ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Merge branch '653-idnout-only-on-tty-v9_11' into 'v9_11'

Browse Source 
Enable idnout output only on tty, disable it when the stdout is not a tty

See merge request isc-projects/bind9!984
This commit is contained in:
Mark Andrews
2018-11-06 19:50:15 -05:00
parent 67401ba29c 0dd034d66b
commit 93efc4724f
7 changed files with 61 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
5079. [func] Disable IDN processing in dig and nslookup
when not on a tty. [GL #653]
5078. [cleanup] Require python components to be explicitly disabled if
python is not available on unix platforms. [GL #601]

6
bin/dig/dig.c
View File

@@ -193,8 +193,10 @@ help(void) {
" +[no]fail (Don't try next server on SERVFAIL)\n"
" +[no]header-only (Send query without a question section)\n"
" +[no]identify (ID responders in short answers)\n"
" +[no]idnin (Parse IDN names)\n"
" +[no]idnout (Convert IDN response)\n"
#ifdef HAVE_LIBIDN2
" +[no]idnin (Parse IDN names [default=on on tty])\n"
" +[no]idnout (Convert IDN response [default=on on tty])\n"
#endif
" +[no]ignore (Don't revert to TCP for TC responses.)\n"
" +[no]keepopen (Keep the TCP socket open between queries)\n"
" +[no]mapped (Allow mapped IPv4 over IPv6)\n"

16
bin/dig/dig.docbook
View File

@@ -789,7 +789,13 @@
<para>
Process [do not process] IDN domain names on input.
This requires IDN SUPPORT to have been enabled at
compile time. The default is to process IDN input.
compile time.
</para>
<para>
The default is to process IDN input when standard output
is a tty. The IDN processing on input is disabled when
dig output is redirected to files, pipes, and other
non-tty file descriptors.
</para>
</listitem>
</varlistentry>
@@ -800,7 +806,13 @@
<para>
Convert [do not convert] puny code on output.
This requires IDN SUPPORT to have been enabled at
compile time. The default is to convert output.
compile time.
</para>
<para>
The default is to process puny code on output when
standard output is a tty. The puny code processing on
output is disabled when dig output is redirected to
files, pipes, and other non-tty file descriptors.
</para>
</listitem>
</varlistentry>

4
bin/dig/dighost.c
View File

@@ -824,12 +824,12 @@ make_empty_lookup(void) {
looknew->seenbadcookie = false;
looknew->badcookie = true;
#ifdef WITH_IDN_SUPPORT
looknew->idnin = true;
looknew->idnin = isatty(1)?(getenv("IDN_DISABLE") == NULL):false;
#else
looknew->idnin = false;
#endif
#ifdef WITH_IDN_OUT_SUPPORT
looknew->idnout = true;
looknew->idnout = looknew->idnin;
#else
looknew->idnout = false;
#endif

16
bin/dig/nslookup.docbook
View File

@@ -478,6 +478,22 @@ nslookup -query=hinfo -timeout=10
</para>
</refsection>
<refsection><info><title>IDN SUPPORT</title></info>
<para>
If <command>nslookup</command> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
<command>nslookup</command> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, define
the <envar>IDN_DISABLE</envar> environment variable.
The IDN support is disabled if the variable is set when
<command>nslookup</command> runs or when the standard output is not
a tty.
</para>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/resolv.conf</filename>

