable(struct hashtable *hashtable, unsigned nhashsize);