Skip Menu |
 

This queue is for tickets about the Net-DNS-SEC CPAN distribution.

Report information
The Basics
Id: 81289
Status: resolved
Priority: 0/
Queue: Net-DNS-SEC

People
Owner: Nobody in particular
Requestors: 1fea [...] packet-pushers.com
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 0.16
Fixed in: (no value)



Subject: Failure to handle GOST DS records
Download (untitled) / with headers
text/plain 906b
I am seeing some records created with GOST in the wild. DS.pm does not create a useful object when given such a record. For example from dig: dotsu.su. 345600 IN DS 13588 9 3 5C55272BFF1E290E9EAEF53A50C70A2A8CE96A64C6E4170B053B92C1 84B19F22 versus this from Net::DNS::Packet->print: dotsu.su. 345600 IN DS 13588 9 3 ; xexax The malformed DS record leads to this error when RRSIG->verify() is called trying to verify the DS rrset: Can't call method "name" on unblessed reference at /usr/local/share/perl/5.12.4/Net/DNS/RR/RRSIG.pm The culprit seems to be setting digestlength=0 for digest types other than 1 or 2. A proposed patch is attached. This of course does not enable cryptographic validation of GOST-related records, but please also consider this bug report a feature request for adding GOST support in general to Net::DNS::SEC.
Subject: net-dns-gost-ds.patch
Index: RR/DS.pm =================================================================== --- RR/DS.pm (revision 1053) +++ RR/DS.pm (working copy) @@ -44,7 +44,12 @@ $digestlength=20; # SHA1 digest 20 bytes long }elsif($self->{"digtype"}==2){ $digestlength=32; # SHA256 digest 32 bytes long + }elsif($self->{"digtype"}==3){ + $digestlength=32; # GOST digest 32 bytes long [RFC5933] + }elsif($self->{"digtype"}==4){ + $digestlength=32; # SHA-384 digest 32 bytes long [RFC6605] }else{ + confess("Unsupported digest type " .$self->{"digtype"}); $digestlength=0; }
From: 1fea [...] packet-pushers.com
Here's a useful addendum to the original patch.
Subject: net-dns-sec.patch
Download net-dns-sec.patch
text/x-diff 295b
Index: SEC.pm =================================================================== --- SEC.pm (revision 1053) +++ SEC.pm (working copy) @@ -286,6 +286,8 @@ my %digestbyname= ( "SHA1" => 1, "SHA256" => 2, + "GOST" => 3, + "SHA384" => 4, );
From: rwfranks [...] acm.org
Download (untitled) / with headers
text/plain 188b
DS.pm rewritten, now on SVN trunk (at www.net-dns.org). The module architecture is radically different from 0.17, so may not work as a drop-in replacement. 0.18 should be along soon. Dick
Download (untitled) / with headers
text/plain 134b
Fixed in the 0.18 release. Please try out the pre-release for that release: http://www.net-dns.org/download/Net-DNS-SEC-0.17_5.tar.gz


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.