prevent named crash on rndc modzone for a zone in named.conf

If named is built without LMDB and has a zone in named.conf, then rndc modzone for that zone triggers an assertion failure unless there's already an NZF file. This is because load_nzf doesn't create 'nzf_config' when NZF is missing, while a valid nzf_config is assumed in do_modzone when it tries to add the modified zone config to add_parser. The crash is fixed by skipping the call to cfg_parser_mapadd when nzf_config is NULL. Skipping it should be okay since the config stored in add_parser would be needed only for subsequently deleting a zone by rndc delzone when the zone was originally added by rndc addzone, but in this case the zone was not 'added'. Checking if nzf_config is NULL before using it also seems to be consistent with other parts of the implementation.
2026-05-28 04:34:54 -04:00 · 2026-03-20 23:33:04 -07:00 · 2026-03-20 23:33:04 -07:00 · 2ec6f856e3
commit 2ec6f856e3
parent 13a656f79a
2 changed files with 42 additions and 2 deletions
--- a/bin/named/server.c
+++ b/bin/named/server.c
@ -14277,8 +14277,11 @@ do_modzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,

 #ifndef HAVE_LMDB
 	/* Store the new zone configuration; also in NZF if applicable */
-	z = UNCONST(zoneobj);
-	CHECK(cfg_parser_mapadd(cfg->add_parser, cfg->nzf_config, z, "zone"));
+	if (cfg->nzf_config != NULL) {
+		z = UNCONST(zoneobj);
+		CHECK(cfg_parser_mapadd(cfg->add_parser, cfg->nzf_config, z,
+					"zone"));
+	}
 #endif /* HAVE_LMDB */

 	if (added) {
--- a/bin/tests/system/addzone/tests_rndc_modzone_without_add.py
+++ b/bin/tests/system/addzone/tests_rndc_modzone_without_add.py
@ -0,0 +1,37 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import pytest
+
+pytestmark = pytest.mark.extra_artifacts(
+    [
+        "ns*/*.nzf*",
+        "ns*/*.nzd*",
+        "ns1/redirect.db",
+        "ns2/new-zones",
+        "ns2/redirect.db",
+        "ns3/redirect.db",
+    ]
+)
+
+
+def test_rndc_modzone_without_add(ns3):
+    """
+    Confirm "rndc modzone" works for a zone that was not added by "addzone".
+    """
+    # We begin with a zone that has a normal configuration, and then modify it
+    # by rndc modzone. This should succeed and shouldn't cause any disruption.
+    # Previously, it triggered an assertion failure unless LMDB was enabled.
+    cmd = ns3.rndc(
+        'modzone . {type primary; file "redirect.db"; allow-query {none;};};',
+        raise_on_exception=False,
+    )
+    assert cmd.rc == 0