CC: bind-users@isc.org
Subject: Re: Sign zone escapes semicolon for RR 257 (CAA) and RR 256 (URI)
References: <CAP9LFjQ-+iMbB==TF+zov+tQzxuwjUVtHe19vAkTRdW3-4npMg@mail.gmail.com>
In-Reply-To: Your message of "Wed, 10 May 2017 12:01:57 +0200."             <CAP9LFjQ-+iMbB==TF+zov+tQzxuwjUVtHe19vAkTRdW3-4npMg@mail.gmail.com>
To: "Dion Bosschieter" <dionbosschieter@gmail.com>
Date: Thu, 11 May 2017 09:52:48 +1000
From: "Mark Andrews" <marka@isc.org>
X-RT-Original-Encoding: ascii
content-type: text/plain; charset="utf-8"
Content-Length: 2906


"\;" and ";" are the same thing on the wire.  To get a '\' you need
to to '\\'.  RFC 1035 fails to properly describe a quoting mechanism
that works as it leaves out details like to get a \ you need to
escape the \ like \\.

That said we can remove the backslash in this case.

In message <CAP9LFjQ-+iMbB==TF+zov+tQzxuwjUVtHe19vAkTRdW3-4npMg@mail.gmail.com>
, Dion Bosschieter writes:
> Hi,
> 
> Whenever I try to sign a zone (using dnssec-signzone) with a CAA
> record in it that has a semicolon in the value part of the RDATA like
> the following RDATA:
> 
> 0 issue ";"
> 
> Bind escapes the semicolon so the signed zonefile wil have the
> following RDATA for the same CAA record:
> 
> 0 issue "\;"
> 
> Even though a semicolon should not be escaped when it is inside a
> quoted string, like in the example (reference: <character-string>
> https://tools.ietf.org/html/rfc1035#page-35).
> 
> <character-string> is expressed in one or two ways: as a contiguous set
> of characters without interior spaces, or as a string beginning with a "
> and ending with a ".  Inside a " delimited string any character can
> occur, except for a " itself, which must be quoted using \ (back slash).
> 
> I found out that this happens in the multitxt_totext function in file
> rdata.c as it matches a semicolon and escapes it.
> 
> But this function always returns a quoted string, so the code should
> actually not escape a semicolon. The function multitxt_totext is only
> used in caa_257.c and uri_256.c.
> 
> I applied the following patch which solves the issue:
> --- lib/dns/rdata.c.orig        2017-05-05 15:42:22.943088646 +0200
> +++ lib/dns/rdata.c     2017-05-05 15:42:26.466428703 +0200
> @@ -1577,8 +1577,8 @@
>                                 tl -= 4;
>                                 continue;
>                         }
> -                       /* double quote, semi-colon, backslash */
> -                       if (*sp == 0x22 || *sp == 0x3b || *sp == 0x5c) {
> +                       /* double quote, backslash */
> +                       if (*sp == 0x22 || *sp == 0x5c) {
>                                 if (tl < 2)
>                                         return (ISC_R_NOSPACE);
>                                 *tp++ = '\\';
> 
> I was wondering if I was correct in my assumption and if my patch is
> indeed the right solution.
> If this is indeed the right solution I hope this patch could be
> applied upstream.
> 
> -- 
> Have a great day,
> 
> Dion Bosschieter
> 
> dionbosschieter@gmail.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org