From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 18 Jan 2021 08:04:19 +0000 (+0100)
Subject: Fix control flow issue CID 314969 in zoneconf.c
X-Git-Tag: v9.17.10~34^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8df629d0b297188578d807aac03f69f1ef7c70cd;p=thirdparty%2Fbind9.git

Fix control flow issue CID 314969 in zoneconf.c

Coverity Scan identified the following issue in bin/named/zoneconf.c:

    *** CID 314969:  Control flow issues  (DEADCODE)
    /bin/named/zoneconf.c: 2212 in named_zone_inlinesigning()

    if (!inline_signing && !zone_is_dynamic &&
        cfg_map_get(zoptions, "dnssec-policy", &signing) == ISC_R_SUCCESS &&
        signing != NULL)
    {
        if (strcmp(cfg_obj_asstring(signing), "none") != 0) {
            inline_signing = true;
    >>>     CID 314969:  Control flow issues  (DEADCODE)
    >>>     Execution cannot reach the expression ""no"" inside this statement: "dns_zone_log(zone, 1, "inli...".
            dns_zone_log(
                zone, ISC_LOG_DEBUG(1), "inline-signing: %s",
                inline_signing
                ? "implicitly through dnssec-policy"
                : "no");
        } else {
                ...
        }
    }

This is because we first set 'inline_signing = true' and then check
its value in 'dns_zone_log'.
---

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 2765b77e690..74a5c9c8cfe 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -2209,11 +2209,9 @@ named_zone_inlinesigning(dns_zone_t *zone, const cfg_obj_t *zconfig,
 	{
 		if (strcmp(cfg_obj_asstring(signing), "none") != 0) {
 			inline_signing = true;
-			dns_zone_log(
-				zone, ISC_LOG_DEBUG(1), "inline-signing: %s",
-				inline_signing
-					? "implicitly through dnssec-policy"
-					: "no");
+			dns_zone_log(zone, ISC_LOG_DEBUG(1),
+				     "inline-signing: "
+				     "implicitly through dnssec-policy");
 		} else {
 			inline_signing = dns_zone_secure_to_insecure(zone,
 								     true);