Check whether zone->db is a valid pointer before attaching

The zone_resigninc() function does not check the validity of
'zone->db', which can crash named if the zone was unloaded earlier,
for example with "rndc delete".

Check that 'zone->db' is not 'NULL' before attaching to it, like
it is done in zone_sign() and zone_nsec3chain() functions, which
can similarly be called by zone maintenance.

(cherry picked from commit fae0930eb84063fc03d711a0c772c58e5b470377)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index cf64b78230ef5c0897652c5a4ff9f89966b1cf23..73da12ebc2a89581ed69f490ec9ceb350cc9b486 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -7336,8 +7336,14 @@ zone_resigninc(dns_zone_t *zone) {
        }
 
        ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
-       dns_db_attach(zone->db, &db);
+       if (zone->db != NULL) {
+               dns_db_attach(zone->db, &db);
+       }
        ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read);
+       if (db == NULL) {
+               result = ISC_R_FAILURE;
+               goto failure;
+       }
 
        result = dns_db_newversion(db, &version);
        if (result != ISC_R_SUCCESS) {