Package: opendnssec-signer-tools
Severity: normal
Tags: patch
RFC 1035 states that an $INCLUDE directive is as follows (page 33)
$INCLUDE <file-name> [<domain-name>] [<comment>]
where <domain-name> is stated as follows (bottom of page 33)
..... Domain names which do not end in a dot are called relative; the
actual domain is the concatenation of the relative part with an origin
specified in a $ORIGIN, $INCLUDE, or as an argument to the master file
loading routine.
opendnssec quicksorter util doesn't use the domain-name attached to
an $INCLUDE directive as a possible relative domain, and assumes it
is absolute. The patch attached checks whether a dot (.) is present,
and appends the origin if nessessary.
This won't be able to be applied upstream, as they no longer use the
quicksorter, but I would believe a similar problem exists.
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25,
'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- Begin Message ---
---
signer/tools/quicksorter.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/signer/tools/quicksorter.c b/signer/tools/quicksorter.c
index 36855e7..a622d6d 100644
--- a/signer/tools/quicksorter.c
+++ b/signer/tools/quicksorter.c
@@ -407,6 +407,12 @@ int read_file(char* filename,
while (*p && !isspace(*p))
p++;
*p = 0; /* terminate domain name */
+ if (*(p - 1) != '.') {
+ char tmp[MAX_NAME_LEN];
+ strcpy(tmp, domain);
+ strcat(strcat(tmp, "."), origin);
+ domain = tmp;
+ }
}
else {
domain = origin;
--
--- End Message ---