From fae0930eb84063fc03d711a0c772c58e5b470377 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Thu, 11 May 2023 12:08:13 +0000
Subject: [PATCH 1/2] Check whether zone->db is a valid pointer before
 attaching

The zone_resigninc() function does not check the validity of
'zone->db', which can crash named if the zone was unloaded earlier,
for example with "rndc delete".

Check that 'zone->db' is not 'NULL' before attaching to it, like
it is done in zone_sign() and zone_nsec3chain() functions, which
can similarly be called by zone maintenance.
---
 lib/dns/zone.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index d943295588..7481d3b12f 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -6825,8 +6825,14 @@ zone_resigninc(dns_zone_t *zone) {
 	}
 
 	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
-	dns_db_attach(zone->db, &db);
+	if (zone->db != NULL) {
+		dns_db_attach(zone->db, &db);
+	}
 	ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+	if (db == NULL) {
+		result = ISC_R_FAILURE;
+		goto failure;
+	}
 
 	result = dns_db_newversion(db, &version);
 	if (result != ISC_R_SUCCESS) {

From 00ed5f84a9a888b52dbb25e627e24c571c6a83e3 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Thu, 11 May 2023 12:20:58 +0000
Subject: [PATCH 2/2] Add a CHANGES note for [GL #4054]

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index e74de54e21..08f71da2e7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6169.	[bug]		named could crash when deleting inline-signing zones
+			with "rndc delzone". [GL #4054]
+
 6168.	[func]		Refactor the glue cache to store list of the GLUE
 			directly in the rdatasetheader instead of keeping
 			it in the hashtable indexed by the node pointer.