Missing Sanity Check for call to next_token() in file 'dig.c'
Bill Parker (wp02855@gmail.com)
Summary
In BIND 9.12.1-P2, in directory 'bin/dig', file 'dig.c', in function 'plus_option' at approximately line 1002, there is a call to next_token() which is not checked for a return value of NULL, which could result in a possible dereference.
Steps to reproduce
N/A
What is the current bug behavior?
Code does not sanity check call(s) to next_token()...
What is the expected correct behavior?
Add test to code to check for return value of NULL.
Relevant configuration files
N/A
Relevant logs and/or screenshots
N/A
Possible fixes
Code Listed Below and Attached to this Issue report:
Add test to code to check for return value of NULL.
--- dig.c.orig 2018-07-10 19:32:16.266716156 -0700 +++ dig.c 2018-07-10 19:35:42.855335607 -0700 @@ -1003,6 +1003,11 @@ goto exit_or_usage; } code = next_token(&value, ":");
-
if (code == NULL) { -
warn("ednsopt not " -
"specified"); -
goto exit_of_usage; -
} save_opt(lookup, code, value); break; default: