Process canceled/shut down results in validate_dnskey_dsset_done()

When a validator is already shut down, val->name becomes NULL. We
need to process and keep the ISC_R_CANCELED or ISC_R_SHUTTINGDOWN
result code before calling validate_async_done(), otherwise, when it
is called with the hardcoded DNS_R_NOVALIDSIG result code, it can
cause an assetion failure when val->name (being NULL) is used in
proveunsecure().

diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 62f60c7c42082660d8b5c4fd15d61c13d9c3a9c0..7ad05ef9bb3ba052bd3cec147a9bdb17a078061e 100644 (file)
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -1952,15 +1952,26 @@ get_dsset(dns_validator_t *val, dns_name_t *tname, isc_result_t *resp) {
 
 static void
 validate_dnskey_dsset_done(dns_validator_t *val, isc_result_t result) {
-       if (result == ISC_R_SUCCESS) {
+       switch (result) {
+       case ISC_R_CANCELED:
+       case ISC_R_SHUTTINGDOWN:
+               /* Abort, abort, abort! */
+               break;
+       case ISC_R_SUCCESS:
                marksecure(val);
                validator_log(val, ISC_LOG_DEBUG(3), "marking as secure (DS)");
-       } else if (result == ISC_R_NOMORE && !val->supported_algorithm) {
-               validator_log(val, ISC_LOG_DEBUG(3),
-                             "no supported algorithm/digest (DS)");
-               result = markanswer(val, "validate_dnskey (3)",
-                                   "no supported algorithm/digest (DS)");
-       } else {
+               break;
+       case ISC_R_NOMORE:
+               if (!val->supported_algorithm) {
+                       validator_log(val, ISC_LOG_DEBUG(3),
+                                     "no supported algorithm/digest (DS)");
+                       result = markanswer(
+                               val, "validate_dnskey (3)",
+                               "no supported algorithm/digest (DS)");
+                       break;
+               }
+               FALLTHROUGH;
+       default:
                validator_log(val, ISC_LOG_INFO,
                              "no valid signature found (DS)");
                result = DNS_R_NOVALIDSIG;