BIND-9.8.0 crashes on DDNS update with update-policy external: NULL key

[Jan-Piet Mens]

Hello,

I've been trying to get the example code in bin/tests/system/tsiggss to
work on BIND 9.8.0 when signing an update with a SIG(0) key. BIND is
configured --with-gssapi but it crashes with a SIGSEV just before
talking to the Unix socket.

I believe the attached patch solves the issue, at least it does so here
on Centos 5.5 and Mac OSX 10.6.6. :)

Steps to reproduce:

1. Use the example named.conf and authsock.pl as in
   bin/tests/system/tsiggss
2. Create a SIG(0) key
   $ dnssec-keygen -C -a DSA -b 512 -n HOST -T KEY jp.example.nil.
3. Add the .key to example.nil.db
4. Launch 
   $ named -c ns1/named.conf -g
5. Start authsock.pl
   $ authsock.pl --path=ns1/auth.sock --type=CNAME
6. Perform update
   $ nsupdate -k Kjp.example.nil.+003+07313.private < /tmp/x
   $ cat /tmp/x
   server 127.0.0.1 5300
   zone example.nil
   update add fred.example.nil 120 cname foo.bar.
   send

On a related note, I would have expected/wanted the IP address of the
updater to be passed down through the Unix socket, but that doesn't
happen. Am I misunderstanding the "protocol"?

        version=1 signer=jp.example.nil name=fred.example.nil \
          addr= type=CNAME key= key_data_len=0

Regards,

        -JP
-------------- next part --------------
*** bind-9.8.0/lib/dns/dst_api.c.original	Sat Mar 19 11:42:35 2011
--- bind-9.8.0/lib/dns/dst_api.c	Sat Mar 19 11:44:05 2011
***************
*** 1778,1782 ****
  
  isc_buffer_t *
  dst_key_tkeytoken(const dst_key_t *key) {
! 	return (key->key_tkeytoken);
  }
--- 1778,1782 ----
  
  isc_buffer_t *
  dst_key_tkeytoken(const dst_key_t *key) {
! 	return (key) ? key->key_tkeytoken : NULL;
  }