From 408bcf9c070c202c3d39eacd902bd4e79a8e9a51 Mon Sep 17 00:00:00 2001
From: Bill Parker <wp02855@gmail.com>
Date: Wed, 11 Jul 2018 13:48:08 +1000
Subject: [PATCH 1/3] check code is non NULL

---
 bin/dig/dig.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 5b4e8a78c2..a09263f46e 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1001,14 +1001,20 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 							lookup->ednsoptscnt = 0;
 							break;
 						}
-						if (value == NULL) {
+						code = NULL;
+						if (value != NULL) {
+							code = strtok_r(value,
+								        ":",
+									&last);
+						}
+						if (code == NULL) {
 							warn("ednsopt no "
 							     "code point "
 							     "specified");
 							goto exit_or_usage;
 						}
-						code = strtok_r(value, ":", &last);
-						extra = strtok_r(NULL, "\0", &last);
+						extra = strtok_r(NULL, "\0",
+								 &last);
 						save_opt(lookup, code, extra);
 						break;
 					default:

From ad86878d61c78aa7a90a420783227a90d6c4222f Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 11 Jul 2018 13:49:26 +1000
Subject: [PATCH 2/3] add test for bad dig option '+ednsopt=:' being handled
 gracefully

---
 bin/tests/system/digdelv/tests.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 080d38e037..fa80a91019 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -493,6 +493,14 @@ if [ -x ${DIG} ] ; then
   if [ $ret != 0 ]; then echo_i "failed"; fi
   status=`expr $status + $ret`
 
+  n=`expr $n + 1`
+  echo_i "check that dig handles malformed option '+ednsopt=:' gracefully ($n)"
+  ret=0
+  $DIG $DIGOPTS @10.53.0.3 +ednsopt=: a.example > dig.out.test$n 2>&1 && ret=1
+  grep "ednsopt no code point specified" dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo_i "failed"; fi
+  status=`expr $status + $ret`
+
   n=`expr $n + 1`
   echo_i "check that dig gracefully handles bad escape in domain name ($n)"
   ret=0

From 8ae177408913c23a9b014bdf9d90e6e9c44d71dc Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Wed, 11 Jul 2018 11:43:18 -0700
Subject: [PATCH 3/3] CHANGES

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 19a39a4949..77989f410e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+4996.	[bug]		dig: Handle malformed ednsopt options. [GL #403]
+
 4995.	[test]		Add tests for "tcp-self" update policy. [GL !282]
 
 4994.	[bug]		Trust anchor telemetry queries were not being sent