Fix RPZ bug when resuming a query during a reconfiguration

After a reconfiguration the old view can be left without a valid
'rpzs' member, because when the RPZ is not changed during the named
reconfiguration 'rpzs' "migrate" from the old view into the new
view, so when a query resumes it can find that 'qctx->view->rpzs'
is NULL which query_resume() currently doesn't expect to happen if
it's recursing and 'qctx->rpz_st' is not NULL.

Fix the issue by adding a NULL-check. In order to not split the log
message to two different log messages depending on whether
'qctx->view->rpzs' is NULL or not, change the message to not log
the RPZ policy's "version" which is just a runtime counter and is
most likely not very useful for the users.

diff --git a/lib/ns/query.c b/lib/ns/query.c
index fe57ada093ed169b3b0589f07de65a8418bdf14d..022a6de7e84ce369ad12a4dc9b183f1467849f47 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -6535,14 +6535,13 @@ query_resume(query_ctx_t *qctx) {
                /*
                 * Has response policy changed out from under us?
                 */
-               if (qctx->rpz_st->rpz_ver != qctx->view->rpzs->rpz_ver) {
+               if (qctx->view->rpzs == NULL ||
+                   qctx->rpz_st->rpz_ver != qctx->view->rpzs->rpz_ver)
+               {
                        ns_client_log(qctx->client, NS_LOGCATEGORY_CLIENT,
                                      NS_LOGMODULE_QUERY, DNS_RPZ_INFO_LEVEL,
-                                     "query_resume: RPZ settings "
-                                     "out of date "
-                                     "(rpz_ver %d, expected %d)",
-                                     qctx->view->rpzs->rpz_ver,
-                                     qctx->rpz_st->rpz_ver);
+                                     "query_resume: RPZ settings out of date "
+                                     "after of a reconfiguration");
                        QUERY_ERROR(qctx, DNS_R_SERVFAIL);
                        return ns_query_done(qctx);
                }