Fix CID 510858: Null ptr derefs in check_keys

Coverity Scan reported a new issue for the ksr system test. There
is allegedly a null pointer dereference (FORWARD_NULL) in check_keys().

This popped up because previously we set 'retired' to 0 in case of
unlimited lifetime, but we changed it to None.

It is actually a false positive, because if lifetime is unlimited
there will be only one key in 'keys'.

However, the code would be better if we always initialized 'active'
and if it is not the first key and retired is set, set the successor
key's active time to the retire time of the predecessor key.

diff --git a/bin/tests/system/ksr/tests_ksr.py b/bin/tests/system/ksr/tests_ksr.py
index be2c651aa1b8ac9f00bcb3df82a987e42b02a576..793df81c4cb7912b2aadce6bcddeac54574a55d5 100644 (file)
--- a/bin/tests/system/ksr/tests_ksr.py
+++ b/bin/tests/system/ksr/tests_ksr.py
@@ -113,9 +113,8 @@ def check_keys(
         created = key.get_timing("Created") + offset
 
         # active: retired previous key
-        if num == 0:
-            active = created
-        else:
+        active = created
+        if num > 0 and retired is not None:
             active = retired
 
         # published: dnskey-ttl + publish-safety + propagation