Comments (12)
Thanks, this looks like a pretty clear bug. Is the \010 literal? Or is it an octal escape? The first step is a test case in the portable test suite. This will be a doozy!
from pyspf.
It looks from the traceback like it is a \x0a - i.e. newline. Were it two segments to the TXT record? Or only one?
from pyspf.
This fails to get the same error - it just gets a permerror like it should.
badip4:
description: >-
Mechanisms are separated by spaces only, not any control char.
spec: 4.6.1/2
helo: foobar
host: 192.0.2.5
mailfrom: "[email protected]"
result: permerror
zonedata:
badip.example.com:
- SPF: "v=spf1 ip4:192.0.2.5\x0a include:spf.protection.outlook.com ~all"
from pyspf.
So, what version of pyspf are you using? It works fine with that test.
from pyspf.
Running from CLI:
$ python spf.py -v "v=spf1 ip4:192.0.2.5\n include:spf.protection.outlook.com ~all" 192.0.2.5 [email protected] foobar
result: ('permerror', 550, 'SPF Permanent Error: Invalid IP4 address: ip4:192.0.2.5\\n') None
This is the correct behavior. I am closing this until the issue can be reproduced.
from pyspf.
Checked that 2.0.12 also works correctly.
from pyspf.
I can now reproduce on 2.0.12 with python3:
$ python3 spf.py -v "v=spf1 ip4:192.0.2.1 ip4:192.0.2.3 ip4:192.0.2.5
include:spf.protection.outlook.com ~all" 192.0.2.5 [email protected] foobar
Traceback (most recent call last):
File "spf.py", line 1954, in <module>
r = q.check(argv[0])
File "spf.py", line 574, in check
rc = self.check1(spf, self.d, 0)
File "spf.py", line 613, in check1
return self.check0(spf, recursion)
File "spf.py", line 933, in check0
if self.cidrmatch([arg], cidrlength): break
File "spf.py", line 1376, in cidrmatch
for netwrk in [ipaddress.ip_network(ip) for ip in ipaddrs]:
File "spf.py", line 1376, in <listcomp>
for netwrk in [ipaddress.ip_network(ip) for ip in ipaddrs]:
File "/usr/lib64/python3.7/ipaddress.py", line 84, in ip_network
address)
ValueError: '192.0.2.5\n' does not appear to be an IPv4 or IPv6 network
Python2 and 2.0.13 are ok. I'll make sure the test case reproduces on 2.0.12, but otherwise this is fixed in new version.
from pyspf.
I confirmed that the test case added reproduces the issue for 2.0.12. @apircalabu Thanks for the test case! It it is good one. Maybe it will trip up some other implementations.
from pyspf.
@sdgathman I was using 2.0.12, now upgraded to 2.0.13. However, I can't replicate the crash from cli on 2.0.12, the backslash always gets excaped :(
$ python3 spf.py 'v=spf1 ip4:192.0.2.1 ip4:192.0.2.3 ip4:192.0.2.5\010 include:spf.protection.outlook.com ~all' 192.0.2.5 [email protected] foobar
result: ('permerror', 550, 'SPF Permanent Error: Invalid IP4 address: ip4:192.0.2.5\010') None
$ python3 -V
Python 3.4.3
from pyspf.
I couldn't remember the bash syntax for inserting an actual newline via backslash - so I just pressed enter within the quotes to insert the newline for cli. The test case uses yaml syntax, which is like python.
from pyspf.
Ah of course :) Can now confirm the issue for 2.0.12 and the fix in 2.0.13. Any chance to have the fix pulled via pip?
from pyspf.
I uploaded a 2.0.13 release to pypi - I don't use pip, so don't know if it works.
from pyspf.
Related Issues (20)
- NameError: name "strict" is not defined HOT 5
- Add special case for +all SPF ? HOT 17
- RST vs MD HOT 5
- http://openspf.net -> http://www.open-spf.org/ HOT 6
- dnspython and CNAME answers HOT 7
- Provide detailed explanation for SPF result, for "Received-SPF" header HOT 2
- Getting list of ip networks fails if prefix is 32 or more HOT 13
- Version number/branches for python3/ipaddress only releases HOT 2
- Using dnspython breaks relative lookups with search path HOT 1
- split() requires a non-empty pattern match HOT 17
- Allow custom DNS server HOT 4
- dnspython vs python3 dns dns.resolver.resolve lifetime arg bug HOT 1
- SPF with redirect problem HOT 1
- Passing lowercase qtype to DNSLookup_dnspython() always results in empty list HOT 3
- vaidating an spf record HOT 2
- Example app illustrating legit use of +all
- Detect a non-trivial subset of AlwaysPass policies HOT 1
- PEP8 coding style HOT 2
- IndexError caused by malformed DNS packet
- Problems with ipv6 queries and void lookups HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyspf.