3367. [bug] dns_dnsseckey_create() result was not being checked.

author Mark Andrews <marka@isc.org>

Tue, 21 Aug 2012 02:04:09 +0000 (12:04 +1000)

committer Mark Andrews <marka@isc.org>

Tue, 21 Aug 2012 02:07:02 +0000 (12:07 +1000)
author Mark Andrews <marka@isc.org>
Tue, 21 Aug 2012 02:04:09 +0000 (12:04 +1000)
committer Mark Andrews <marka@isc.org>
Tue, 21 Aug 2012 02:07:02 +0000 (12:07 +1000)
diff --git a/CHANGES b/CHANGES

index 2ec7a4645fbc3b83dfe59b5a161bf1bee8e8d975..618d6748fa0c485090de0db27008db4f7701bd27 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3367.  [bug]           dns_dnsseckey_create() result was not being checked.
+                       [RT #30685]
+
  3366.  [bug]           Fixed Read-After-Write dependency violation for IA64 
                         atomic operations. [RT #25181]
  
diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c

index 91885ec15b2a49fbff440084720f9cbceb70e5a8..3569ad7cc84a2e32c7c708de5779bb5f22546e93 100644 (file)
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -1384,11 +1384,12 @@ dns_dnssec_findmatchingkeys(dns_name_t *origin, const char *directory,
   * the keys in the keyset, regardless of whether they have
   * metadata indicating they should be deactivated or removed.
   */
-static void
+static isc_result_t
  addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
         isc_boolean_t savekeys, isc_mem_t *mctx)
  {
         dns_dnsseckey_t *key;
+       isc_result_t result;
  
         /* Skip duplicates */
         for (key = ISC_LIST_HEAD(*keylist);
@@ -1416,10 +1417,12 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
                 }
  
                 key->source = dns_keysource_zoneapex;
-               return;
+               return (ISC_R_SUCCESS);
         }
  
-       dns_dnsseckey_create(mctx, newkey, &key);
+       result = dns_dnsseckey_create(mctx, newkey, &key);
+       if (result != ISC_R_SUCCESS)
+               return (result);
         if (key->legacy || savekeys) {
                 key->force_publish = ISC_TRUE;
                 key->force_sign = dst_key_isprivate(key->key);
@@ -1427,6 +1430,7 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
         key->source = dns_keysource_zoneapex;
         ISC_LIST_APPEND(*keylist, key, link);
         *newkey = NULL;
+       return (ISC_R_SUCCESS);
  }
  
  
@@ -1516,7 +1520,7 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
                         goto skip;
  
                 if (public) {
-                       addkey(keylist, &pubkey, savekeys, mctx);
+                       RETERR(addkey(keylist, &pubkey, savekeys, mctx));
                         goto skip;
                 }
  
@@ -1569,7 +1573,7 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
                 }
  
                 if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
-                       addkey(keylist, &pubkey, savekeys, mctx);
+                       RETERR(addkey(keylist, &pubkey, savekeys, mctx));
                         goto skip;
                 }
                 RETERR(result);
@@ -1578,7 +1582,7 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
                 if ((dst_key_flags(privkey) & DNS_KEYTYPE_NOAUTH) != 0)
                         goto skip;
  
-               addkey(keylist, &privkey, savekeys, mctx);
+               RETERR(addkey(keylist, &privkey, savekeys, mctx));
   skip:
                 if (pubkey != NULL)
                         dst_key_free(&pubkey);
author	Mark Andrews <marka@isc.org>
	Tue, 21 Aug 2012 02:04:09 +0000 (12:04 +1000)
committer	Mark Andrews <marka@isc.org>
	Tue, 21 Aug 2012 02:07:02 +0000 (12:07 +1000)
CHANGES		patch \| blob \| blame \| history
lib/dns/dnssec.c		patch \| blob \| blame \| history