prevent named crash on rndc modzone for a zone in named.conf

If named is built without LMDB and has a zone in named.conf,
then rndc modzone for that zone triggers an assertion failure
unless there's already an NZF file. This is because load_nzf
doesn't create 'nzf_config' when NZF is missing, while a valid
nzf_config is assumed in do_modzone when it tries to add the
modified zone config to add_parser.

The crash is fixed by skipping the call to cfg_parser_mapadd when
nzf_config is NULL. Skipping it should be okay since the config stored
in add_parser would be needed only for subsequently deleting a zone by
rndc delzone when the zone was originally added by rndc addzone, but
in this case the zone was not 'added'. Checking if nzf_config is NULL
before using it also seems to be consistent with other parts of the
implementation.

diff --git a/bin/named/server.c b/bin/named/server.c
index 2cb6ba991b96db29763386bdfd57735ba5ec8914..28ca7dc922ba586c103297506038e4c403bedfd0 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -14277,8 +14277,11 @@ do_modzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 
 #ifndef HAVE_LMDB
        /* Store the new zone configuration; also in NZF if applicable */
-       z = UNCONST(zoneobj);
-       CHECK(cfg_parser_mapadd(cfg->add_parser, cfg->nzf_config, z, "zone"));
+       if (cfg->nzf_config != NULL) {
+               z = UNCONST(zoneobj);
+               CHECK(cfg_parser_mapadd(cfg->add_parser, cfg->nzf_config, z,
+                                       "zone"));
+       }
 #endif /* HAVE_LMDB */
 
        if (added) {

diff --git a/bin/tests/system/addzone/tests_rndc_modzone_without_add.py b/bin/tests/system/addzone/tests_rndc_modzone_without_add.py
new file mode 100644 (file)
index 0000000..3658f5f
--- /dev/null
+++ b/bin/tests/system/addzone/tests_rndc_modzone_without_add.py
@@ -0,0 +1,37 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import pytest
+
+pytestmark = pytest.mark.extra_artifacts(
+    [
+        "ns*/*.nzf*",
+        "ns*/*.nzd*",
+        "ns1/redirect.db",
+        "ns2/new-zones",
+        "ns2/redirect.db",
+        "ns3/redirect.db",
+    ]
+)
+
+
+def test_rndc_modzone_without_add(ns3):
+    """
+    Confirm "rndc modzone" works for a zone that was not added by "addzone".
+    """
+    # We begin with a zone that has a normal configuration, and then modify it
+    # by rndc modzone. This should succeed and shouldn't cause any disruption.
+    # Previously, it triggered an assertion failure unless LMDB was enabled.
+    cmd = ns3.rndc(
+        'modzone . {type primary; file "redirect.db"; allow-query {none;};};',
+        raise_on_exception=False,
+    )
+    assert cmd.rc == 0