NoMethod error when dnsruby tries to parse an invalid CAA record

nsmethwick-fastly commented 2 weeks ago

I noticed that dnsruby throws an error when it tries to parse CAA records that are formatted incorrectly. I saw this when checking a CAA record with the property tag and property value swapped around ("ca.example.com" issue). I also noticed this happens if the property tag is incorrectly capitalized (Issue instead of issue):

kdig +bufsize=1280 @8.8.8.8 -t CAA buda.com
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 44583
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 15; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; buda.com.                IN  CAA
;; ANSWER SECTION:
buda.com.               451 IN  CAA 0 comodoca.com "issue"
buda.com.               451 IN  CAA 0 comodoca.com "issuewild"
buda.com.               451 IN  CAA 0 digicert.com "issue"
buda.com.               451 IN  CAA 0 digicert.com "issuewild"
buda.com.               451 IN  CAA 0 issue "comodoca.com"
buda.com.               451 IN  CAA 0 issue "digicert.com; cansignhttpexchanges=yes"
buda.com.               451 IN  CAA 0 issue "letsencrypt.org"
buda.com.               451 IN  CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
buda.com.               451 IN  CAA 0 issuewild "comodoca.com"
buda.com.               451 IN  CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"
buda.com.               451 IN  CAA 0 issuewild "letsencrypt.org"
buda.com.               451 IN  CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
buda.com.               451 IN  CAA 0 letsencrypt.com "issue"
buda.com.               451 IN  CAA 0 letsencrypt.com "issuewild"
buda.com.               451 IN  CAA 0 platform@buda.com "iodef"

The output also suggests there might be a thread issue though I am not sure if it is related:

resolver.query("buda.com", "CAA")

<Thread:0x0000000116149828 /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:69 run> terminated with exception (report_on_exception is true):
/Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:625:in `block in send_exception_to_client': undefined method `client_queue' for nil:NilClass (NoMethodError)
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:624:in `synchronize'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:624:in `send_exception_to_client'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:569:in `rescue in get_incoming_data'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:513:in `get_incoming_data'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:280:in `block in process_ready'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:275:in `each'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:275:in `process_ready'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:219:in `do_select'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:69:in `block (2 levels) in initialize'
/Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/resource/CAA.rb:47:in `from_string': undefined method `[]' for nil:NilClass (NoMethodError)
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/resource/RR.rb:113:in `initialize'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/resource/CAA.rb:68:in `new'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/resource/CAA.rb:68:in `decode_rdata'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/decoder.rb:171:in `block in get_rr'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/decoder.rb:53:in `get_length16'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/decoder.rb:171:in `get_rr'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/message.rb:574:in `block (2 levels) in decode'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/message.rb:573:in `times'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/message.rb:573:in `block in decode'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/decoder.rb:20:in `initialize'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/message.rb:567:in `new'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/message/message.rb:567:in `decode'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:514:in `get_incoming_data'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:280:in `block in process_ready'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:275:in `each'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:275:in `process_ready'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:219:in `do_select'
    from /Users/nsmethwick/.gem/ruby/3.0.5/gems/dnsruby-1.72.1/lib/dnsruby/select_thread.rb:69:in `block (2 levels) in initialize'

I took a stab at raising an error that can be handled in this PR, let me know if I am on the right track or if you need more information.

SirRawlins commented 2 weeks ago

@nsmethwick-fastly wow, this is a striking coincidence, I've stumbled across the exact same bug this evening, and by "exact same" I really do mean it, we too were trying to resolve the CAA record on buda.com 😅

alexdalitz commented 2 weeks ago

Ok - I’ll make a new release when I’m back to a laptop.Apologies for the inconvenience, and thanks for your report!Alex.Sent from my iPhoneOn 21 Jun 2024, at 19:56, Robert Rawlins @.***> wrote: @nsmethwick-fastly wow, this is a striking coincidence, I've stumbled across the exact same bug this evening, and by "exact same" I really do mean it, we too were trying to resolve the CAA record on buda.com 😅

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>

SirRawlins commented 1 week ago

@alexdalitz no worries Alex, there's no immediate pressure to get this issue fixed, as I've worked with my contact at buda.com and they've now tidied up the records on their domain.

If you need any additional information or help let me know.

alexdalitz / dnsruby

NoMethod error when dnsruby tries to parse an invalid CAA record #195