| Subject: | Fail to parse records with comments at the end |
If a zone file contains a NSEC or a NSEC3 record with a comment at the
end, the parsing fails. In the case of a SSHFP, it gets the fingerprint
wrong.
The reason is a greedy regular expression (using (.*)$pat_skip).
Please find attached a patch for 1.14 that fixes all the issues. For the
NSEC/NSEC3 records changes the regexp to be stingy, for the SSHFP uses a
more specific regexp to match an hexadecimal string.
| Subject: | zonefile-fast-1.14.patch |
--- Fast.pm 2010-09-09 09:59:36.000000000 +1200
+++ /usr/local/share/perl/5.10.0/Net/DNS/ZoneFile/Fast.pm 2011-02-09 11:16:14.000000000 +1300
@@ -619,7 +619,7 @@
fptype => $2,
};
$parse = \&parse_sshfp;
- } elsif (/\G(\d+)\s+(\d+)\s+(.*)$pat_skip$/gc) {
+ } elsif (/\G(\d+)\s+(\d+)\s+([a-zA-Z0-9]+)$pat_skip$/gc) {
push @zone, {
Line => $ln,
name => $domain,
@@ -849,7 +849,7 @@
error("bad DS data");
}
} elsif (/\G(nsec)[ \t]+/igc) {
- if (/\G\s*($pat_maybefullnameorroot)\s+(.*)$pat_skip$/gc) {
+ if (/\G\s*($pat_maybefullnameorroot)\s+(.*?)$pat_skip$/gc) {
# XXX: set the typebm field ourselves?
my ($nxtdname, $typelist) = ($1, $2);
$typelist = join(" ",sort split(/\s+/,$typelist));
@@ -871,7 +871,7 @@
} elsif (/\G(nsec3)[ \t]+/igc) {
error ("You are missing required modules for NSEC3 support")
if (!$nsec3capable);
- if (/\G\s*(\d+)\s+(\d+)\s+(\d+)\s+([-0-9A-Fa-f]+)\s+($pat_maybefullname)\s+(.*)$pat_skip$/gc) {
+ if (/\G\s*(\d+)\s+(\d+)\s+(\d+)\s+([-0-9A-Fa-f]+)\s+($pat_maybefullname)\s+(.*?)$pat_skip$/gc) {
# XXX: set the typebm field ourselves?
my ($alg, $flags, $iters, $salt, $nxthash, $typelist) =
($1, $2, $3, $4, $5, $6);