Skip Menu |
 

This queue is for tickets about the Net-DNS-SEC CPAN distribution.

Report information
The Basics
Id: 95034
Status: resolved
Priority: 0/
Queue: Net-DNS-SEC

People
Owner: Nobody in particular
Requestors: Anthony.Kirby [...] nominet.org.uk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Net::DNS::SEC incorrectly decodes (from text) an NSEC3PARAM record with null salt
Date: Fri, 25 Apr 2014 09:34:33 +0000
To: "bug-Net-DNS-SEC [...] rt.cpan.org" <bug-Net-DNS-SEC [...] rt.cpan.org>
From: Anthony Kirby <Anthony.Kirby [...] nominet.org.uk>
Download (untitled) / with headers
text/plain 759b
I believe I've found a bug in Net::DNS::SEC's handling of NSEC3PARAM records which have null salt. When initialised from text, the null salt (which is specified as "-" in text format) gets (un)packed to saltbin as if it were valid hex, which produces a non-null & hence bogus salt when serialised to wire format. (I imagine that if some versions of Perl have a pickier implementation of pack(), new_from_text might instead just fail & return an undef instead) The fix is to check for the text "-" and infer null salt. I've attached a patch for NSEC3PARAM.pm & an updated test 12-nsec++.t which reproduces the issue. Environment: Net::DNS 0.74 Net::DNS::SEC 0.17 Perl 5.10.1 Linux - RHEL 6, Ubuntu 10.4 many thanks Anthony
Download NSEC3PARAM.pm.patch
text/x-diff 516b

Message body is not shown because sender requested not to inline it.

Download 12-nsec++.t.patch
text/x-diff 1.1k

Message body is not shown because sender requested not to inline it.

From: rwfranks [...] acm.org
Download (untitled) / with headers
text/plain 378b
On Fri Apr 25 05:34:45 2014, Anthony.Kirby@nominet.org.uk wrote: Show quoted text
> I believe I've found a bug in Net::DNS::SEC's handling of NSEC3PARAM > records which have null salt.
Thanks, this will be fixed in 0.18 Note that the "-" placeholder only appears in the output from $nsec3param->string() and $nsec3param->print(). $nsec3param->salt() should return (and accept) a null string.
Subject: RE: [rt.cpan.org #95034] Net::DNS::SEC incorrectly decodes (from text) an NSEC3PARAM record with null salt
Date: Mon, 28 Apr 2014 08:55:21 +0000
To: "'bug-Net-DNS-SEC [...] rt.cpan.org'" <bug-Net-DNS-SEC [...] rt.cpan.org>
From: Anthony Kirby <Anthony.Kirby [...] nominet.org.uk>
Download (untitled) / with headers
text/plain 971b
Show quoted text
> Thanks, this will be fixed in 0.18
Marvellous - thank you! Show quoted text
> Note that the "-" placeholder only appears in the output from > $nsec3param->string() and $nsec3param->print(). > > $nsec3param->salt() should return (and accept) a null string.
True. Although In my use case, creating a dynamic update (Net::DNS::Update), the input is via new_from_text & I couldn't see a non-hacky alternative. Since I opened this, I see that 0.18 looks like a rewrite, so maybe the patch has little value; hopefully the test is still useful. While I think of it, when looking at the (old) source it looked like there was a an issue with calculation of saltbin; if $nsec3param->salt() was changed, saltbin wouldn't always be recalculated. I guess there's no point worrying about that now, but When you've got pre-release code for 0.18 I'm happy to have a look at it. Or would it be more helpful if I submit a ticket with tests that reproduce it? thanks Anthony
Download (untitled) / with headers
text/plain 682b
On Mon 28 Apr 2014 04:55:38, Anthony.Kirby@nominet.org.uk wrote: Show quoted text
> While I think of it, when looking at the (old) source it looked like > there was a an issue with calculation of saltbin; if $nsec3param-
> >salt() was changed, saltbin wouldn't always be recalculated. I guess
> there's no point worrying about that now, but When you've got pre- > release code for 0.18 I'm happy to have a look at it.
Thank you Anthony, We do have a pre release now: http://www.net-dns.org/download/Net-DNS-SEC-0.17_5.tar.gz . We would very much appreciate if you would have a look and report back on any issues. I'll close this ticket now as the original issue is resolved. Regards, -- Willem


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.