Merge branch '403-missing-sanity-check-for-call-to-next_token-in-file-dig-c' into 'master'

Resolve "Missing Sanity Check for call to next_token() in file 'dig.c'" Closes #403 See merge request isc-projects/bind9!504
2018-07-11 14:51:32 -04:00
parent cc9c97fdfc 8ae1774089
commit da3044f2df
3 changed files with 19 additions and 3 deletions
--- a/2
+++ b/2
@@ -1,3 +1,5 @@
+4996.	[bug]		dig: Handle malformed ednsopt options. [GL #403]
+
 4995.	[test]		Add tests for "tcp-self" update policy. [GL !282]

 4994.	[bug]		Trust anchor telemetry queries were not being sent
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1001,14 +1001,20 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 							lookup->ednsoptscnt = 0;
 							break;
 						}
-						if (value == NULL) {
+						code = NULL;
+						if (value != NULL) {
+							code = strtok_r(value,
+								        ":",
+									&last);
+						}
+						if (code == NULL) {
 							warn("ednsopt no "
 							     "code point "
 							     "specified");
 							goto exit_or_usage;
 						}
-						code = strtok_r(value, ":", &last);
-						extra = strtok_r(NULL, "\0", &last);
+						extra = strtok_r(NULL, "\0",
+								 &last);
 						save_opt(lookup, code, extra);
 						break;
 					default:
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -493,6 +493,14 @@ if [ -x ${DIG} ] ; then
  if [ $ret != 0 ]; then echo_i "failed"; fi
  status=`expr $status + $ret`

+  n=`expr $n + 1`
+  echo_i "check that dig handles malformed option '+ednsopt=:' gracefully ($n)"
+  ret=0
+  $DIG $DIGOPTS @10.53.0.3 +ednsopt=: a.example > dig.out.test$n 2>&1 && ret=1
+  grep "ednsopt no code point specified" dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo_i "failed"; fi
+  status=`expr $status + $ret`
+
  n=`expr $n + 1`
  echo_i "check that dig gracefully handles bad escape in domain name ($n)"
  ret=0