Check whether zone->db is a valid pointer before attaching

The zone_resigninc() function does not check the validity of
'zone->db', which can crash named if the zone was unloaded earlier,
for example with "rndc delete".

Check that 'zone->db' is not 'NULL' before attaching to it, like
it is done in zone_sign() and zone_nsec3chain() functions, which
can similarly be called by zone maintenance.

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index d943295588b88e168983655964fd663bc4cfff85..7481d3b12f1defd31ca85c655990bc5f51a77c7f 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -6825,8 +6825,14 @@ zone_resigninc(dns_zone_t *zone) {
        }
 
        ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
-       dns_db_attach(zone->db, &db);
+       if (zone->db != NULL) {
+               dns_db_attach(zone->db, &db);
+       }
        ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+       if (db == NULL) {
+               result = ISC_R_FAILURE;
+               goto failure;
+       }
 
        result = dns_db_newversion(db, &version);
        if (result != ISC_R_SUCCESS) {