From ac4440d4a63138528c87750f0500e38be1838fee Mon Sep 17 00:00:00 2001
From: MegaBrutal <code+git@megabrutal.com>
Date: Sat, 27 Apr 2024 20:30:00 +0200
Subject: [PATCH] check-blacklist.sh: Fix potential false positive

DiG might print error messages to stdout in case of errors, which
the script mistaken as legitimate responses. Now it checks the exit
code of DiG to avoid such situations.

This script is supposed to only return non-zero exit code when the
host is found to be on the blacklist, not for any other reasons,
so DNS failures are not reported as non-zero exit codes. Users of
this script should detect DNS errors by other means.

	modified:   host/check-blacklist.sh
---
 host/check-blacklist.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/host/check-blacklist.sh b/host/check-blacklist.sh
index 76c6e70..a00e018 100755
--- a/host/check-blacklist.sh
+++ b/host/check-blacklist.sh
@@ -10,9 +10,10 @@ END
 	exit 255
 fi
 
-ip=$(dig a "$1" +short)
-if [ -n "$ip" ]
+if ip=$(dig a "$1" +short) && [ -n "$ip" ]
 then
-	bl=$(dig a "$(printf "%s." "$ip" | tac -s.)$2" +short)
-	[ -n "$bl" ] && { echo "$ip is blacklisted."; exit 1; } || echo "$ip is not blacklisted."
+	bl=$(dig a "$(printf "%s." "$ip" | tac -s.)$2" +short) \
+		&& [ -n "$bl" ] && { echo "$ip is blacklisted ($bl)."; exit 1; } || echo "$ip is not blacklisted."
+else
+	echo "Could not resolve $1!"
 fi
-- 
2.43.0