From ef2e12b0dd4e24000e17dfd48b896e72d74362fb Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Sat, 25 Feb 2012 22:04:29 +0100 Subject: [PATCH] Validation fixes, still not perfect, but much nicer --- dnssec.go | 37 +++++++++++++++++++++++++++++++++---- types.go | 4 ++-- zscan_rr.go | 10 +++++----- 3 files changed, 40 insertions(+), 11 deletions(-) diff --git a/dnssec.go b/dnssec.go index 5a63f456..751ed144 100644 --- a/dnssec.go +++ b/dnssec.go @@ -285,7 +285,7 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error { // Verify validates an RRSet with the signature and key. This is only the // cryptographic test, the signature validity period must be checked separately. -// This function (temporary) modifies the RR for the validation to work. +// This function modifies the rdata of some RRs (lowercases domain names) for the validation to work. func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error { // First the easy checks if s.KeyTag != k.KeyTag() { @@ -493,8 +493,7 @@ func (p wireSlice) Less(i, j int) bool { } func (p wireSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] } -// Return the raw signature data. -// TODO: the rr rdata is lowercased for some records +// Return the raw signature data. func rawSignatureData(rrset []RR, s *RR_RRSIG) (buf []byte) { wires := make(wireSlice, len(rrset)) for i, r := range rrset { @@ -514,32 +513,62 @@ func rawSignatureData(rrset []RR, s *RR_RRSIG) (buf []byte) { // SRV, DNAME, A6 switch x := r1.(type) { case *RR_NS: + p := x.Ns + defer func() { x.Ns = p }() x.Ns = strings.ToLower(x.Ns) case *RR_CNAME: - x.Cname = strings.ToLower(x.Cname) + p := x.Target + defer func() { x.Target = p }() + x.Target = strings.ToLower(x.Target) case *RR_SOA: + p := x.Ns + q := x.Mbox + defer func() { x.Ns = p }() + defer func() { x.Mbox = q }() x.Ns = strings.ToLower(x.Ns) x.Mbox = strings.ToLower(x.Mbox) case *RR_MB: + p := x.Mb + defer func() { x.Mb = p }() x.Mb = strings.ToLower(x.Mb) case *RR_MG: + p := x.Mg + defer func() { x.Mg = p }() x.Mg = strings.ToLower(x.Mg) case *RR_MR: + p := x.Mr + defer func() { x.Mr = p }() x.Mr = strings.ToLower(x.Mr) case *RR_PTR: + p := x.Ptr + defer func() { x.Ptr = p }() x.Ptr = strings.ToLower(x.Ptr) case *RR_MINFO: + p := x.Rmail + q := x.Email + defer func() { x.Rmail = p }() + defer func() { x.Email = q }() x.Rmail = strings.ToLower(x.Rmail) x.Email = strings.ToLower(x.Email) case *RR_MX: + p := x.Mx + defer func() { x.Mx = p }() x.Mx = strings.ToLower(x.Mx) case *RR_NAPTR: + p := x.Replacement + defer func() { x.Replacement = p }() x.Replacement = strings.ToLower(x.Replacement) case *RR_KX: + p := x.Exchanger + defer func() { x.Exchanger = p }() x.Exchanger = strings.ToLower(x.Exchanger) case *RR_SRV: + p := x.Target + defer func() { x.Target = p }() x.Target = strings.ToLower(x.Target) case *RR_DNAME: + p := x.Target + defer func() { x.Target = p }() x.Target = strings.ToLower(x.Target) } // 6.2. Canonical RR Form. (5) - origTTL diff --git a/types.go b/types.go index 6634cb46..5d0f676b 100644 --- a/types.go +++ b/types.go @@ -187,11 +187,11 @@ func (rr *RR_CNAME) Header() *RR_Header { } func (rr *RR_CNAME) String() string { - return rr.Hdr.String() + rr.Cname + return rr.Hdr.String() + rr.Target } func (rr *RR_CNAME) Len() int { - l := len(rr.Cname) + 1 + l := len(rr.Target) + 1 return rr.Hdr.Len() + l } diff --git a/zscan_rr.go b/zscan_rr.go index 1b09bb48..352e1a08 100644 --- a/zscan_rr.go +++ b/zscan_rr.go @@ -56,7 +56,7 @@ func setRR(h RR_Header, c chan lex, o, f string) (RR, *ParseError) { //r, e = setLOC(h, c, f) // TODO goto Slurp - // These types have a variable ending either chunks of txt or chunks/base64 or hex. + // These types have a variable ending: either chunks of txt or chunks/base64 or hex. // They need to search for the end of the RR themselves, hence they look for the ending // newline. Thus there is no need to slurp the remainder, because there is none. case TypeDNSKEY: @@ -185,13 +185,13 @@ func setCNAME(h RR_Header, c chan lex, o, f string) (RR, *ParseError) { rr.Hdr = h l := <-c - rr.Cname = l.token + rr.Target = l.token _, ld, ok := IsDomainName(l.token) if !ok { - return nil, &ParseError{f, "bad CNAME Cname", l} + return nil, &ParseError{f, "bad CNAME Target", l} } - if rr.Cname[ld-1] != '.' { - rr.Cname = appendOrigin(rr.Cname, o) + if rr.Target[ld-1] != '.' { + rr.Target = appendOrigin(rr.Target, o) } return rr, nil }