From 7713d2cb6df7754f8a6f0b310b123ff6d55f100f Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Thu, 11 May 2023 12:08:13 +0000 Subject: [PATCH 1/2] Check whether zone->db is a valid pointer before attaching The zone_resigninc() function does not check the validity of 'zone->db', which can crash named if the zone was unloaded earlier, for example with "rndc delete". Check that 'zone->db' is not 'NULL' before attaching to it, like it is done in zone_sign() and zone_nsec3chain() functions, which can similarly be called by zone maintenance. (cherry picked from commit fae0930eb84063fc03d711a0c772c58e5b470377) --- lib/dns/zone.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 16f7708464..834185de90 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -7220,8 +7220,14 @@ zone_resigninc(dns_zone_t *zone) { } ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); - dns_db_attach(zone->db, &db); + if (zone->db != NULL) { + dns_db_attach(zone->db, &db); + } ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + if (db == NULL) { + result = ISC_R_FAILURE; + goto failure; + } result = dns_db_newversion(db, &version); if (result != ISC_R_SUCCESS) { From cc197e82fe4a70c6bc7d1df4eea8f435dcb8a448 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Thu, 11 May 2023 12:20:58 +0000 Subject: [PATCH 2/2] Add a CHANGES note for [GL #4054] (cherry picked from commit 00ed5f84a9a888b52dbb25e627e24c571c6a83e3) --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 977cf18b06..339c80767d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6169. [bug] named could crash when deleting inline-signing zones + with "rndc delzone". [GL #4054] + 6165. [bug] Fix a logic error in dighost.c which could call the dighost_shutdown() callback twice and cause problems if the callback function was not idempotent. [GL #4039]