Package: opendnssec-signer-tools Severity: normal Tags: patch
RFC 1035 states that an $INCLUDE directive is as follows (page 33) $INCLUDE <file-name> [<domain-name>] [<comment>] where <domain-name> is stated as follows (bottom of page 33) ..... Domain names which do not end in a dot are called relative; the actual domain is the concatenation of the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as an argument to the master file loading routine. opendnssec quicksorter util doesn't use the domain-name attached to an $INCLUDE directive as a possible relative domain, and assumes it is absolute. The patch attached checks whether a dot (.) is present, and appends the origin if nessessary. This won't be able to be applied upstream, as they no longer use the quicksorter, but I would believe a similar problem exists. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (950, 'stable'), (850, 'stable-updates'), (50, 'testing'), (25, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- Begin Message ------ signer/tools/quicksorter.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/signer/tools/quicksorter.c b/signer/tools/quicksorter.c index 36855e7..a622d6d 100644 --- a/signer/tools/quicksorter.c +++ b/signer/tools/quicksorter.c @@ -407,6 +407,12 @@ int read_file(char* filename, while (*p && !isspace(*p)) p++; *p = 0; /* terminate domain name */ + if (*(p - 1) != '.') { + char tmp[MAX_NAME_LEN]; + strcpy(tmp, domain); + strcat(strcat(tmp, "."), origin); + domain = tmp; + } } else { domain = origin; --
--- End Message ---
