From 50de0ccdc29e6a9731aae26e55957362fed346be Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Fri, 29 Mar 2019 17:16:07 +0100 Subject: [PATCH] Fix ~/.digrc A private ~/.digrc overrides the commandline options from dig. So we need to make sure that the output is still what is expected. This commit addresses it by adding additional parameters, mostly to existing awk commands so that only the fields we want are returned. see #1220 --- testssl.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/testssl.sh b/testssl.sh index c660ca5..62f875a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -17070,7 +17070,7 @@ get_a_record() { fi if [[ -z "$ip4" ]]; then if type -p dig &> /dev/null ; then - ip4=$(filter_ip4_address $(dig +timeout=2 +tries=2 +short -t a "$1" 2>/dev/null | awk '/^[0-9]/')) + ip4=$(filter_ip4_address $(dig +timeout=2 +tries=2 +short -t a "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }')) fi fi if [[ -z "$ip4" ]]; then @@ -17117,7 +17117,7 @@ get_aaaa_record() { fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." $ERR_DNSBIN fi elif type -p dig &> /dev/null; then - ip6=$(filter_ip6_address $(dig +short +timeout=2 +tries=2 -t aaaa "$1" 2>/dev/null | awk '/^[0-9]/')) + ip6=$(filter_ip6_address $(dig +short +timeout=2 +tries=2 -t aaaa "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }')) elif type -p host &> /dev/null ; then ip6=$(filter_ip6_address $(host -t aaaa "$1" | awk '/address/ { print $NF }')) elif type -p drill &> /dev/null; then @@ -17150,7 +17150,7 @@ get_caa_rr_record() { OPENSSL_CONF="" check_resolver_bins if type -p dig &> /dev/null; then - raw_caa="$(dig +timeout=3 +tries=3 $1 type257 +short)" + raw_caa="$(dig +timeout=3 +tries=3 $1 type257 +short | awk '{ print $1" "$2" "$3 }')" # empty if no CAA record elif type -p drill &> /dev/null; then raw_caa="$(drill $1 type257 | awk '/'"^${1}"'.*CAA/ { print $5,$6,$7 }')" @@ -17220,7 +17220,7 @@ get_mx_record() { if type -p host &> /dev/null; then mxs="$(host -t MX "$1" 2>/dev/null | awk '/is handled by/ { print $(NF-1), $NF }')" elif type -p dig &> /dev/null; then - mxs="$(dig +short -t MX "$1" 2>/dev/null | awk '/^[0-9]/')" + mxs="$(dig +short -t MX "$1" 2>/dev/null | awk '/^[0-9]/ { print $1" "$2 }')" elif type -p drill &> /dev/null; then mxs="$(drill mx $1 | awk '/IN[ \t]MX[ \t]+/ { print $(NF-1), $NF }')" elif type -p nslookup &> /dev/null; then @@ -17319,11 +17319,11 @@ determine_rdns() { if type -p avahi-resolve &>/dev/null; then rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }') elif type -p dig &>/dev/null; then - rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer | awk '/PTR/ { print $NF }') + rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer +short | awk '{ print $1 }') fi elif type -p dig &> /dev/null; then # 1+2 should suffice. It's a compromise for if e.g. network is down but we have a docker/localhost server - rDNS=$(dig -x $nodeip +timeout=1 +tries=2 +noall +answer | awk '/PTR/ { print $NF }') # +short returns also CNAME, e.g. openssl.org + rDNS=$(dig -x $nodeip +timeout=1 +tries=2 +noall +answer +short | awk '{ print $1 }') # +short returns also CNAME, e.g. openssl.org elif type -p host &> /dev/null; then rDNS=$(host -t PTR $nodeip 2>/dev/null | awk '/pointer/ { print $NF }') elif type -p drill &> /dev/null; then