Check for NULL before dereferencing qctx->rpz_st

Commit 9ffb4a7ba11fae64a6ce2dd6390cd334372b7ab7 causes Clang Static
Analyzer to flag a potential NULL dereference in query_nxdomain():

    query.c:9394:26: warning: Dereference of null pointer [core.NullDereference]
            if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) {
                                    ^~~~~~~~~~~~~~~~~~~
    1 warning generated.

The warning above is for qctx->rpz_st potentially being a NULL pointer
when query_nxdomain() is called from query_resume().  This is a false
positive because none of the database lookup result codes currently
causing query_nxdomain() to be called (DNS_R_EMPTYWILD, DNS_R_NXDOMAIN)
can be returned by a database lookup following a recursive resolution
attempt.  Add a NULL check nevertheless in order to future-proof the
code and silence Clang Static Analyzer.

(cherry picked from commit 07592d1315412c38c978e8d009aace5d0f5bef93)
(cherry picked from commit a4547a109324fff1bdd21032c5c7d8fdeb0e4ad8)

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 81ade5282b7cb7c764434e15fe9229b690a30f5e..9ca353e795f7ff5e034603567aa3519d47b0f048 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -9250,7 +9250,9 @@ query_nxdomain(query_ctx_t *qctx, bool empty_wild) {
        {
                ttl = 0;
        }
-       if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) {
+       if (!qctx->nxrewrite ||
+           (qctx->rpz_st != NULL && qctx->rpz_st->m.rpz->addsoa))
+       {
                result = query_addsoa(qctx, ttl, section);
                if (result != ISC_R_SUCCESS) {
                        QUERY_ERROR(qctx, result);