From: Matthijs Mekking <github@pletterpet.nl>
Date: Wed, 12 Dec 2018 13:06:10 +0000 (+0100)
Subject: Don't free key in compute_tag in case of failure
X-Git-Tag: v9.12.4rc1~5^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d4741af21e9373fa3c8ab6a40d0caa429cbdceb;p=thirdparty%2Fbind9.git

Don't free key in compute_tag in case of failure

If `dns_dnssec_keyfromrdata` failed we don't need to call
`dst_key_free` because no `dstkey` was created.  Doing so
nevertheless will result in an assertion failure.

This can happen if the key uses an unsupported algorithm.

(cherry picked from commit 7a1ca39b950b7d5230b605ac60f15a1cb94e3d69)
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index daca1992a79..0667beb9422 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -3929,9 +3929,10 @@ compute_tag(dns_name_t *name, dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx,
 			     dns_rdatatype_dnskey, dnskey, &buffer);
 
 	result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &dstkey);
-	if (result == ISC_R_SUCCESS)
+	if (result == ISC_R_SUCCESS) {
 		*tag = dst_key_id(dstkey);
-	dst_key_free(&dstkey);
+		dst_key_free(&dstkey);
+	}
 
 	return (result);
 }