On 20.10.2012 01:15, Dave Rawks wrote: > On 10/19/2012 12:20 PM, Michael Tokarev wrote: >> >> The new function to verify name validity introduced to fix CVE-2011-0997 >> disallows names with trailing dots. So any domain name ending in a dot >> is rejected and is substituted with "bad" as subject says. >> >> This is questionable - both the usage of names with trailing dot in this >> context (it is not entirely DNS anymore, where trailing dot is obviously >> allowed and perfectly valid), and rejecting of such names. > > I think that rejecting valid and allowed values seems an overreach especially > when there is no consistency with the intention of the "validation" as is > mentioned in the code comment. IMHO, It seems not so much a questionable > behavior as an incorrect one.
Again: whenever this trailing dot is "allowed" in this place is an open question, at least it is a corner case which can be treated either way. And I don't have clear opinion on this -- to me, isc-dhcp behavour is wrong, for reasons already stated. /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
