From 19ae9cbb28abf57c2605cbedaa6a7201a0cb6572 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sun, 6 Nov 2011 23:18:07 +0000
Subject: [PATCH] 3208.   [bug]           'dig -y' handle unknown tsig alorithm
 better.                         [RT #25522]

---
 CHANGES                        |  3 +++
 bin/dig/dighost.c              |  8 +++++++-
 bin/tests/system/tsig/tests.sh | 11 ++++++++++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 544d1913db..77fd0746c5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3208.	[bug]		'dig -y' handle unknown tsig alorithm better.
+			[RT #25522]
+
 3207.	[contrib]	Fixed build error in Berkeley DB DLZ module. [RT #26444]
 
 3206.	[cleanup]	Add ISC information to log at start time. [RT #25484]
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 8f47e59e2c..62f2af263e 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.341 2011/10/29 22:26:21 marka Exp $ */
+/* $Id: dighost.c,v 1.342 2011/11/06 23:18:07 marka Exp $ */
 
 /*! \file
  *  \note
@@ -66,6 +66,7 @@
 #include <dns/tsig.h>
 
 #include <dst/dst.h>
+#include <dst/result.h>
 
 #include <isc/app.h>
 #include <isc/base64.h>
@@ -925,6 +926,11 @@ setup_text_key(void) {
 
 	secretsize = isc_buffer_usedlength(&secretbuf);
 
+	if (hmacname == NULL) {
+		result = DST_R_UNSUPPORTEDALG;
+		goto failure;
+	}
+
 	result = dns_name_fromtext(&keyname, namebuf, dns_rootname, 0, namebuf);
 	if (result != ISC_R_SUCCESS)
 		goto failure;
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
index d2391c167b..58aefdc717 100644
--- a/bin/tests/system/tsig/tests.sh
+++ b/bin/tests/system/tsig/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.5 2007/06/19 23:47:06 tbox Exp $
+# $Id: tests.sh,v 1.6 2011/11/06 23:18:07 marka Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -213,6 +213,15 @@ if [ $ret -eq 1 ] ; then
 	echo "I: failed"; status=1
 fi
 
+echo "I:attempting fetch with bad tsig algorithm"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "badalgo:invalid:$sha512" @10.53.0.1 soa -p 5300 > dig.out.badalgo 2>&1 || ret=1
+grep -i "Couldn't create key invalid: algorithm is unsupported" dig.out.badalgo > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
 exit $status