From 837103fdd7074efbb6f091996fac85318fe24cc2 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Fri, 28 Sep 2018 23:43:04 +0200
Subject: [PATCH 1/2] catch exceptions of dns.tsigkeyring.from_text(), fixes
 #338, fixes #319

---
 nsupdate/main/dnstools.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/nsupdate/main/dnstools.py b/nsupdate/main/dnstools.py
index 4daff10..b5ca64a 100644
--- a/nsupdate/main/dnstools.py
+++ b/nsupdate/main/dnstools.py
@@ -16,6 +16,7 @@ UPDATE_TIMEOUT = float(os.environ.get('DNS_UPDATE_TIMEOUT', '20.0'))
 UNAVAILABLE_RETRY = 120.0
 
 
+import binascii
 import time
 from datetime import timedelta
 from collections import namedtuple
@@ -332,9 +333,13 @@ def update_ns(fqdn, rdtype='A', ipaddr=None, action='upd', ttl=60):
     assert isinstance(fqdn, FQDN)
     assert action in ['add', 'del', 'upd', ]
     nameserver, nameserver2, origin, domain, name, keyname, key, algo = get_ns_info(fqdn)
-    upd = dns.update.Update(origin,
-                            keyring=dns.tsigkeyring.from_text({keyname: key}),
-                            keyalgorithm=algo)
+    try:
+        keyring = dns.tsigkeyring.from_text({keyname: key})
+    except (UnicodeError, binascii.Error) as e:
+        msg = "Exception when building keyring for %s: [%s]" % (keyname, str(e))
+        logger.error(msg)
+        raise DnsUpdateError(msg)
+    upd = dns.update.Update(origin, keyring=keyring, keyalgorithm=algo)
     if action == 'add':
         assert ipaddr is not None
         upd.add(name, ttl, rdtype, ipaddr)

From 7e868de69716c45ae30adf6282e2a6a9431f6ce4 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Sat, 29 Sep 2018 00:10:01 +0200
Subject: [PATCH 2/2] use same cleaning for the secret in
 (Create|Edit)DomainForm, see #338

---
 nsupdate/main/forms.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nsupdate/main/forms.py b/nsupdate/main/forms.py
index 7fa6e8c..7944198 100644
--- a/nsupdate/main/forms.py
+++ b/nsupdate/main/forms.py
@@ -63,6 +63,14 @@ class CreateDomainForm(forms.ModelForm):
 
 
 class EditDomainForm(forms.ModelForm):
+    def clean_nameserver_update_secret(self):
+        secret = self.cleaned_data['nameserver_update_secret']
+        try:
+            binascii.a2b_base64(secret.encode(encoding="ascii", errors="strict"))
+        except (binascii.Error, UnicodeEncodeError):
+            raise forms.ValidationError(_("Enter a valid secret in base64 format."), code='invalid')
+        return secret
+
     def clean(self):
         cleaned_data = super(EditDomainForm, self).clean()