Bug 226575

Comment 1 Maxim Konovalov 2018-03-16 09:46:53 UTC

Hello,

I must admit that now I need to visit a doctor to check my eyes after reading drill.c.

Here is a rather simple and admittedly naive and incomplete band-aid:

Index: drill.c
===================================================================
--- drill.c     (revision 325887)
+++ drill.c     (working copy)
@@ -695,6 +695,7 @@ main(int argc, char *argv[])
                        break;
                case DRILL_REVERSE:
                        /* ipv4 or ipv6 addr? */
+printf("name %s\n", name);
                        if (strchr(name, ':')) {
                                if (strchr(name, '.')) {
                                        error("Syntax error: both '.' and ':' seen in address\n");
@@ -747,6 +748,9 @@ main(int argc, char *argv[])
                                free(name2);
                        } else {
                                qname = ldns_dname_new_frm_str(name);
+                               if (!qname) {
+                                       error("%s", "-x implies an ip address");
+                               }
                                qname_tmp = ldns_dname_reverse(qname);
                                ldns_rdf_deep_free(qname);
                                qname = qname_tmp;

%%%

I see a number of other equally suspicious places but unfortunately cannot invest more time into.

Sorry for that.

Maxim

Comment 2 Maxim Konovalov 2018-03-16 09:49:16 UTC

Oops, please ignore the first chunk in the patch above.

Comment 3 Oleksandr Tymoshenko 2019-01-15 22:38:18 UTC

Drill is a contrib code. I forwarded  report to the upstream bugzilla: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4221

This bug is in 12, too. Is there something I can do to help? Send patch, or send for review or something?

Comment 5 Oleksandr Tymoshenko 2020-06-22 22:39:00 UTC

(In reply to Goran Mekić from comment #4)

Thanks for reminding. I think I'll just cherry-pick this fix. Now when it's in the upstream, it won't be lost during next vendor import.

Comment 6 commit-hook 2020-06-22 23:13:38 UTC

A commit references this bug:

Author: gonzo
Date: Mon Jun 22 23:13:15 UTC 2020
New revision: 362516
URL: https://svnweb.freebsd.org/changeset/base/362516

Log:
  Fix crash in drill(1) when IP has two subsequent dots

  Cherry-pick crash fix from the upstream repo

  PR:		226575
  Reported by:	Goran Meki? <meka@tilda.center>
  Obtained from:	https://git.nlnetlabs.nl/ldns/commit/?id=98291475
  MFC after:	2 weeks

Changes:
  head/contrib/ldns/drill/drill.c

Thank you very much!

Comment 8 commit-hook 2020-07-14 05:24:17 UTC

A commit references this bug:

Author: gonzo
Date: Tue Jul 14 05:24:07 UTC 2020
New revision: 363175
URL: https://svnweb.freebsd.org/changeset/base/363175

Log:
  MFC r362516:

  Fix crash in drill(1) when IP has two subsequent dots

  Cherry-pick crash fix from the upstream repo

  PR:		226575
  Reported by:	Goran Meki? <meka@tilda.center>
  Obtained from:	https://git.nlnetlabs.nl/ldns/commit/?id=98291475

Changes:
_U  stable/12/
  stable/12/contrib/ldns/drill/drill.c

Comment 9 commit-hook 2020-07-14 17:47:21 UTC

A commit references this bug:

Author: gonzo
Date: Tue Jul 14 17:46:40 UTC 2020
New revision: 363186
URL: https://svnweb.freebsd.org/changeset/base/363186

Log:
  MFC r362516:

  Fix crash in drill(1) when IP has two subsequent dots

  Cherry-pick crash fix from the upstream repo

  PR:		226575
  Reported by:	Goran Meki? <meka@tilda.center>
  Obtained from:	https://git.nlnetlabs.nl/ldns/commit/?id=98291475

Changes:
_U  stable/11/
  stable/11/contrib/ldns/drill/drill.c

It's fixed in 12.2. Should I close this issue?

Comment 11 Oleksandr Tymoshenko 2020-10-28 23:32:35 UTC

I'll close it. Meant to but forgot, thanks for reminding.