From 148608c7b2a6fb55dafd35632b4a661f90ed36fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 13 Jun 2022 14:03:16 +0200 Subject: [PATCH] Check for NULL before dereferencing qctx->rpz_st Commit 9ffb4a7ba11fae64a6ce2dd6390cd334372b7ab7 causes Clang Static Analyzer to flag a potential NULL dereference in query_nxdomain(): query.c:9394:26: warning: Dereference of null pointer [core.NullDereference] if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) { ^~~~~~~~~~~~~~~~~~~ 1 warning generated. The warning above is for qctx->rpz_st potentially being a NULL pointer when query_nxdomain() is called from query_resume(). This is a false positive because none of the database lookup result codes currently causing query_nxdomain() to be called (DNS_R_EMPTYWILD, DNS_R_NXDOMAIN) can be returned by a database lookup following a recursive resolution attempt. Add a NULL check nevertheless in order to future-proof the code and silence Clang Static Analyzer. (cherry picked from commit 07592d1315412c38c978e8d009aace5d0f5bef93) --- lib/ns/query.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/ns/query.c b/lib/ns/query.c index 43638a35eb8..067c6a23729 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -9248,7 +9248,9 @@ query_nxdomain(query_ctx_t *qctx, bool empty_wild) { { ttl = 0; } - if (!qctx->nxrewrite || qctx->rpz_st->m.rpz->addsoa) { + if (!qctx->nxrewrite || + (qctx->rpz_st != NULL && qctx->rpz_st->m.rpz->addsoa)) + { result = query_addsoa(qctx, ttl, section); if (result != ISC_R_SUCCESS) { QUERY_ERROR(qctx, result); -- 2.23.0