1731081 – Label escaping bug for special characters breaks ipa dnszone-show

Bug 1731081 - Label escaping bug for special characters breaks ipa dnszone-show

Summary: Label escaping bug for special characters breaks ipa dnszone-show

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	python-dns
Sub Component:
Version:	8.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.2
Assignee:	Lumír Balhar
QA Contact:	Jan Houska
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1640091
TreeView+	depends on / blocked

Reported:	2019-07-18 09:51 UTC by Christian Heimes
Modified:	2019-11-25 07:49 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Fedora Pagure	freeipa issue 7739	None	None	None	2019-07-18 09:51:58 UTC
Github	rthalley dnspython issues 339	'None'	closed	Name.to_unicode does not escape special chars	2020-02-17 14:33:30 UTC

Description Christian Heimes 2019-07-18 09:51:59 UTC

Description of problem:
dns.name.Name 's to_unicode() method has a bug. It escapes special characters to wrong way. In DNS the email address admin.1@example.com is encoded as admin\.1.example.com. The to_unicode() method drops the quoting and turns the email address into admin@1.example.com (encoded admin.1.example.com).

The issue causes problems with IdM and breaks ipa dnszone-show command.

Version-Release number of selected component (if applicable):
python3-dns-1.15.0

How reproducible:
always

Steps to Reproduce:
$ python3
>>> import dns.name
>>> name = dns.name.from_text("admin\\.1.example.com")
>>> name
<DNS name admin\.1.example.com.>
>>> name.to_text()
'admin\\.1.example.com.'
>>> name.to_unicode()
'admin.1.example.com.'


Actual results:
name.to_unicode() returns 'admin.1.example.com.'

Expected results:
'admin\\.1.example.com.'

Additional info:
Upstream fix https://github.com/rthalley/dnspython/commit/c76aa6ac9969447220c8e807aa1e5640a6c12924

Comment 1 Christian Heimes 2019-07-18 10:01:07 UTC

The fix has been in upstream master for a while. Upstream has retired 1.x release series in favor of 2.0 with Python 3-only support. It may be necessary to backport the fix to 1.5 manually and maintain a patch.

Comment 2 Lumír Balhar 2019-08-28 11:47:55 UTC

I am going to take a look.

We have the reproducer available so it should be easy to test the fix and I am going to backport.

Comment 3 Lumír Balhar 2019-08-28 12:32:44 UTC

I've managed to backport the upstream patch to version 1.15 (RHEL8).

Scratch build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23218020
Commit (my fork, rhel-8.1.é branch): https://src.osci.redhat.com/fork/lbalhar/rpms/python-dns/commits/rhel-8.1.0

Verification
Old version:

# rpm -qi python3-dns
Name        : python3-dns
Version     : 1.15.0
Release     : 8.el8

# python3
Python 3.6.8 (default, Aug  6 2019, 19:43:07) 
[GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import dns.name
>>> name = dns.name.from_text("admin\\.1.example.com")
>>> name
<DNS name admin\.1.example.com.>
>>> name.to_text()
'admin\\.1.example.com.'
>>> name.to_unicode()
'admin.1.example.com.'

New version:

# rpm -qi python3-dns
Name        : python3-dns
Version     : 1.15.0
Release     : 9.el8

# python3
Python 3.6.8 (default, Aug  6 2019, 19:43:07) 
[GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import dns.name
>>> name = dns.name.from_text("admin\\.1.example.com")
>>> name
<DNS name admin\.1.example.com.>
>>> name.to_text()
'admin\\.1.example.com.'
>>> name.to_unicode()
'admin\\.1.example.com.'

Everything is ready and tested on RHEL 8.1 so the fix has to wait until there will be a branch for RHEL 8.2. But it's already ready for a review.

The backported patch also contains one new test for to_unicode() method and a lot of existing tests are already there so I think that no new tests are needed from QA.

Comment 5 Lumír Balhar 2019-10-16 04:55:17 UTC

Pull request is ready for review here: https://src.osci.redhat.com/rpms/python-dns/pull-request/2

The test is also backported in `tests/test_name.py` function `testToText12`.

Comment 6 Lumír Balhar 2019-10-22 12:59:55 UTC

PR merged. Build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=24188082

Comment 8 Lumír Balhar 2019-10-23 13:44:24 UTC

Before I'll be able to add the build to the errata, I need to enable gating.

Gating configuration PR: https://src.osci.redhat.com/rpms/python-dns/pull-request/3
Beaker test configuration change and prove that it works well for this bug: https://src.osci.redhat.com/tests/python-dns/pull-request/1

Could you please help me to enable gating for this component?

Comment 9 Tomas Orsava 2019-10-24 10:52:14 UTC

Lumir, please also provide the command to start only the relevant upstream test that fixes the issue, so that QE can make a Regression test case for it.

Comment 10 Lumír Balhar 2019-10-25 05:11:17 UTC

Both PRs from comment#8 merged, release bumped.

New build (for gating): https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=24238288

Command to run the backported test: python3 -m unittest -v tests.test_name.NameTestCase.testToText12

Comment 12 Jan Houska 2019-11-22 09:03:39 UTC

Beaker run successful. 
https://beaker.engineering.redhat.com/tasks/executed?recipe_task_id=102528691&recipe_task_id=102528684&recipe_task_id=102528742&recipe_task_id=102528701&recipe_task_id=102528718&recipe_task_id=102528708&recipe_task_id=102528735&recipe_task_id=102528725&old_pkg_tasks=102528701,102528735,102528684,102528718&new_pkg_tasks=102528708,102528691,102528742,102528725

Note You need to log in before you can comment on or make changes to this bug.