From: Bob Halley Date: Wed, 9 Feb 2011 09:15:06 +0000 (+0000) Subject: Dnspython was erroneously doing case-insensitive comparisons of the names in NSEC... X-Git-Tag: v1.9.3~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4cea36e5e3aef4bbb31888ddcf7cdbb68e6c3b0;p=thirdparty%2Fdnspython.git Dnspython was erroneously doing case-insensitive comparisons of the names in NSEC and RRSIG records --- diff --git a/ChangeLog b/ChangeLog index 0fff77f9..73452c2a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2011-01-11 Bob Halley + + * Dnspython was erroneously doing case-insensitive comparisons + of the names in NSEC and RRSIG RRs. Thanks to Casey Deccio for + reporting this bug. + 2010-12-17 Bob Halley * dns/message.py (_WireReader._get_section): use "is" and not "==" diff --git a/dns/rdata.py b/dns/rdata.py index 399677e9..b4b92515 100644 --- a/dns/rdata.py +++ b/dns/rdata.py @@ -256,6 +256,15 @@ class Rdata(object): def __hash__(self): return hash(self.to_digestable(dns.name.root)) + def _wire_cmp(self, other): + # A number of types compare rdata in wire form, so we provide + # the method here instead of duplicating it. + b1 = cStringIO.StringIO() + self.to_wire(b1) + b2 = cStringIO.StringIO() + other.to_wire(b2) + return cmp(b1.getvalue(), b2.getvalue()) + def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): """Build an rdata object from text format. diff --git a/dns/rdtypes/ANY/NSEC.py b/dns/rdtypes/ANY/NSEC.py index 72859ce1..44ccbc1b 100644 --- a/dns/rdtypes/ANY/NSEC.py +++ b/dns/rdtypes/ANY/NSEC.py @@ -125,17 +125,4 @@ class NSEC(dns.rdata.Rdata): self.next = self.next.choose_relativity(origin, relativize) def _cmp(self, other): - v = cmp(self.next, other.next) - if v == 0: - b1 = cStringIO.StringIO() - for (window, bitmap) in self.windows: - b1.write(chr(window)) - b1.write(chr(len(bitmap))) - b1.write(bitmap) - b2 = cStringIO.StringIO() - for (window, bitmap) in other.windows: - b2.write(chr(window)) - b2.write(chr(len(bitmap))) - b2.write(bitmap) - v = cmp(b1.getvalue(), b2.getvalue()) - return v + return self._wire_cmp(other) diff --git a/dns/rdtypes/ANY/SIG.py b/dns/rdtypes/ANY/SIG.py index 501e29cc..adcb733d 100644 --- a/dns/rdtypes/ANY/SIG.py +++ b/dns/rdtypes/ANY/SIG.py @@ -24,3 +24,18 @@ class SIG(dns.rdtypes.sigbase.SIGBase): self.inception, self.key_tag) + \ self.signer.to_digestable(origin) + \ self.signature + def _cmp(self, other): + hs = struct.pack('!HBBIIIH', self.type_covered, + self.algorithm, self.labels, + self.original_ttl, self.expiration, + self.inception, self.key_tag) + ho = struct.pack('!HBBIIIH', other.type_covered, + other.algorithm, other.labels, + other.original_ttl, other.expiration, + other.inception, other.key_tag) + v = cmp(hs, ho) + if v == 0: + v = cmp(self.signer, other.signer) + if v == 0: + v = cmp(self.signature, other.signature) + return v diff --git a/dns/rdtypes/sigbase.py b/dns/rdtypes/sigbase.py index ccb6dd69..81ca31e9 100644 --- a/dns/rdtypes/sigbase.py +++ b/dns/rdtypes/sigbase.py @@ -152,17 +152,4 @@ class SIGBase(dns.rdata.Rdata): self.signer = self.signer.choose_relativity(origin, relativize) def _cmp(self, other): - hs = struct.pack('!HBBIIIH', self.type_covered, - self.algorithm, self.labels, - self.original_ttl, self.expiration, - self.inception, self.key_tag) - ho = struct.pack('!HBBIIIH', other.type_covered, - other.algorithm, other.labels, - other.original_ttl, other.expiration, - other.inception, other.key_tag) - v = cmp(hs, ho) - if v == 0: - v = cmp(self.signer, other.signer) - if v == 0: - v = cmp(self.signature, other.signature) - return v + return self._wire_cmp(other)