From: Mark Andrews <marka@isc.org>
Date: Tue, 21 Aug 2012 02:04:09 +0000 (+1000)
Subject: 3367.   [bug]           dns_dnsseckey_create() result was not being checked.
X-Git-Tag: v9.7.7rc1~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a88b9da347f905f898d92c7c5be84f65e8e56ab2;p=thirdparty%2Fbind9.git

3367.   [bug]           dns_dnsseckey_create() result was not being checked.
                        [RT #30685]
---

diff --git a/CHANGES b/CHANGES
index 2ec7a4645fb..618d6748fa0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3367.	[bug]		dns_dnsseckey_create() result was not being checked.
+			[RT #30685]
+
 3366.	[bug]		Fixed Read-After-Write dependency violation for IA64 
 			atomic operations. [RT #25181]
 
diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 91885ec15b2..3569ad7cc84 100644
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -1384,11 +1384,12 @@ dns_dnssec_findmatchingkeys(dns_name_t *origin, const char *directory,
  * the keys in the keyset, regardless of whether they have
  * metadata indicating they should be deactivated or removed.
  */
-static void
+static isc_result_t
 addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
        isc_boolean_t savekeys, isc_mem_t *mctx)
 {
 	dns_dnsseckey_t *key;
+	isc_result_t result;
 
 	/* Skip duplicates */
 	for (key = ISC_LIST_HEAD(*keylist);
@@ -1416,10 +1417,12 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
 		}
 
 		key->source = dns_keysource_zoneapex;
-		return;
+		return (ISC_R_SUCCESS);
 	}
 
-	dns_dnsseckey_create(mctx, newkey, &key);
+	result = dns_dnsseckey_create(mctx, newkey, &key);
+	if (result != ISC_R_SUCCESS)
+		return (result);
 	if (key->legacy || savekeys) {
 		key->force_publish = ISC_TRUE;
 		key->force_sign = dst_key_isprivate(key->key);
@@ -1427,6 +1430,7 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey,
 	key->source = dns_keysource_zoneapex;
 	ISC_LIST_APPEND(*keylist, key, link);
 	*newkey = NULL;
+	return (ISC_R_SUCCESS);
 }
 
 
@@ -1516,7 +1520,7 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
 			goto skip;
 
 		if (public) {
-			addkey(keylist, &pubkey, savekeys, mctx);
+			RETERR(addkey(keylist, &pubkey, savekeys, mctx));
 			goto skip;
 		}
 
@@ -1569,7 +1573,7 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
 		}
 
 		if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
-			addkey(keylist, &pubkey, savekeys, mctx);
+			RETERR(addkey(keylist, &pubkey, savekeys, mctx));
 			goto skip;
 		}
 		RETERR(result);
@@ -1578,7 +1582,7 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
 		if ((dst_key_flags(privkey) & DNS_KEYTYPE_NOAUTH) != 0)
 			goto skip;
 
-		addkey(keylist, &privkey, savekeys, mctx);
+		RETERR(addkey(keylist, &privkey, savekeys, mctx));
  skip:
 		if (pubkey != NULL)
 			dst_key_free(&pubkey);