From adrian@celt.neuro.virginia.edu  Wed Nov 13 19:40:29 1996
Received: from celt.neuro.virginia.edu (celt.neuro.Virginia.EDU [128.143.244.161])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id TAA09259
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 13 Nov 1996 19:38:47 -0800 (PST)
Received: (from adrian@localhost) by celt.neuro.virginia.edu (8.6.12/8.6.12) id WAA13138; Wed, 13 Nov 1996 22:06:59 -0500
Message-Id: <199611140306.WAA13138@celt.neuro.virginia.edu>
Date: Wed, 13 Nov 1996 22:06:59 -0500
From: adrian@virginia.edu
Reply-To: adrian@virginia.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: patch for dig 
X-Send-Pr-Version: 3.2

>Number:         2005
>Category:       bin
>Synopsis:       Poor command line argument checking and bad "ping" arguments.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 13 19:50:03 PST 1996
>Closed-Date:    Sat May 23 02:15:08 PDT 1998
>Last-Modified:  Sat May 23 02:15:41 PDT 1998
>Originator:     Adrian Filipi-Martin
>Release:        FreeBSD 2.1.5-RELEASE i386
>Organization:
University of Virginia
>Environment:

	

>Description:

	The /usr/bin/dig program does not check that arguments are
	present for command line flags that require them.

	It also passes incompatible flags to the ping command when the -P
	option is used.

	The documentation also reflects this last problem.

How-To-Repeat: 

	: adrian@lorax; dig -p
	Segmentation fault (core dumped)
	: adrian@lorax; dig -P localhost
	
	; <<>> DiG 2.1 <<>> -P localhost 
	;; res options: init recurs defnam dnsrch
	;; got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6
	;; flags: qr aa rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
	;; QUESTIONS:
	;;      localhost, type = A, class = IN
	
	;; AUTHORITY RECORDS:
	.       86400   SOA     A.ROOT-SERVERS.NET. hostmaster.INTERNIC.NET. (
	                        1996111100      ; serial
	                        10800   ; refresh (3 hours)
	                        900     ; retry (15 mins)
	                        604800  ; expire (7 days)
	                        86400 ) ; minimum (1 day)
	
	;; Total query time: 99 msec
	;; FROM: lorax.neuro.virginia.edu to SERVER: default -- 128.143.2.7
	;; WHEN: Wed Nov 13 21:48:29 1996
	;; MSG SIZE  sent: 27  rcvd: 100
	usage: ping [-Rdfnqrv] [-c count] [-i wait] [-l preload]
	        [-p pattern] [-s packetsize] host

	: adrian@lorax; 


>How-To-Repeat:
>Fix:
	
	Apply the following _two_ patches:

<<<<<<<<<<<-----cut--here---for---dig.c.patch-----
*** dig.c.orig	Wed Aug 30 00:06:06 1995
--- dig.c	Wed Nov 13 22:15:34 1996
***************
*** 409,418 ****
  
  			if (**argv == '-') {
  				switch (argv[0][1]) {
! 				case 'T': wait = atoi(*++argv);
  					break;
  				case 'c':
! 					if ((tmp = atoi(*++argv))
  					    || *argv[0]=='0') {
  						queryClass = tmp;
  					} else if (tmp = StringToClass(*argv,
--- 409,427 ----
  
