Missing Sanity Check for call to next_token() in file 'mdig.c' for BIND 9.12.1-P2

Summary

In BIND 9.12.1-P2, in directory 'bin/tools', file 'mdig.c', in function 'plus_option' at approximately line 1277, there is a call to next_token() which is not checked for a return value of NULL, which could result in a possible dereference.

Steps to reproduce

N/A

What is the current bug behavior?

Code does not sanity check call(s) to next_token()...

What is the expected correct behavior?

Add test to code to check for return value of NULL.

Relevant configuration files

N/A

Relevant logs and/or screenshots

N/A

Possible fixes

Code Listed Below and Attached to this Issue report:

Add test to code to check for return value of NULL.

--- mdig.c.orig 2018-07-11 18:08:00.258246995 -0700 +++ mdig.c 2018-07-11 18:09:38.580418181 -0700 @@ -1278,6 +1278,10 @@ "code point " "specified"); code = next_token(&value, ":");

                                          if (code == NULL)

                                                  fatal("ednsopt no "

                                                        "code point "

                                                        "specified");
                                          save_opt(query, code, value);
                                          break;
                                  default:[mdig.c.patch](/uploads/46e7b964e290ab56d863c6ff845a939a/mdig.c.patch)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information