Validate hostnames before accepting a new peer

Don't retain non-public addresses

Closes #157

lib/peer.py

@@ -28,7 +28,7 @@
 import re
 from ipaddress import ip_address
 
-from lib.util import cachedproperty
+from lib.util import cachedproperty, is_valid_hostname
 
 
 class Peer(object):
@@ -144,7 +144,7 @@ class Peer(object):
         if ip:
             return ((ip.is_global or ip.is_private)
                     and not (ip.is_multicast or ip.is_unspecified))
-        return True
+        return is_valid_hostname(self.host)
 
     @cachedproperty
     def is_public(self):
@@ -152,7 +152,7 @@ class Peer(object):
         if ip:
             return self.is_valid and not ip.is_private
         else:
-            return self.host != 'localhost'
+            return self.is_valid and self.host != 'localhost'
 
     @cachedproperty
     def ip_address(self):

lib/util.py

@@ -31,6 +31,7 @@ import array
 import inspect
 from ipaddress import ip_address
 import logging
+import re
 import sys
 from collections import Container, Mapping
 
@@ -241,3 +242,13 @@ def address_string(address):
         if host.version == 6:
             fmt = '[{}]:{:d}'
     return fmt.format(host, port)
+
+# See http://stackoverflow.com/questions/2532053/validate-a-hostname-string
+SEGMENT_REGEX = re.compile("(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE)
+def is_valid_hostname(hostname):
+    if len(hostname) > 255:
+        return False
+    # strip exactly one dot from the right, if present
+    if hostname[-1] == ".":
+        hostname = hostname[:-1]
+    return all(SEGMENT_REGEX.match(x) for x in hostname.split("."))

server/peers.py

@@ -277,7 +277,7 @@ class PeerManager(util.LoggedClass):
         retry = False
         new_peers = []
         for peer in peers:
-            if not peer.is_valid:
+            if not peer.is_public:
                 continue
             matches = peer.matches(self.peers)
             if not matches: