From billf@jade.chc-chimes.com  Thu Dec 24 08:36:06 1998
Received: from jade.chc-chimes.com (jade.chc-chimes.com [206.67.97.83])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA20947
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 24 Dec 1998 08:36:04 -0800 (PST)
          (envelope-from billf@jade.chc-chimes.com)
Received: (from billf@localhost)
	by jade.chc-chimes.com (8.8.8/8.8.8) id LAA02647;
	Thu, 24 Dec 1998 11:36:28 -0500 (EST)
	(envelope-from billf)
Message-Id: <199812241636.LAA02647@jade.chc-chimes.com>
Date: Thu, 24 Dec 1998 11:36:28 -0500 (EST)
From: Bill Fumerola <billf@jade.chc-chimes.com>
Reply-To: billf@jade.chc-chimes.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: host(1) dumps core when improper arguments are passed
X-Send-Pr-Version: 3.2

>Number:         9186
>Category:       bin
>Synopsis:       host(1) dumps core when improper arguments are passed
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 24 08:40:00 PST 1998
>Closed-Date:    Thu Dec 24 20:42:58 PST 1998
>Last-Modified:  Tue Nov 27 19:26:22 PST 2001
>Originator:     Bill Fumerola and Ben Olson
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
Computer Horizons Corp
>Environment:

This bug affects all releases of FreeBSD. 

>Description:

host(1) does not check integers when passed to it's '-t' argument.
The error seems to be in the parsetype() function.

the atoi(s) portion of the function will return whatever number that was given
to parsetype() even if it is invalid. A string will be checked by sym_ston()
(from the libresolv) and if invalid, will eventually return an improper
query type.

Eventually the wrong constant from -t will be used, and the command will
core out.

Also the code assumes that -t has it's child argument follow it. Even if this
is not the case it will still decrement the argument counter "c". 
This also causes segmentation faults, as host(1) tries to read an argument
that does not exist.

Finally, host(1) assumes that if an argument follows the '-t' option, then
a host will also follow, which isn't always the case, this also results in a core.

>How-To-Repeat:

$ host -t foo
Invalid query type: foo
$ host -t 100
Segmentation fault
$ host -t a
Segmentation fault
$ host -t a 206.67.97.83
Name: jade.chc-chimes.com
Address: 206.67.97.83
Aliases:


>Fix:

	
Some error checking code needs to be implmented in the main() code that reads arguments.

Sanity checking code in parseclass() (and probably parsetype()) needs to be added.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed  
State-Changed-By: cwt 
State-Changed-When: Thu Dec 24 20:42:58 PST 1998 
State-Changed-Why:  
host(1) is contributed software.  I forwarded the report to bind-bugs@isc.org. 

From: Bill Fumerola <billf@jade.chc-chimes.com>
To: freebsd-gnats-submit@freebsd.org
Cc:  Subject: re: bin/9186
Date: Sat, 26 Dec 1998 11:00:03 -0500 (EST)

 ---------- Forwarded message ----------
 Date: Fri, 25 Dec 1998 08:24:55 -0800
 From: Paul A Vixie <paul@vix.com>
 To: Chris Timmons <skynyrd@opus.cts.cwu.edu>
 Cc: bind-bugs@isc.org, Bill Fumerola <billf@jade.chc-chimes.com>
 Subject: Re: host(1) dumps core when improper arguments are passed 
 
 fixed in 8.2 (upcoming)
 
>Unformatted:
