Bug #65478 [Opn]: Multi-string DNS records obtained with dns_get_record contain nulls

marcus at synchromedia dot co dot uk Mon, 19 Aug 2013 11:58:02 -0700

Edit report at https://bugs.php.net/bug.php?id=65478&edit=1


 ID:                 65478
 User updated by:    marcus at synchromedia dot co dot uk
 Reported by:        marcus at synchromedia dot co dot uk
 Summary:            Multi-string DNS records obtained with
                     dns_get_record contain nulls
 Status:             Open
 Type:               Bug
 Package:            Network related
 Operating System:   OS X
 PHP Version:        5.4.18
 Block user comment: N
 Private report:     N

 New Comment:

I've been playing with this some more and discovered it's not quite consistent. 
The concat character seems not to be always null - I've also seen '/' and 'a'. 
I've found a more reliable workaround is to implode the 'entries' array and 
ignore 
the txt response.


Previous Comments:
------------------------------------------------------------------------
[2013-08-19 16:53:44] marcus at synchromedia dot co dot uk

Description:
------------
RFC4408 (SPF records in DNS) http://www.ietf.org/rfc/rfc4408.txt section 3.1.3 
mentions the likely use of RFC1035's provision to allow a DNS record to contain 
more 
than one string. Specifically it says:

For example:

      IN TXT "v=spf1 .... first" "second string..."

   MUST be treated as equivalent to

      IN TXT "v=spf1 .... firstsecond string..."

PHP's dns_get_record function does NOT work this way - it concatenates the 
strings, 
but inserts a null (\0) character between them, so in this example it would 
produce 
this string:

  IN TXT "v=spf1 .... first\0second string..."

This is enough to break things like DKIM. The example code uses the DKIM key 
for 
google groups.

Notice that the string length in the actual result is off by one: the two 
entries 
are 183 and 218 chars, which should give 401 when concatenated, but there are 
402 
chars in the result. The '\0' is visible in this result, but in some 
circumstances 
it may not be visible. I've seen this behaviour on all platforms (OS X, Linux) 
and 
versions (5.3, 5.4) I've tried.

A workaround is to strip the null from the resource record:

$rr = str_replace("\0", '', $rr);

The returned value from the dns_get_record includes the original separate 
strings 
under the 'entries' key, so there's no benefit in keeping the nulls for the 
purpose 
of being able to separate the strings.

This bug is related to bug #54821, but is not a dupe of it.

Test script:
---------------
var_dump(dns_get_record("20120806._domainkey.googlegroups.com", DNS_TXT));


Expected result:
----------------
array(1) {
  [0] =>
  array(6) {
    'host' =>
    string(36) "20120806._domainkey.googlegroups.com"
    'class' =>
    string(2) "IN"
    'ttl' =>
    int(4502)
    'type' =>
    string(3) "TXT"
    'txt' =>
    string(401) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV00QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPiua
nUNOX5Jw5Q2H3wcOmBTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBiNR
fPLoMFnMddCQqXYJsJZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    'entries' =>
    array(2) {
      [0] =>
      string(183) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV"
      [1] =>
      string(218) 
"QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPiuanUNOX5Jw5Q2H3wcOm
BTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBiNRfPLoMFnMddCQqXYJs
JZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    }
  }
}


Actual result:
--------------
array(1) {
  [0] =>
  array(6) {
    'host' =>
    string(36) "20120806._domainkey.googlegroups.com"
    'class' =>
    string(2) "IN"
    'ttl' =>
    int(4502)
    'type' =>
    string(3) "TXT"
    'txt' =>
    string(402) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV\000QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPi
uanUNOX5Jw5Q2H3wcOmBTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBi
NRfPLoMFnMddCQqXYJsJZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    'entries' =>
    array(2) {
      [0] =>
      string(183) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV"
      [1] =>
      string(218) 
"QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPiuanUNOX5Jw5Q2H3wcOm
BTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBiNRfPLoMFnMddCQqXYJs
JZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    }
  }
}



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=65478&edit=1

Bug #65478 [Opn]: Multi-string DNS records obtained with dns_get_record contain nulls

Reply via email to