[master] parse numeric domain names correctly

4666. [bug] dnssec-keymgr: Domain names beginning with digits (0-9) could cause a parser error when reading the policy file. This now works correctly so long as the domain name is quoted. [RT #45641]
2025-09-01 06:55:30 +00:00 · 2017-07-31 10:43:57 -07:00
parent 913f7528fe
commit 681deaaa39
6 changed files with 150 additions and 108 deletions
--- a/bin/python/isc/policy.py.in
+++ b/bin/python/isc/policy.py.in
@@ -538,6 +538,16 @@ class dnssec_policy:
        p[0] = p[1]
        pass

+    def p_domain(self, p):
+        '''domain : STR
+                  | QSTRING
+                  | KEYTYPE
+                  | DATESUFFIX'''
+        p[0] = p[1].strip()
+        if not re.match(r'^[\w.-][\w.-]*$', p[0]):
+            raise PolicyException('invalid domain')
+        pass
+
    def p_new_policy(self, p):
        "new_policy :"
        self.current = Policy()
@@ -550,7 +560,7 @@ class dnssec_policy:
        pass

    def p_zone_policy(self, p):
-        "zone_policy : ZONE name new_policy policy_option_group SEMI"
+        "zone_policy : ZONE domain new_policy policy_option_group SEMI"
        self.current.name = p[2].rstrip('.')
        self.current.is_zone = True
        self.zone_policy[p[2].rstrip('.').lower()] = self.current
--- a/bin/python/isc/tests/policy_test.py.in
+++ b/bin/python/isc/tests/policy_test.py.in
@@ -78,5 +78,12 @@ class PolicyTest(unittest.TestCase):
                                 '(5184000/5184000) combined exceed '
                                 'rollover period 7776000'))

+    def test_numeric_zone(self):
+        pol = policy.dnssec_policy()
+        pol.load('test-policies/05-numeric-zone.pol')
+
+        p = pol.policy('99example.test', novalidate=True)
+        self.assertEqual(p.validate(), (True, ""))
+
 if __name__ == "__main__":
    unittest.main()
--- a/bin/python/isc/tests/test-policies/05-numeric-zone.pol
+++ b/bin/python/isc/tests/test-policies/05-numeric-zone.pol
@@ -0,0 +1,12 @@
+/*
+ * Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+// Zone policy that uses a numeric name
+zone "99example.test" {
+	coverage 6mo;
+};