julian at mehnle
Apr 27, 2010, 3:11 AM
Post #5 of 5
-----BEGIN PGP SIGNED MESSAGE-----
William Ahern wrote:
> Is anyone else bothered by the fact that the grammar requires
> backtracking? Specifically, because a domain-spec can include forward
> slashes, and because some of the terms allow cidr masks after a
> domain-spec, you have to support backtracking.
> Frankly I'm not sure I want to bother supporting this. I use Ragel to
> parse the policies, which is a pure regular langage parser generator. I
> could use Ragel's scanner feature, or just hack the support, but as a
> general rule I don't like backtracking grammars for untrusted input.
> Perhaps it would have been wise to have included a %-encoded
> forward-slash, as was done for spaces.
> Anybody open to such an amendment?
For "v=spf1" it's never going to happen because it would invalidate a
portion of the existing records.
For another revision of SPF the sky is the limit.
FWIW, I don't understand why you insist on using a 3rd party library for
parsing the SPF grammar. The grammar is rather trivial, really, despite
the need for backtracking.
Or perhaps I'm talking out of my ass because I mostly use languages with
built-in regular expression engines (with backtracking support). Then
again, there's pcre. :-)
> My asynchronous spf.c library passes 90% of the 2009.10 OpenSPF test
> suite (I can't yet simulate timeouts to pass the TempError tests).
> Many, many thanks to those who put in the time and effort to write
> those test specifications.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
RSS Feed: https://www.listbox.com/member/archive/rss/1007/
Powered by Listbox: http://www.listbox.com