Fix uploaded to Debian. It will land in Quantal after the next autosync. ** Description changed:
receiving an email from a sender whose SPF records are bogus (invalid UTF8) can crash policyd-spf. email (spam as it turns out, but whatever) from [email protected] whose SPF record looks like this - daltoninsurance.com. 6457 IN TXT "v=spf1 a:\239\187\191thoroughbred.webserversystems.com -all" causes policyd-spf to crash like so (filtered through syslog and logcheck, so ignore the line preambles) - - 4 stomp policyd-spf: Traceback (most recent call last): - 4 stomp policyd-spf: File "/usr/bin/policyd-spf", line 607, in <module> - 4 stomp policyd-spf: instance_dict, configData, peruser) - 4 stomp policyd-spf: File "/usr/bin/policyd-spf", line 469, in spfcheck - 4 stomp policyd-spf: res = spf.check2(ip, sender, helo) - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/spf.py", line 294, in check2 - 4 stomp policyd-spf: res,_,exp = query(i=i, s=s, h=h, local=local, receiver=receiver).check() - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/spf.py", line 514, in check - 4 stomp policyd-spf: rc = self.check1(spf, self.d, 0) - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/spf.py", line 553, in check1 - 4 stomp policyd-spf: return self.check0(spf, recursion) - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/spf.py", line 836, in check0 - 4 stomp policyd-spf: if self.cidrmatch(self.dns_a(arg,self.A), cidrlength): - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/spf.py", line 1132, in dns_a - 4 stomp policyd-spf: return self.dns(domainname, A) - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/spf.py", line 1200, in dns - 4 stomp policyd-spf: for k, v in DNSLookup(name, qtype, self.strict, self.timeout): - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/spf.py", line 127, in DNSLookup - 4 stomp policyd-spf: resp = req.req() - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/DNS/Base.py", line 202, in req - 4 stomp policyd-spf: m.addQuestion(qname, qtype, Class.IN) - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/DNS/Lib.py", line 478, in addQuestion - 4 stomp policyd-spf: self.addname(qname) - 4 stomp policyd-spf: File "/usr/lib/python2.6/dist-packages/DNS/Lib.py", line 125, in addname - 4 stomp policyd-spf: label = label.encode(enc) - 4 stomp policyd-spf: File "/usr/lib/python2.6/encodings/idna.py", line 164, in encode - 4 stomp policyd-spf: result.append(ToASCII(label)) - 4 stomp policyd-spf: File "/usr/lib/python2.6/encodings/idna.py", line 76, in ToASCII - 4 stomp policyd-spf: label = nameprep(label) - 4 stomp policyd-spf: File "/usr/lib/python2.6/encodings/idna.py", line 21, in nameprep - 4 stomp policyd-spf: newlabel.append(stringprep.map_table_b2(c)) - 4 stomp policyd-spf: File "/usr/lib/python2.6/stringprep.py", line 197, in map_table_b2 - 4 stomp policyd-spf: b = unicodedata.normalize("NFKC", al) - 4 stomp policyd-spf: TypeError: normalize() argument 2 must be unicode, not str - 4 stomp postfix/spawn: warning: command /usr/bin/python exit status 1 + ... + + TEST CASE: Install the current version of spf-tools-python and then run: + + $ pyspf 1.1.1.1 email.recipe.com email.recipe.com + + This should produce an error like: + + Traceback (most recent call last): + File "/usr/bin/pyspf", line 1971, in <module> + print(q.check(),q.mechanism) + File "/usr/bin/pyspf", line 538, in check + spf = self.dns_spf(self.d) + File "/usr/bin/pyspf", line 1094, in dns_spf + a = [t for t in self.dns_txt(domain) if RE_SPF.match(t)] + File "/usr/bin/pyspf", line 1131, in dns_txt + for a in self.dns(domainname, 'TXT')] + File "/usr/bin/pyspf", line 1130, in <genexpr> + return [''.join(s.decode("ascii") for s in a) + UnicodeDecodeError: 'ascii' codec can't decode byte 0x96 in position 32: ordinal not in range(128) + + Install the updated binaries from pyspf (python-spf and spf-tools-python + - don't bother with the python3 version, it's got other issues that + aren't sorted yet) and try again. This time it should work without a + traceback (it should raise a PermError about UniCode in an SPF record). ** Also affects: pyspf (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: pyspf (Ubuntu Quantal) Importance: Undecided Status: New ** Changed in: pyspf (Ubuntu Quantal) Importance: Undecided => Medium ** Changed in: pyspf (Ubuntu Quantal) Status: New => Fix Committed ** Changed in: pyspf (Ubuntu Quantal) Assignee: (unassigned) => Scott Kitterman (kitterman) ** Changed in: pyspf (Ubuntu Quantal) Importance: Medium => High ** Changed in: pyspf (Ubuntu Precise) Importance: Undecided => High ** Changed in: pyspf (Ubuntu Precise) Status: New => Fix Committed ** Changed in: pyspf (Ubuntu Precise) Assignee: (unassigned) => Scott Kitterman (kitterman) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/832480 Title: policyd-spf crashes on broken SPF records To manage notifications about this bug go to: https://bugs.launchpad.net/pypolicyd-spf/+bug/832480/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
