The validator could fail when select_signing_key/get_dst_key failed

author Mark Andrews <marka@isc.org>

Tue, 23 Jun 2020 00:26:01 +0000 (10:26 +1000)

committer Matthijs Mekking <matthijs@isc.org>

Thu, 25 Jun 2020 11:43:45 +0000 (13:43 +0200)
author Mark Andrews <marka@isc.org>
Tue, 23 Jun 2020 00:26:01 +0000 (10:26 +1000)
committer Matthijs Mekking <matthijs@isc.org>
Thu, 25 Jun 2020 11:43:45 +0000 (13:43 +0200)
diff --git a/lib/dns/validator.c b/lib/dns/validator.c

index 9b5c891f94c38cc35597a50d4e4b78aafefc1d1b..e31ad661e5f70c8914e5ac1df7c73f05fa67a2b7 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -1126,24 +1126,25 @@ select_signing_key(dns_validator_t *val, dns_rdataset_t *rdataset) {
                 INSIST(val->key == NULL);
                 result = dst_key_fromdns(&siginfo->signer, rdata.rdclass, &b,
                                          val->view->mctx, &val->key);
-               if (result != ISC_R_SUCCESS) {
-                       goto failure;
-               }
-               if (siginfo->algorithm == (dns_secalg_t)dst_key_alg(val->key) &&
-                   siginfo->keyid == (dns_keytag_t)dst_key_id(val->key) &&
-                   dst_key_iszonekey(val->key))
-               {
-                       if (foundold) {
-                               /*
-                                * This is the key we're looking for.
-                                */
-                               return (ISC_R_SUCCESS);
-                       } else if (dst_key_compare(oldkey, val->key)) {
-                               foundold = true;
-                               dst_key_free(&oldkey);
+               if (result == ISC_R_SUCCESS) {
+                       if (siginfo->algorithm ==
+                                   (dns_secalg_t)dst_key_alg(val->key) &&
+                           siginfo->keyid ==
+                                   (dns_keytag_t)dst_key_id(val->key) &&
+                           dst_key_iszonekey(val->key))
+                       {
+                               if (foundold) {
+                                       /*
+                                        * This is the key we're looking for.
+                                        */
+                                       return (ISC_R_SUCCESS);
+                               } else if (dst_key_compare(oldkey, val->key)) {
+                                       foundold = true;
+                                       dst_key_free(&oldkey);
+                               }
                         }
+                       dst_key_free(&val->key);
                 }
-               dst_key_free(&val->key);
                 dns_rdata_reset(&rdata);
                 result = dns_rdataset_next(rdataset);
         } while (result == ISC_R_SUCCESS);
author	Mark Andrews <marka@isc.org>
	Tue, 23 Jun 2020 00:26:01 +0000 (10:26 +1000)
committer	Matthijs Mekking <matthijs@isc.org>
	Thu, 25 Jun 2020 11:43:45 +0000 (13:43 +0200)