From f1ec774f9abf62d5b08b659b370c4a99804a4b51 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Wed, 5 Feb 2025 09:36:09 +0000 Subject: [PATCH] Fix RPZ bug when resuming a query during a reconfiguration After a reconfiguration the old view can be left without a valid 'rpzs' member, because when the RPZ is not changed during the named reconfiguration 'rpzs' "migrate" from the old view into the new view, so when a query resumes it can find that 'qctx->view->rpzs' is NULL which query_resume() currently doesn't expect to happen if it's recursing and 'qctx->rpz_st' is not NULL. Fix the issue by adding a NULL-check. In order to not split the log message to two different log messages depending on whether 'qctx->view->rpzs' is NULL or not, change the message to not log the RPZ policy's "version" which is just a runtime counter and is most likely not very useful for the users. (cherry picked from commit 3ea2fbc238e0d933b9f87dfd8fdab9233d978e33) --- lib/ns/query.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/ns/query.c b/lib/ns/query.c index 11d2520c61..8bdb33b088 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -6798,14 +6798,13 @@ query_resume(query_ctx_t *qctx) { /* * Has response policy changed out from under us? */ - if (qctx->rpz_st->rpz_ver != qctx->view->rpzs->rpz_ver) { + if (qctx->view->rpzs == NULL || + qctx->rpz_st->rpz_ver != qctx->view->rpzs->rpz_ver) + { ns_client_log(qctx->client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_QUERY, DNS_RPZ_INFO_LEVEL, - "query_resume: RPZ settings " - "out of date " - "(rpz_ver %d, expected %d)", - qctx->view->rpzs->rpz_ver, - qctx->rpz_st->rpz_ver); + "query_resume: RPZ settings out of date " + "after of a reconfiguration"); QUERY_ERROR(qctx, DNS_R_SERVFAIL); return ns_query_done(qctx); }