Designate

Designate should 400 on a SPF record data with trailing backlash

Bug #1544358 reported by Paul Glass
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Designate
Triaged
High
Unassigned

Bug Description

To reproduce, post an SPF recordset where the record data ends in a trailing slash:

{
  "name" : "foospf.example.com.",
  "description" : "An SPF recordset.",
  "type" : "SPF",
  "ttl" : 3600,
  "records" : [
      "v=spf1 +all\\"
    ]
}

The recordset will not 400 like it should. It will go to an ERROR status. Looking at mini dns logs, I see:

2016-02-10 23:46:55.326 TRACE designate.service Traceback (most recent call last):
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/designate/service.py", line 332, in _dns_handle
2016-02-10 23:46:55.326 TRACE designate.service {'payload': payload, 'addr': addr}):
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/designate/dnsutils.py", line 137, in __call__
2016-02-10 23:46:55.326 TRACE designate.service for response in self.application(message):
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/designate/mdns/handler.py", line 75, in __call__
2016-02-10 23:46:55.326 TRACE designate.service for response in self._handle_axfr(request):
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/designate/mdns/handler.py", line 303, in _handle_axfr
2016-02-10 23:46:55.326 TRACE designate.service [str(record[4])], # rdata
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/.venv/local/lib/python2.7/site-packages/dns/rrset.py", line 134, in from_text_list
2016-02-10 23:46:55.326 TRACE designate.service rd = dns.rdata.from_text(r.rdclass, r.rdtype, t)
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/.venv/local/lib/python2.7/site-packages/dns/rdata.py", line 449, in from_text
2016-02-10 23:46:55.326 TRACE designate.service return cls.from_text(rdclass, rdtype, tok, origin, relativize)
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/.venv/local/lib/python2.7/site-packages/dns/rdtypes/txtbase.py", line 48, in from_text
2016-02-10 23:46:55.326 TRACE designate.service token = tok.get().unescape()
2016-02-10 23:46:55.326 TRACE designate.service File "/root/designate/.venv/local/lib/python2.7/site-packages/dns/tokenizer.py", line 398, in get
2016-02-10 23:46:55.326 TRACE designate.service raise dns.exception.UnexpectedEnd
2016-02-10 23:46:55.326 TRACE designate.service UnexpectedEnd
2016-02-10 23:46:55.326 TRACE designate.service

This is running with bind + agent, on commit commit b16fadeb801766dbbd3a15754f5f2530c191e7e2.

The expected behavior here is to 400 on SPF records with trailing slashes.

Also, see these functional test logs: See these functional test logs: http://logs.openstack.org/49/278549/1/check/gate-designate-dsvm-bind9/7a59e02/console.html#_2016-02-10_20_03_31_057

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to designate (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/278801

Revision history for this message
Kiall Mac Innes (kiall) wrote :

Also, need to check if TXT is affected

Revision history for this message
Tim Simmons (timsim) wrote :

This could possibly affect SPF records as well, ensure testing of those when fixing this :)

Changed in designate:
status: New → Triaged
importance: Undecided → High
milestone: none → mitaka-3
Graham Hayes (grahamhayes)
Changed in designate:
milestone: mitaka-3 → mitaka-2
milestone: mitaka-2 → none
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on designate (master)

Change abandoned by Graham Hayes (<email address hidden>) on branch: master
Review: https://review.openstack.org/278801
Reason: message

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Paul Glass (<email address hidden>) on branch: master
Review: https://review.openstack.org/278801

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.