24
bin/tests/system/idna/tests.sh
View File

@@ -185,11 +185,11 @@ idna_enabled_test() {
# Note that ASCII characters are converted to lower-case.
text="Checking valid non-ASCII label"
idna_test "$text" "" "München" "nchen."
idna_test "$text" "" "München" "M\195\188nchen."
idna_test "$text" "+noidnin +noidnout" "München" "M\195\188nchen."
idna_test "$text" "+noidnin +idnout" "München" "M\195\188nchen."
idna_test "$text" "+idnin +noidnout" "München" "xn--mnchen-3ya."
idna_test "$text" "+idnin +idnout" "München" "münchen."
idna_test "$text" "+idnin +idnout" "München" "münchen."
# Tests of transitional processing of a valid U-label
@@ -210,7 +210,7 @@ idna_enabled_test() {
# for the valid U-label.
text="Checking that non-transitional IDNA processing is used"
idna_test "$text" "" "faß.de" "faß.de."
idna_test "$text" "" "faß.de" "fa\195\159.de."
idna_test "$text" "+noidnin +noidnout" "faß.de" "fa\195\159.de."
idna_test "$text" "+noidnin +idnout" "faß.de" "fa\195\159.de."
idna_test "$text" "+idnin +noidnout" "faß.de" "xn--fa-hia.de."
@@ -220,11 +220,11 @@ idna_enabled_test() {
# onto the Greek sigma character ("σ") in IDNA2003.
text="Second check that non-transitional IDNA processing is used"
idna_test "$text" "" "βόλος.com" "βόλος.com."
idna_test "$text" "" "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
idna_test "$text" "+noidnin +noidnout" "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
idna_test "$text" "+noidnin +idnout" "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
idna_test "$text" "+idnin +noidnout" "βόλος.com" "xn--nxasmm1c.com."
idna_test "$text" "+idnin +idnout" "βόλος.com" "βόλος.com."
idna_test "$text" "+idnin +idnout" "βόλος.com" "βόλος.com."
@@ -238,9 +238,9 @@ idna_enabled_test() {
# The "+[no]idnin" flag has no effect in these cases.
text="Checking valid A-label"
idna_test "$text" "" "xn--nxasmq6b.com" "βόλοσ.com."
idna_test "$text" "" "xn--nxasmq6b.com" "xn--nxasmq6b.com."
idna_test "$text" "+noidnin +noidnout" "xn--nxasmq6b.com" "xn--nxasmq6b.com."
idna_test "$text" "+noidnin +idnout" "xn--nxasmq6b.com" "βόλοσ.com."
idna_test "$text" "+noidnin +idnout" "xn--nxasmq6b.com" "βόλοσ.com."
idna_test "$text" "+idnin +noidnout" "xn--nxasmq6b.com" "xn--nxasmq6b.com."
idna_test "$text" "+idnin +idnout" "xn--nxasmq6b.com" "βόλοσ.com."
@@ -259,7 +259,7 @@ idna_enabled_test() {
# a shorter label is detected and rejected.
text="Checking punycode label shorter than minimum valid length"
idna_fail "$text" "" "xn--xx"
idna_test "$text" "" "xn--xx" "xn--xx."
idna_test "$text" "+noidnin +noidnout" "xn--xx" "xn--xx."
idna_fail "$text" "+noidnin +idnout" "xn--xx"
idna_fail "$text" "+idnin +noidnout" "xn--xx"
@@ -268,7 +268,7 @@ idna_enabled_test() {
# Fake A-label - the string does not translate to anything.
text="Checking fake A-label"
idna_fail "$text" "" "xn--ahahah"
idna_test "$text" "" "xn--ahahah" "xn--ahahah."
idna_test "$text" "+noidnin +noidnout" "xn--ahahah" "xn--ahahah."
idna_fail "$text" "+noidnin +idnout" "xn--ahahah"
idna_fail "$text" "+idnin +noidnout" "xn--ahahah"
@@ -285,7 +285,7 @@ idna_enabled_test() {
idna_fail "$text" "+idnin +noidnout" "$label"
idna_fail "$text" "+idnin +idnout" "$label"
# Tests of a valid unicode string but an invalid U-label (input)
@@ -299,7 +299,7 @@ idna_enabled_test() {
# The +[no]idnout options should not have any effect on the test.
text="Checking invalid input U-label"
idna_fail "$text" "" "🧦.com"
idna_test "$text" "" "🧦.com" "\240\159\167\166.com."
idna_test "$text" "+noidnin +noidnout" "🧦.com" "\240\159\167\166.com."
idna_test "$text" "+noidnin +idnout" "🧦.com" "\240\159\167\166.com."
idna_fail "$text" "+idnin +noidnout" "🧦.com"
@@ -319,7 +319,7 @@ idna_enabled_test() {
# The +[no]idnin options should not have any effect on the test.
text="Checking invalid output U-label"
idna_fail "$text" "" "xn--19g"
idna_test "$text" "" "xn--19g" "xn--19g."
idna_test "$text" "+noidnin +noidnout" "xn--19g" "xn--19g."
idna_fail "$text" "+noidnin +idnout" "xn--19g"
idna_test "$text" "+idnin +noidnout" "xn--19g" "xn--19g."

10
doc/arm/notes.xml
View File

@@ -180,6 +180,16 @@
option. [GL #105]
</para>
</listitem>
<listitem>
<para>
When compiled with IDN support, the <command>dig</command> and the
<command>nslookup</command> commands now disable IDN processing when
the standard output is not a tty (e.g. not used by human). The command
line options +idnin and +idnout need to be used to enable IDN
processing when <command>dig</command> or <command>nslookup</command>
is used from the shell scripts.
</para>
</listitem>
</itemizedlist>
</section>