From: JINMEI Tatuya Date: Sat, 21 Mar 2026 06:33:04 +0000 (-0700) Subject: prevent named crash on rndc modzone for a zone in named.conf X-Git-Tag: v9.20.22~11^2~2 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2ec6f856e3ff0228c8061df0c1b5dc26a5062585;p=thirdparty%2Fbind9.git prevent named crash on rndc modzone for a zone in named.conf If named is built without LMDB and has a zone in named.conf, then rndc modzone for that zone triggers an assertion failure unless there's already an NZF file. This is because load_nzf doesn't create 'nzf_config' when NZF is missing, while a valid nzf_config is assumed in do_modzone when it tries to add the modified zone config to add_parser. The crash is fixed by skipping the call to cfg_parser_mapadd when nzf_config is NULL. Skipping it should be okay since the config stored in add_parser would be needed only for subsequently deleting a zone by rndc delzone when the zone was originally added by rndc addzone, but in this case the zone was not 'added'. Checking if nzf_config is NULL before using it also seems to be consistent with other parts of the implementation. --- diff --git a/bin/named/server.c b/bin/named/server.c index 2cb6ba991b9..28ca7dc922b 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -14277,8 +14277,11 @@ do_modzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view, #ifndef HAVE_LMDB /* Store the new zone configuration; also in NZF if applicable */ - z = UNCONST(zoneobj); - CHECK(cfg_parser_mapadd(cfg->add_parser, cfg->nzf_config, z, "zone")); + if (cfg->nzf_config != NULL) { + z = UNCONST(zoneobj); + CHECK(cfg_parser_mapadd(cfg->add_parser, cfg->nzf_config, z, + "zone")); + } #endif /* HAVE_LMDB */ if (added) { diff --git a/bin/tests/system/addzone/tests_rndc_modzone_without_add.py b/bin/tests/system/addzone/tests_rndc_modzone_without_add.py new file mode 100644 index 00000000000..3658f5f5183 --- /dev/null +++ b/bin/tests/system/addzone/tests_rndc_modzone_without_add.py @@ -0,0 +1,37 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import pytest + +pytestmark = pytest.mark.extra_artifacts( + [ + "ns*/*.nzf*", + "ns*/*.nzd*", + "ns1/redirect.db", + "ns2/new-zones", + "ns2/redirect.db", + "ns3/redirect.db", + ] +) + + +def test_rndc_modzone_without_add(ns3): + """ + Confirm "rndc modzone" works for a zone that was not added by "addzone". + """ + # We begin with a zone that has a normal configuration, and then modify it + # by rndc modzone. This should succeed and shouldn't cause any disruption. + # Previously, it triggered an assertion failure unless LMDB was enabled. + cmd = ns3.rndc( + 'modzone . {type primary; file "redirect.db"; allow-query {none;};};', + raise_on_exception=False, + ) + assert cmd.rc == 0