Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#49 DK-FILTER parse problem on DNS TXT records

v1.0.0
closed
3
2008-10-30
2008-10-14
Michael Lucas
No

I found a unique error in DK-FILTER 1.0.1 when the DNS TXT record contains more than beginning and ending quotes.

Williams & Sonoma newsletter email:

;; QUESTION SECTION:
;williamssonoma._domainkey.enews.williams-sonoma.com. IN TXT

;; ANSWER SECTION:
williamssonoma._domainkey.enews.williams-sonoma.com. 3600 IN TXT "g=*\; k=rsa\; t=y\; n=" "Contact" "postmaster@responsys.com" "with" "any" "questions" "concerning" "this" "signing" "\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaktaU8E6joTYJEOKQRcKMbgE7Xt8lg/Y3ZQGQCS+MpjAoR5KEJBogaS9ke1ilCcGBy+zT+LBxrgDPmszP5ewrXLNmkThViIIU6FZa5WbthZXlnCwVoYUlUG1XESDlruXBFayUgQVjXBregIaZ3uC77I6jCjPHfRhn9neDdeKP4wIDAQAB\;"

As you can see the above DNS query, the administrator has taken some liberty in creating instructions through the use of multiple double quotations.

The DK-FILTER response I get is:

Oct 13 12:35:03 ns1 dk-filter[10178]: m9DGYunp016718: bad signature data

It appears that DK-FILTER cannot correctly parse the correct key when there are multiple beginning/ending quotes.

I believe the administrator is probably in error, but DK-FILTER should account for this during its parse.

Mike Lucas
mike@lucasnet.org

Discussion

  • The "bad signature data" log entry means the signature failed verification. It's not an expression of an error parsing the key record in DNS.

    libdk just takes the example you gave and smashes all the quoted parts together into one big string. It has to do this in case the record gets split up into separate quoted strings where one of the breaks happens in the middle of the key. So the full string is actually handled like so:

    g=*\; k=rsa\; t=y\; n=Contactpostmaster@responsys.comwithanyquestionsconcerningthissigning\; p=MIG...AQAB\;

    I just created a fake message and ran it through the debugger to verify that this is the case. The more likely explanation is that something happened to the message after it was signed which invalidated the signature.

     
    • priority: 5 --> 3
    • assigned_to: nobody --> sm-msk
     
    • status: open --> pending
     
  • If you can, please attach an otherwise-valid message which exhibits this problem.

     
    • status: pending --> closed
     
  • This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).