Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: William Ahern <william <at> 25thandClement.com>
Subject: Grammar Requires Backtracking
Newsgroups: gmane.mail.spam.spf.devel
Date: Saturday 17th April 2010 19:50:48 UTC (over 7 years ago)
Is anyone else bothered by the fact that the grammar requires backtracking?
Specifically, because a domain-spec can include forward slashes, and
because
some of the terms allow cidr masks after a domain-spec, you have to support
backtracking.

Frankly I'm not sure I want to bother supporting this. I use Ragel to parse
the policies, which is a pure regular langage parser generator. I could use
Ragel's scanner feature, or just hack the support, but as a general rule I
don't like backtracking grammars for untrusted input.

Perhaps it would have been wise to have included a %-encoded forward-slash,
as was done for spaces.

Anybody open to such an amendment?

My asynchronous spf.c library passes 90% of the 2009.10 OpenSPF test suite
(I can't yet simulate timeouts to pass the TempError tests). Many, many
thanks to those who put in the time and effort to write those test
specifications.

I gratuitously wrote an RFC 1035 master file parser and composer in C (w/
Ragel), and am of course parsing the YAML tests from C (w/ libyaml). So if
anybody was waiting for the ability to generate zone files from the test
suite, it's all but done--rfc4408-tests.c in my regress/ directory already
spits out the zones files, the code would just need to be tweaked to output
them in a more useful manner than as part of the debug output for failed
tests.
 
CD: 3ms