From 367fcd7454132ed845162eff4f3907a897cd8cac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Mon, 21 Aug 2017 09:18:13 +0200
Subject: [PATCH] [master] Prevent delv from sending bogus queries for provided
 server address

4684.	[bug]		delv could send bogus DNS queries when an explicit
			server address was specified on the command line along
			with -4/-6. [RT #45804]
---
 CHANGES                           |  4 ++++
 bin/delv/delv.c                   | 10 ++++++++--
 bin/tests/system/digdelv/tests.sh | 28 ++++++++++++++++++++++------
 3 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9082881538..de19624254 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4684.	[bug]		delv could send bogus DNS queries when an explicit
+			server address was specified on the command line along
+			with -4/-6. [RT #45804]
+
 4683.	[bug]		Prevent nsupdate from immediately exiting on invalid
 			user input in interactive mode. [RT #28194]
 
diff --git a/bin/delv/delv.c b/bin/delv/delv.c
index d69ea93f6d..40e73dfe0c 100644
--- a/bin/delv/delv.c
+++ b/bin/delv/delv.c
@@ -788,14 +788,20 @@ addserver(dns_client_t *client) {
 
 	ISC_LIST_INIT(servers);
 
-	if (use_ipv4 && inet_pton(AF_INET, server, &in4) == 1) {
+	if (inet_pton(AF_INET, server, &in4) == 1) {
+		if (!use_ipv4) {
+			fatal("Use of IPv4 disabled by -6");
+		}
 		sa = isc_mem_get(mctx, sizeof(*sa));
 		if (sa == NULL)
 			return (ISC_R_NOMEMORY);
 		ISC_LINK_INIT(sa, link);
 		isc_sockaddr_fromin(sa, &in4, destport);
 		ISC_LIST_APPEND(servers, sa, link);
-	} else if (use_ipv6 && inet_pton(AF_INET6, server, &in6) == 1) {
+	} else if (inet_pton(AF_INET6, server, &in6) == 1) {
+		if (!use_ipv6) {
+			fatal("Use of IPv6 disabled by -4");
+		}
 		sa = isc_mem_get(mctx, sizeof(*sa));
 		if (sa == NULL)
 			return (ISC_R_NOMEMORY);
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 2dd820492b..e82b39af15 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -470,20 +470,36 @@ if [ -x ${DELV} ] ; then
   then
     ret=0
     # following should fail because @IPv4 overrides earlier @IPv6 above
-    # and -6 forces IPv6 so this should fail, such as:
-    # ;; getaddrinfo failed: hostname nor servname provided, or not known
-    # ;; resolution failed: not found
-    # note that delv returns success even on lookup failure
-    $DELV $DELVOPTS @fd92:7065:b8e:ffff::3 @10.53.0.3 -6 -t txt foo.example > delv.out.test$n 2>&1 || ret=1
+    # and -6 forces IPv6 so this should fail, with a message
+    # "Use of IPv4 disabled by -6"
+    $DELV $DELVOPTS @fd92:7065:b8e:ffff::3 @10.53.0.3 -6 -t txt foo.example > delv.out.test$n 2>&1
     # it should have no results but error output
     grep "testing" < delv.out.test$n > /dev/null && ret=1
-    grep "getaddrinfo failed:" < delv.out.test$n > /dev/null || ret=1
+    grep "Use of IPv4 disabled by -6" delv.out.test$n > /dev/null || ret=1
     if [ $ret != 0 ]; then echo "I:failed"; fi 
     status=`expr $status + $ret`
   else
     echo "I:IPv6 unavailable; skipping"
   fi
 
+  n=`expr $n + 1`
+  echo "I:checking delv with IPv4 on IPv6 does not work ($n)"
+  if $TESTSOCK6 fd92:7065:b8e:ffff::3 2>/dev/null
+  then
+    ret=0
+    # following should fail because @IPv6 overrides earlier @IPv4 above
+    # and -4 forces IPv4 so this should fail, with a message
+    # "Use of IPv6 disabled by -4"
+    $DELV $DELVOPTS @10.53.0.3 @fd92:7065:b8e:ffff::3 -4 -t txt foo.example > delv.out.test$n 2>&1
+    # it should have no results but error output
+    grep "testing" delv.out.test$n > /dev/null && ret=1
+    grep "Use of IPv6 disabled by -4" delv.out.test$n > /dev/null || ret=1
+    if [ $ret != 0 ]; then echo "I:failed"; fi
+    status=`expr $status + $ret`
+  else
+    echo "I:IPv6 unavailable; skipping"
+  fi
+
   n=`expr $n + 1`
   echo "I:checking delv with reverse lookup works ($n)"
   ret=0