  			if (**argv == '-') {
  				switch (argv[0][1]) {
! 				case 'T':
! 				        if (*++argv == 0) {
! 				                Usage();
! 						exit(1);
! 					}
! 					wait = atoi(*argv);
  					break;
  				case 'c':
! 				        if (*++argv == 0) {
! 				                Usage();
! 						exit(1);
! 					}
! 					if ((tmp = atoi(*argv))
  					    || *argv[0]=='0') {
  						queryClass = tmp;
  					} else if (tmp = StringToClass(*argv,
***************
*** 426,432 ****
  					}
  					break;
  				case 't':
! 					if ((tmp = atoi(*++argv))
  					    || *argv[0]=='0') {
  						queryType = tmp;
  						qtypeSet++;
--- 435,445 ----
  					}
  					break;
  				case 't':
! 				        if (*++argv == 0) {
! 				                Usage();
! 						exit(1);
! 					}
! 					if ((tmp = atoi(*argv))
  					    || *argv[0]=='0') {
  						queryType = tmp;
  						qtypeSet++;
***************
*** 447,456 ****
  						qtypeSet++;
  					}
  					if (!(addrc = *++argv)) {
! 						printf(
! 						       "; no arg for -x?\n"
! 						       );
! 						break;
  					}
  					addrend = addrc + strlen(addrc);
  					if (*addrend == '.')
--- 460,467 ----
  						qtypeSet++;
  					}
  					if (!(addrc = *++argv)) {
! 				                Usage();
! 						exit(1);
  					}
  					addrend = addrc + strlen(addrc);
  					if (*addrend == '.')
***************
*** 464,475 ****
  					strcat(domain, addrc);
  					strcat(domain, ".in-addr.arpa.");
  					break;
! 				case 'p': port = htons(atoi(*++argv)); break;
  				case 'P':
  					if (argv[0][2] != '\0')
  						strcpy(pingstr,&argv[0][2]);
  					else
  						strcpy(pingstr,"ping -s");
  					break;
  #if defined(__RES) && (__RES >= 19931104)
  				case 'n':
--- 475,495 ----
  					strcat(domain, addrc);
  					strcat(domain, ".in-addr.arpa.");
  					break;
! 				case 'p': 
! 				        if (*++argv == 0) {
! 				                Usage();
! 						exit(1);
! 					}
! 					port = htons(atoi(*argv)); break;
  				case 'P':
  					if (argv[0][2] != '\0')
  						strcpy(pingstr,&argv[0][2]);
  					else
+ #if defined(__FreeBSD__)
+ 						strcpy(pingstr,"ping");
+ #else
  						strcpy(pingstr,"ping -s");
+ #endif /*__FreeBSD__*/
  					break;
  #if defined(__RES) && (__RES >= 19931104)
  				case 'n':
***************
*** 689,696 ****
--- 709,721 ----
   *   Would necessitate root priviledges for icmp port though!
   */
  		if (*pingstr) {
+ #if defined(__FreeBSD__)
+ 			sprintf(doping,"%s -s 56 -c 3 %s | tail -3",pingstr,
+ 				(srv==NULL)?(defsrv+10):srv);
+ #else
  			sprintf(doping,"%s %s 56 3 | tail -3",pingstr,
  				(srv==NULL)?(defsrv+10):srv);
+ #endif /*__FreeBSD__*/
  			system(doping);
  		}
  		putchar('\n');
<<<<<<<<<<<-----cut--here---for---dig.1.patch-----
*** dig.1.orig	Wed Nov 13 22:21:35 1996
--- dig.1	Wed Nov 13 22:19:51 1996
***************
*** 195,204 ****
  three lines of statistics is printed for the
  command:
  .sp 1
! 	ping \-s server_name 56 3
  .sp 1
  If the optional "ping string" is present, it
! replaces "ping \-s" in the shell command.
  .IP "\-t \fIquery-type\fP"
  Specify type of query. May specify either an
  integer value to be included in the type field
--- 195,204 ----
  three lines of statistics is printed for the
  command:
  .sp 1
! 	ping \-s 56 \-c 3 server_name 
  .sp 1
  If the optional "ping string" is present, it
! replaces "ping" in the shell command.
  .IP "\-t \fIquery-type\fP"
  Specify type of query. May specify either an
  integer value to be included in the type field
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Sat May 23 02:15:08 PDT 1998 
State-Changed-Why:  
problems with "dig" should be reported to the BIND maintainers (www.vix.com) 

Sorry about the late reaction to this PR. 
>Unformatted:
