From f0d9104e562af968b3a8a8b836abee632b4335c4 Mon Sep 17 00:00:00 2001
From: Philippe Pittoli <karchnu@karchnu.fr>
Date: Tue, 10 Dec 2024 13:08:10 +0100
Subject: [PATCH] Fix CAA entries: escape double quotes (and forbid them in new
 entries).

---
 src/storage/zone.cr | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/storage/zone.cr b/src/storage/zone.cr
index 3538f10..e2ef257 100644
--- a/src/storage/zone.cr
+++ b/src/storage/zone.cr
@@ -766,11 +766,11 @@ class DNSManager::Storage::Zone
 		def to_s(io : IO)
 			io << "(#{ "%4d" % @rrid }) "
 			io << "#{ "%.30s" % @name} #{ "%6d" % @ttl} CAA "
-			io << "#{ "%.3s" % @caa.flag} #{ "%.15s" % @caa.tag} #{quoted_string @caa.value}\n"
+			io << "#{ "%.3s" % @caa.flag} #{ "%.15s" % @caa.tag} #{quoted_string escape_double_quotes @caa.value}\n"
 		end
 
 		def to_bind9(io : IO)
-			io << "#{@name} #{@ttl} IN CAA #{@caa.flag} #{@caa.tag.to_s.downcase} #{quoted_string @caa.value}\n"
+			io << "#{@name} #{@ttl} IN CAA #{@caa.flag} #{@caa.tag.to_s.downcase} #{quoted_string escape_double_quotes @caa.value}\n"
 		end
 
 		def get_errors : Array(Error)
@@ -784,6 +784,11 @@ class DNSManager::Storage::Zone
 				errors << "CAA invalid ttl: #{@ttl}, shouldn't be less than #{Zone.ttl_limit_min}"
 			end
 
+			# This is an arbitrary limitation, we don't want people crashing their zones without knowing it.
+			if @caa.value.includes? '"'
+				errors << "CAA value contains double quotes"
+			end
+
 			# TODO: rest of the errors.
 
 			errors