[9.18] sec: usr: Fix crash when reconfiguring zone update policy during active updates

Fixed a crash that could occur when running rndc reconfig to change a zone's update policy (e.g., from allow-update to update-policy) while DNS UPDATE requests were being processed for that zone. ISC would like to thank Vitaly Simonovich for bringing this issue to our attention. Fixes #5817 Backport of MR !11707 Merge branch 'backport-5817-fix-crash-via-SSU-table-desynchronization-9.18' into 'bind-9.18' See merge request isc-projects/bind9!11739
2026-05-28 04:34:54 -04:00 · 2026-03-30 20:59:25 +02:00 · 2026-03-30 20:59:25 +02:00 · 2eaf84497a
commit 2eaf84497a
parent 48d23f0895 f6fdc77c46
1 changed files with 4 additions and 4 deletions
--- a/lib/ns/update.c
+++ b/lib/ns/update.c
@ -203,6 +203,7 @@ struct update_event {
 	dns_zone_t *zone;
 	isc_result_t result;
 	dns_message_t *answer;
+	dns_ssutable_t *ssutable;
 	unsigned int *maxbytype;
 	size_t maxbytypelen;
 };
@ -1850,9 +1851,9 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) {
 		sizeof(*event));
 	event->zone = zone;
 	event->result = ISC_R_SUCCESS;
-	event->maxbytype = maxbytype;
+	event->ssutable = MOVE_OWNERSHIP(ssutable);
+	event->maxbytype = MOVE_OWNERSHIP(maxbytype);
 	event->maxbytypelen = maxbytypelen;
-	maxbytype = NULL;

 	INSIST(client->nupdates == 0);
 	client->nupdates++;
@ -2840,6 +2841,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
 	update_event_t *uev = (update_event_t *)event;
 	dns_zone_t *zone = uev->zone;
 	ns_client_t *client = (ns_client_t *)event->ev_arg;
+	dns_ssutable_t *ssutable = uev->ssutable;
 	unsigned int *maxbytype = uev->maxbytype;
 	size_t update = 0, maxbytypelen = uev->maxbytypelen;
 	isc_result_t result;
@ -2854,7 +2856,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
 	dns_message_t *request = client->message;
 	dns_rdataclass_t zoneclass;
 	dns_name_t *zonename = NULL;
-	dns_ssutable_t *ssutable = NULL;
 	dns_fixedname_t tmpnamefixed;
 	dns_name_t *tmpname = NULL;
 	dns_zoneopt_t options;
@ -2874,7 +2875,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
 	CHECK(dns_zone_getdb(zone, &db));
 	zonename = dns_db_origin(db);
 	zoneclass = dns_db_class(db);
-	dns_zone_getssutable(zone, &ssutable);
 	options = dns_zone_getoptions(zone);

 	/*