From: Aram Sargsyan <aram@isc.org>
Date: Mon, 23 Mar 2026 15:15:18 +0000 (+0000)
Subject: Allow empty APL records
X-Git-Tag: v9.21.21~8^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35b8af229e82291fd635225ac45f853e7190f8b7;p=thirdparty%2Fbind9.git

Allow empty APL records

Allow empty APL records because RFC 3123 (Section 4) says "zero or
more items". This fixes processing of a catalog zone ACL (which is
based on APL records) when the zone contains an empty APL record or
when a zone update arrives which creates an empty APL record.
---

diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c
index 67c021062b6..ee33fa5c573 100644
--- a/lib/dns/rdata/in_1/apl_42.c
+++ b/lib/dns/rdata/in_1/apl_42.c
@@ -327,7 +327,7 @@ dns_rdata_apl_first(dns_rdata_in_apl_t *apl) {
 	/*
 	 * If no APL return ISC_R_NOMORE.
 	 */
-	if (apl->apl == NULL) {
+	if (apl->apl == NULL || apl->apl_len == 0) {
 		return ISC_R_NOMORE;
 	}