[master] fix dig +ednsopt padding error

4556.	[bug]		Sending an EDNS Padding option using "dig
			+ednsopt" could cause a crash in dig. [RT #44462]

CHANGES

@@ -1,3 +1,6 @@
+4556.	[bug]		Sending an EDNS Padding option using "dig
+			+ednsopt" could cause a crash in dig. [RT #44462]
+
 4555.	[func]		dig +ednsopt: EDNS options can now be specified by
 			name in addition to numeric value. [RT #44461]
 

bin/dig/dighost.c

@@ -2710,12 +2710,12 @@ setup_lookup(dig_lookup_t *lookup) {
 			i += lookup->ednsoptscnt;
 		}
 
-		if (lookup->padding && (i >= MAXOPTS)) {
+		if (lookup->padding != 0 && (i >= MAXOPTS)) {
 			debug("turned off padding because of EDNS overflow");
 			lookup->padding = 0;
 		}
 
-		if (lookup->padding) {
+		if (lookup->padding != 0) {
 			INSIST(i < MAXOPTS);
 			opts[i].code = DNS_OPT_PAD;
 			opts[i].length = 0;

bin/tests/system/padding/tests.sh

@@ -107,5 +107,15 @@ if [ "$opad" -ne "$npad" ]; then ret=1; fi
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking that zero-length padding option has no effect ($n)"
+ret=0
+n=`expr $n + 1`
+$DIG +qr +ednsopt=12 foo.example @10.53.0.2 -p 5300 > dig.out.test$n.1
+grep "; PAD" dig.out.test$n.1 > /dev/null || ret=1
+$DIG +qr +ednsopt=12:00 foo.example @10.53.0.2 -p 5300 > dig.out.test$n.2
+grep "; PAD" dig.out.test$n.2 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 [ $status -eq 0 ] || exit 1

lib/dns/message.c

@@ -2293,7 +2293,7 @@ dns_message_renderend(dns_message_t *msg) {
 	if (msg->padding_off > 0) {
 		unsigned char *cp = isc_buffer_used(msg->buffer);
 		unsigned int used, remaining;
-		isc_uint16_t len, padsize;
+		isc_uint16_t len, padsize = 0;
 
 		/* Check PAD */
 		if ((cp[-4] != 0) ||
@@ -2309,9 +2309,13 @@ dns_message_renderend(dns_message_t *msg) {
 
 		/* Aligned used length + reserved to padding block */
 		used = isc_buffer_usedlength(msg->buffer);
-		padsize = ((isc_uint16_t)used + msg->reserved) % msg->padding;
+		if (msg->padding != 0) {
-		if (padsize)
+			padsize = ((isc_uint16_t)used + msg->reserved)
+				% msg->padding;
+		}
+		if (padsize != 0) {
 			padsize = msg->padding - padsize;
+		}
 		/* Stay below the available length */
 		remaining = isc_buffer_availablelength(msg->buffer);
 		if (padsize > remaining)
@@ -3760,7 +3764,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
 		 * Print EDNS info, if any.
 		 *
 		 * WARNING: The option contents may be malformed as
-		 * dig +ednsopt=value:<content> does not validity
+		 * dig +ednsopt=value:<content> does no validity
 		 * checking.
 		 */
 		dns_rdata_init(&rdata);
@@ -3772,6 +3776,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
 			INSIST(isc_buffer_remaininglength(&optbuf) >= 4U);
 			optcode = isc_buffer_getuint16(&optbuf);
 			optlen = isc_buffer_getuint16(&optbuf);
+
 			INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
 
 			INDENT(style);
@@ -4325,7 +4330,8 @@ dns_message_buildopt(dns_message_t *message, dns_rdataset_t **rdatasetp,
 
 		for (i = 0; i < count; i++)  {
 			if (ednsopts[i].code == DNS_OPT_PAD &&
-			    ednsopts[i].length == 0U && !seenpad) {
+			    ednsopts[i].length == 0U && !seenpad)
+			{
 				seenpad = ISC_TRUE;
 				continue;
 			}

lib/dns/resolver.c

@@ -2409,7 +2409,7 @@ resquery_send(resquery_t *query) {
 			if ((peer != NULL) &&
 			    (query->options & DNS_FETCHOPT_TCP) != 0)
 				(void) dns_peer_getpadding(peer, &padding);
-			if (padding) {
+			if (padding != 0) {
 				INSIST(ednsopt < DNS_EDNSOPTIONS);
 				ednsopts[ednsopt].code = DNS_OPT_PAD;
 				ednsopts[ednsopt].length = 0;