From 8d4d4c8eb807bb4f7b67765a6704eba77f0122be Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 27 Feb 2014 16:43:32 -0800 Subject: [PATCH] [v9_9] fix possible rndc secroots crash 3765. [bug] Fixed a bug in "rndc secroots" that could crash named when dumping an empty keynode. [RT #35469] (cherry picked from commit 1aced7b8702288f656ded594cd5bd7678bb4fe70) --- CHANGES | 3 +++ lib/dns/keytable.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index 30cdd8403c..154ee624b7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +3765. [bug] Fixed a bug in "rndc secroots" that could crash + named when dumping an empty keynode. [RT #35469] + 3764. [bug] The dnssec-keygen/settime -S and -i options (to set up a successor key and set the prepublication interval) were missing from dnssec-keyfromlabel. diff --git a/lib/dns/keytable.c b/lib/dns/keytable.c index f6b6bb22cc..56fefcd2c1 100644 --- a/lib/dns/keytable.c +++ b/lib/dns/keytable.c @@ -576,6 +576,8 @@ dns_keytable_dump(dns_keytable_t *keytable, FILE *fp) dns_rbtnodechain_current(&chain, NULL, NULL, &node); for (knode = node->data; knode != NULL; knode = knode->next) { + if (knode->key == NULL) + continue; dst_key_format(knode->key, pbuf, sizeof(pbuf)); fprintf(fp, "%s ; %s\n", pbuf, knode->managed ? "managed" : "trusted");