Report information
The Basics
Id:
45216
Status:
resolved
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Mark Andrews <marka@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.9.11, 9.9.11-S1, 9.10.6, 9.10.6-S1, 9.11.2, 9.12.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
BIND Common
Area:
bug
Dates
Created:Wed, 10 May 2017 19:55:09 -0400
Updated:Fri, 28 Jul 2017 23:15:41 -0400
Closed:Wed, 10 May 2017 21:07:21 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Wed, 10 May 2017 19:55:09 -0400 Mark Andrews <marka@isc.org> - Ticket created
Subject: Sign zone escapes semicolon for RR 257 (CAA) and RR 256 (URI)
Date: Thu, 11 May 2017 09:55:02 +1000
To: bind9-review@isc.org
From: "Mark Andrews" <marka@isc.org>
CC: bind-users@isc.org
Subject: Re: Sign zone escapes semicolon for RR 257 (CAA) and RR 256 (URI)
To: "Dion Bosschieter" <dionbosschieter@gmail.com>
Date: Thu, 11 May 2017 09:52:48 +1000
From: "Mark Andrews" <marka@isc.org>

"\;" and ";" are the same thing on the wire. To get a '\' you need to to '\\'. RFC 1035 fails to properly describe a quoting mechanism that works as it leaves out details like to get a \ you need to escape the \ like \\. That said we can remove the backslash in this case. In message <CAP9LFjQ-+iMbB==TF+zov+tQzxuwjUVtHe19vAkTRdW3-4npMg@mail.gmail.com> , Dion Bosschieter writes: > Hi, > > Whenever I try to sign a zone (using dnssec-signzone) with a CAA > record in it that has a semicolon in the value part of the RDATA like > the following RDATA: > > 0 issue ";" > > Bind escapes the semicolon so the signed zonefile wil have the > following RDATA for the same CAA record: > > 0 issue "\;" > > Even though a semicolon should not be escaped when it is inside a > quoted string, like in the example (reference: <character-string> > https://tools.ietf.org/html/rfc1035#page-35). > > <character-string> is expressed in one or two ways: as a contiguous set > of characters without interior spaces, or as a string beginning with a " > and ending with a ". Inside a " delimited string any character can > occur, except for a " itself, which must be quoted using \ (back slash). > > I found out that this happens in the multitxt_totext function in file > rdata.c as it matches a semicolon and escapes it. > > But this function always returns a quoted string, so the code should > actually not escape a semicolon. The function multitxt_totext is only > used in caa_257.c and uri_256.c. > > I applied the following patch which solves the issue: > --- lib/dns/rdata.c.orig 2017-05-05 15:42:22.943088646 +0200 > +++ lib/dns/rdata.c 2017-05-05 15:42:26.466428703 +0200 > @@ -1577,8 +1577,8 @@ > tl -= 4; > continue; > } > - /* double quote, semi-colon, backslash */ > - if (*sp == 0x22 || *sp == 0x3b || *sp == 0x5c) { > + /* double quote, backslash */ > + if (*sp == 0x22 || *sp == 0x5c) { > if (tl < 2) > return (ISC_R_NOSPACE); > *tp++ = '\\'; > > I was wondering if I was correct in my assumption and if my patch is > indeed the right solution. > If this is indeed the right solution I hope this patch could be > applied upstream. > > -- > Have a great day, > > Dion Bosschieter > > dionbosschieter@gmail.com > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Wed, 10 May 2017 19:56:51 -0400 Mark Andrews <marka@isc.org> - Priority P2 Normal added
Wed, 10 May 2017 19:56:52 -0400 Mark Andrews <marka@isc.org> - Severity S2 Normal added
Wed, 10 May 2017 19:56:52 -0400 Mark Andrews <marka@isc.org> - Area bug added
Wed, 10 May 2017 19:56:52 -0400 Mark Andrews <marka@isc.org> - Component BIND Common added
Wed, 10 May 2017 19:56:52 -0400 Mark Andrews <marka@isc.org> - Status changed from 'new' to 'open'
Wed, 10 May 2017 21:07:21 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.9.11,9.9.11(sub),9.10.6,9.10.6(sub),9.11.1,9.12.0 added
Wed, 10 May 2017 21:07:21 -0400 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'resolved'
Wed, 10 May 2017 21:07:21 -0400 Mark Andrews <marka@isc.org> - Queue changed from #7 to #30
Wed, 21 Jun 2017 14:37:18 -0400 Brian Conry <bconry@isc.org> - Queue changed from #30 to #6
Mon, 26 Jun 2017 20:10:07 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #6 to bind9-public
Wed, 26 Jul 2017 00:42:07 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.9.11,9.9.11(sub),9.10.6,9.10.6(sub),9.11.1,9.12.0 changed to 9.9.11, 9.9.11-S1, 9.10.6, 9.10.6-S1, 9.11.1, 9.12.0
Fri, 28 Jul 2017 23:15:41 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.9.11, 9.9.11-S1, 9.10.6, 9.10.6-S1, 9.11.1, 9.12.0 changed to 9.9.11, 9.9.11-S1, 9.10.6, 9.10.6-S1, 9.11.2, 9.12.0