Pihole checkout core release/v5.0 : ERROR

Hi, I get an error, unable to complete update, please contact support. Last lines shown below.


 [i] Target: https://dbs.oisd.nl
  [✓] Status: Retrieval successful
  [i] Adding adlist with ID 42 to database table...
  [✗] Unable to fill table gravity in database /etc/pihole/gravity.db
  /tmp/tmp.oHouQjZqDq.gravity:88: unescaped " character
/tmp/tmp.oHouQjZqDq.gravity:88: unescaped " character
/tmp/tmp.oHouQjZqDq.gravity:2: unterminated "-quoted field
/tmp/tmp.oHouQjZqDq.gravity:2: expected 2 columns but found 1 - filling the rest with NULL
/tmp/tmp.oHouQjZqDq.gravity:2: INSERT failed: NOT NULL constraint failed: gravity.adlist_id
  [✓] Cleaning up stray matter
  [✓] DNS service is running
  [✓] Pi-hole blocking is Enabled
   Error: Unable to complete update, please contact support

When I run a debug I also get an error, that it's not able to upload the debug log:


[✓] ** FINISHED DEBUGGING! **

    * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only.
    * For more information, see: https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/
    * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat.
[i] Debug script running in automated mode
    * Using curl for transmission.
[✗]  There was an error uploading your debug log.
   * Please try again or contact the Pi-hole team for assistance.
   * A local copy of the debug log can be found at: /var/log/pihole_debug.log

Try running the debug command again.

It worked!

[✓] Your debug token is: https://tricorder.pi-hole.net/n4xstj4uiv

Thanks very much.

https://dbs.oisd.nl is not a valid blocklist. That redirects to reddit.

curl -I https://dbs.oisd.nl
HTTP/2 302
date: Mon, 20 Jan 2020 10:11:12 GMT
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains; preload
referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
location: https://www.reddit.com/comments/dwxgld/
content-type: text/html; charset=UTF-8

Thanks very much ... (slapping palm to forehead) ... it works now!

Hey, i just saw this post and if your interrested, the Blocklist your probably looking for is: https://dbl.oisd.nl/

1 Like

Is that not the same URL the OP posted above?

No, the one from OP is dbS this one is dbL. If used in Pihole it redirects right as far as i can see. I have it like that in my list and it works.

Excuse me whilst I clean my glasses....

All good Sir :smiley:

You're right - thanks!

We should do something to detect malicious stuff before trying to add or to the database (even if it cannot hurt anyone by construction). I'll think about it over the day if noone beats me to it.

How can we do that though? We just see the contents of the URL, if we get in to sanitizing things then we just replicate the mess that is in the current code that tries to filter out domain names from content.

We could reject anything that contains a non-domain name character, but then we have to account for comments and IP addresses. I don't know of a non-trivial way to detect if the content is in hosts format or not.

You're right. The current issue seem to be caused by quotation marks being in the string that is tried to be added by the INSERT:

I think we'd need to check for absence of these characters:

" ' ,

However, I can also see why this could be considered a bandaid fix... I'll think about it some more.

I don't think there is much to do beyond sanitizing for sql injections or exploits.

In this case it may be something to catch errors and if one happens then output something about an invalid list, list skipped, check your input...