Check for NULL before dereferencing qctx->rpz_st

Commit 9ffb4a7ba11fae64a6ce2dd6390cd334372b7ab7 causes Clang Static
Analyzer to flag a potential NULL dereference in query_nxdomain():

    query.c:9394:26: warning: Dereference of null pointer [core.NullDereference]
            if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) {
                                    ^~~~~~~~~~~~~~~~~~~
    1 warning generated.

The warning above is for qctx->rpz_st potentially being a NULL pointer
when query_nxdomain() is called from query_resume().  This is a false
positive because none of the database lookup result codes currently
causing query_nxdomain() to be called (DNS_R_EMPTYWILD, DNS_R_NXDOMAIN)
can be returned by a database lookup following a recursive resolution
attempt.  Add a NULL check nevertheless in order to future-proof the
code and silence Clang Static Analyzer.

(cherry picked from commit 07592d1315412c38c978e8d009aace5d0f5bef93)

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 43638a35eb8034e1511acb772e3c988019c43f31..067c6a237299f3a78c691ae6592346a4616ae8d6 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -9248,7 +9248,9 @@ query_nxdomain(query_ctx_t *qctx, bool empty_wild) {
        {
                ttl = 0;
        }
-       if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) {
+       if (!qctx->nxrewrite ||
+           (qctx->rpz_st != NULL && qctx->rpz_st->m.rpz->addsoa))
+       {
                result = query_addsoa(qctx, ttl, section);
                if (result != ISC_R_SUCCESS) {
                        QUERY_ERROR(qctx, result);