php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65478 Multi-string DNS records obtained with dns_get_record contain nulls
Submitted: 2013-08-19 16:53 UTC Modified: 2013-08-19 18:55 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: marcus at synchromedia dot co dot uk Assigned:
Status: Open Package: Network related
PHP Version: 5.4.18 OS: OS X
Private report: No CVE-ID: None
View Developer Edit
 [2013-08-19 16:53 UTC] marcus at synchromedia dot co dot uk 
Description:
------------
RFC4408 (SPF records in DNS) http://www.ietf.org/rfc/rfc4408.txt section 3.1.3 
mentions the likely use of RFC1035's provision to allow a DNS record to contain more 
than one string. Specifically it says:

For example:

      IN TXT "v=spf1 .... first" "second string..."

   MUST be treated as equivalent to

      IN TXT "v=spf1 .... firstsecond string..."

PHP's dns_get_record function does NOT work this way - it concatenates the strings, 
but inserts a null (\0) character between them, so in this example it would produce 
this string:

  IN TXT "v=spf1 .... first\0second string..."

This is enough to break things like DKIM. The example code uses the DKIM key for 
google groups.

Notice that the string length in the actual result is off by one: the two entries 
are 183 and 218 chars, which should give 401 when concatenated, but there are 402 
chars in the result. The '\0' is visible in this result, but in some circumstances 
it may not be visible. I've seen this behaviour on all platforms (OS X, Linux) and 
versions (5.3, 5.4) I've tried.

A workaround is to strip the null from the resource record:

$rr = str_replace("\0", '', $rr);

The returned value from the dns_get_record includes the original separate strings 
under the 'entries' key, so there's no benefit in keeping the nulls for the purpose 
of being able to separate the strings.

This bug is related to bug #54821, but is not a dupe of it.

Test script:
---------------
var_dump(dns_get_record("20120806._domainkey.googlegroups.com", DNS_TXT));


Expected result:
----------------
array(1) {
  [0] =>
  array(6) {
    'host' =>
    string(36) "20120806._domainkey.googlegroups.com"
    'class' =>
    string(2) "IN"
    'ttl' =>
    int(4502)
    'type' =>
    string(3) "TXT"
    'txt' =>
    string(401) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV00QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPiua
nUNOX5Jw5Q2H3wcOmBTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBiNR
fPLoMFnMddCQqXYJsJZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    'entries' =>
    array(2) {
      [0] =>
      string(183) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV"
      [1] =>
      string(218) 
"QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPiuanUNOX5Jw5Q2H3wcOm
BTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBiNRfPLoMFnMddCQqXYJs
JZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    }
  }
}


Actual result:
--------------
array(1) {
  [0] =>
  array(6) {
    'host' =>
    string(36) "20120806._domainkey.googlegroups.com"
    'class' =>
    string(2) "IN"
    'ttl' =>
    int(4502)
    'type' =>
    string(3) "TXT"
    'txt' =>
    string(402) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV\000QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPi
uanUNOX5Jw5Q2H3wcOmBTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBi
NRfPLoMFnMddCQqXYJsJZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    'entries' =>
    array(2) {
      [0] =>
      string(183) "k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb2fhKQxJYmlF+PNnOExrd8kRMlV2b/GBb
1mw4vpTGDVS8wD+6k8TEXSSsaS2B4uOrOfKBWBb6lMVbVmi/zy3Jc+YP5XkEt09UtXm4HWeAqgu0arqC
mjH6yhbUGlPipIqV"
      [1] =>
      string(218) 
"QMmWy5jnWJsHioAAN8G5S5t5qrCRzxv7ntDOOUhwEPCIIrfncOgBzF4XdJPiuanUNOX5Jw5Q2H3wcOm
BTKQ3t0ETvPYK/cqpe7rJ+4L06+QKE2kk/WDuHuxtSZbZUo2U6kM56CGxdvBiNRfPLoMFnMddCQqXYJs
JZJHfwBnLQxFwbkZS0idkSWLf8AUKbB0lVWQe4+F0M1CeOj8YimmQIDAQAB"
    }
  }
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-19 18:55 UTC] marcus at synchromedia dot co dot uk 
I've been playing with this some more and discovered it's not quite consistent. 
The concat character seems not to be always null - I've also seen '/' and 'a'. 
I've found a more reliable workaround is to implode the 'entries' array and ignore 
the txt response.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Feb 13 20:01:29 2025 UTC