Package: dnssec-tools
Version: 1.7-3
Severity: important
File: /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm
Tags: patch
The DNSSEC tools in this package rely on Net::DNS::ZoneFile::Fast to parse
zone master files. However, the regular expressions used in this Perl module
fail to parse some valid domain labels, particularly those containing
backslash escapes (\X or \DDD per RFC 1035 section 5.1). They also
unnecessarily restrict the set of valid label characters; for example, they
fail to parse labels containing commas, which might be used in some DNS-SD
service names.
The attached patch is an attempt to fix these problems. It greatly expands
the set of allowable label characters, while also accepting backslash
escapes. It also restructures the way the regular expressions are created,
building on each other rather than repeating basic patterns.
These changes appear to be sufficient for my needs, but I encourage someone
to review them. In particular, rather than enumerating a set of valid label
characters, I have instead forbidden those which separate labels from other
labels or fields, or have special meaning within zone files.
-- System Information:
Debian Release: 6.0.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-openvz-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dnssec-tools depends on:
ii bind9utils 1:9.7.3.dfsg-1~squeeze3 Utilities for BIND
ii libnet-dns-perl 0.66-2 Perform DNS queries from a Perl sc
ii libnet-dns-sec-p 0.16-1 DNSSEC extension to NET::DNS
ii libtimedate-perl 1.2000-1 collection of modules to manipulat
ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction
Versions of packages dnssec-tools recommends:
ii bind9 1:9.7.3.dfsg-1~squeeze3 Internet Domain Name Server
dnssec-tools suggests no packages.
-- no debconf information
--- /usr/share/perl5/Net/DNS/ZoneFile/Fast.pm 2010-01-24 10:14:06.000000000
-0800
+++ Fast.pm 2011-09-24 15:25:29.000000000 -0700
@@ -52,9 +52,10 @@
my $pat_ttl = qr{\d+[\dwdhms]*}i;
my $pat_skip = qr{\s*(?:;.*)?};
-my $pat_name = qr{[-\*\w\$\d\/*]+(?:\.[-\*\w\$\d\/]+)*};
-my $pat_maybefullname = qr{[-\w\$\d\/*]+(?:\.[-\w\$\d\/]+)*\.?};
-my $pat_maybefullnameorroot = qr{(?:\.|[-\w\$\d\/*]+(?:\.[-\w\$\d\/]+)*\.?)};
+my $pat_label = qr{(?:[^\s.\@\\();]|\\(?:\D|\d{3}))+};
+my $pat_name = qr{$pat_label(?:\.$pat_label)*};
+my $pat_maybefullname = qr{$pat_name\.?};
+my $pat_maybefullnameorroot = qr{(?:\.|$pat_maybefullname)};
my $debug;
my $domain;
