Package: dnssec-tools Version: 1.7-3 Severity: important File: /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm Tags: patch
The DNSSEC tools in this package rely on Net::DNS::ZoneFile::Fast to parse zone master files. However, the regular expressions used in this Perl module fail to parse some valid domain labels, particularly those containing backslash escapes (\X or \DDD per RFC 1035 section 5.1). They also unnecessarily restrict the set of valid label characters; for example, they fail to parse labels containing commas, which might be used in some DNS-SD service names. The attached patch is an attempt to fix these problems. It greatly expands the set of allowable label characters, while also accepting backslash escapes. It also restructures the way the regular expressions are created, building on each other rather than repeating basic patterns. These changes appear to be sufficient for my needs, but I encourage someone to review them. In particular, rather than enumerating a set of valid label characters, I have instead forbidden those which separate labels from other labels or fields, or have special meaning within zone files. -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-openvz-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dnssec-tools depends on: ii bind9utils 1:9.7.3.dfsg-1~squeeze3 Utilities for BIND ii libnet-dns-perl 0.66-2 Perform DNS queries from a Perl sc ii libnet-dns-sec-p 0.16-1 DNSSEC extension to NET::DNS ii libtimedate-perl 1.2000-1 collection of modules to manipulat ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction Versions of packages dnssec-tools recommends: ii bind9 1:9.7.3.dfsg-1~squeeze3 Internet Domain Name Server dnssec-tools suggests no packages. -- no debconf information
--- /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm 2010-01-24 10:14:06.000000000 -0800 +++ Fast.pm 2011-09-24 15:25:29.000000000 -0700 @@ -52,9 +52,10 @@ my $pat_ttl = qr{\d+[\dwdhms]*}i; my $pat_skip = qr{\s*(?:;.*)?}; -my $pat_name = qr{[-\*\w\$\d\/*]+(?:\.[-\*\w\$\d\/]+)*}; -my $pat_maybefullname = qr{[-\w\$\d\/*]+(?:\.[-\w\$\d\/]+)*\.?}; -my $pat_maybefullnameorroot = qr{(?:\.|[-\w\$\d\/*]+(?:\.[-\w\$\d\/]+)*\.?)}; +my $pat_label = qr{(?:[^\s.\@\\();]|\\(?:\D|\d{3}))+}; +my $pat_name = qr{$pat_label(?:\.$pat_label)*}; +my $pat_maybefullname = qr{$pat_name\.?}; +my $pat_maybefullnameorroot = qr{(?:\.|$pat_maybefullname)}; my $debug; my $domain;