Merge branch 'matthijs-lexopt-escape-public-key-9.18' into 'bind-9.18'

[9.18] Recognize escapes when reading the public key See merge request isc-projects/bind9!8504
2026-05-28 04:34:54 -04:00 · 2023-11-20 12:40:43 +00:00 · 2023-11-20 12:40:43 +00:00 · 144c7d0d9d
commit 144c7d0d9d
parent 79e2a91cb4 004236e5f2
5 changed files with 30 additions and 1 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+6287.	[bug]		Recognize escapes when reading the public key from file.
+			[GL !8502]
+
 6286.	[bug]		Dig +yaml will now report "no servers could be reached"
 			on TCP connection failure as well as for UDP timeouts.
 			[GL #4396]
--- a/bin/tests/system/kasp/ns3/named-fips.conf.in
+++ b/bin/tests/system/kasp/ns3/named-fips.conf.in
@ -49,6 +49,15 @@ zone "default.kasp" {
 	dnssec-policy "default";
 };

+/* A zone with special characters. */
+zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." {
+        type primary;
+        file "i-am.special.kasp.db";
+        check-names ignore;
+	inline-signing yes;
+        dnssec-policy "default";
+};
+
 /* checkds: Zone with one KSK. */
 zone "checkds-ksk.kasp" {
 	type primary;
--- a/bin/tests/system/kasp/ns3/setup.sh
+++ b/bin/tests/system/kasp/ns3/setup.sh
@ -51,6 +51,13 @@ for zn in default dnssec-keygen some-keys legacy-keys pregenerated \
  cp template.db.in "$zonefile"
 done

+#
+# Setup special zone
+#
+zone="i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."
+echo_i "setting up zone: $zone"
+cp template.db.in "i-am.special.kasp.db"
+
 #
 # Set up RSASHA1 based zones
 #
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@ -393,6 +393,16 @@ check_apex
 check_subdomain
 dnssec_verify

+#
+# A zone with special characters.
+#
+set_zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."
+set_policy "default" "1" "3600"
+set_server "ns3" "10.53.0.3"
+# It is non-trivial to adapt the tests to deal with all possible different
+# escaping characters, so we will just try to verify the zone.
+dnssec_verify
+
 #
 # Zone: dynamic.kasp
 #
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@ -1647,7 +1647,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx,
 	isc_token_t token;
 	isc_result_t ret;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
-	unsigned int opt = ISC_LEXOPT_DNSMULTILINE;
+	unsigned int opt = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE;
 	dns_rdataclass_t rdclass = dns_rdataclass_in;
 	isc_lexspecials_t specials;
 	uint32_t ttl = 0;