From: Aram Sargsyan Date: Mon, 2 Sep 2024 14:44:05 +0000 (+0000) Subject: Process canceled/shut down results in validate_dnskey_dsset_done() X-Git-Tag: v9.21.1~3^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d85918aebf8e0ce0d19cc44df3bdf04cfae3b475;p=thirdparty%2Fbind9.git Process canceled/shut down results in validate_dnskey_dsset_done() When a validator is already shut down, val->name becomes NULL. We need to process and keep the ISC_R_CANCELED or ISC_R_SHUTTINGDOWN result code before calling validate_async_done(), otherwise, when it is called with the hardcoded DNS_R_NOVALIDSIG result code, it can cause an assetion failure when val->name (being NULL) is used in proveunsecure(). --- diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 62f60c7c420..7ad05ef9bb3 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -1952,15 +1952,26 @@ get_dsset(dns_validator_t *val, dns_name_t *tname, isc_result_t *resp) { static void validate_dnskey_dsset_done(dns_validator_t *val, isc_result_t result) { - if (result == ISC_R_SUCCESS) { + switch (result) { + case ISC_R_CANCELED: + case ISC_R_SHUTTINGDOWN: + /* Abort, abort, abort! */ + break; + case ISC_R_SUCCESS: marksecure(val); validator_log(val, ISC_LOG_DEBUG(3), "marking as secure (DS)"); - } else if (result == ISC_R_NOMORE && !val->supported_algorithm) { - validator_log(val, ISC_LOG_DEBUG(3), - "no supported algorithm/digest (DS)"); - result = markanswer(val, "validate_dnskey (3)", - "no supported algorithm/digest (DS)"); - } else { + break; + case ISC_R_NOMORE: + if (!val->supported_algorithm) { + validator_log(val, ISC_LOG_DEBUG(3), + "no supported algorithm/digest (DS)"); + result = markanswer( + val, "validate_dnskey (3)", + "no supported algorithm/digest (DS)"); + break; + } + FALLTHROUGH; + default: validator_log(val, ISC_LOG_INFO, "no valid signature found (DS)"); result = DNS_R_NOVALIDSIG;