From: Mark Andrews <marka@isc.org>
Date: Wed, 13 Dec 2023 06:55:09 +0000 (+1100)
Subject: Don't look for KSK status here and squash memory leak
X-Git-Tag: v9.19.21~23^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a3d0476d1793a2095047c8e911b33f8bf0ee04cf;p=thirdparty%2Fbind9.git

Don't look for KSK status here and squash memory leak

Just remove the key from  consideration as it is being removed.

The old code could leak a key reference as dst_free_key was not
called every time we continued. This simplification will address
this as well.
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 8ade0e8cb0f..1ab0b2e4e43 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -9149,16 +9149,7 @@ zone_sign(dns_zone_t *zone) {
 				if (ALG(zone_keys[i]) == signing->algorithm &&
 				    dst_key_id(zone_keys[i]) == signing->keyid)
 				{
-					bool ksk = false;
-					isc_result_t ret = dst_key_getbool(
-						zone_keys[i], DST_BOOL_KSK,
-						&ksk);
-					if (ret != ISC_R_SUCCESS) {
-						ksk = KSK(zone_keys[i]);
-					}
-					if (ksk) {
-						dst_key_free(&zone_keys[i]);
-					}
+					dst_key_free(&zone_keys[i]);
 					continue;
 				}
 				zone_keys[j] = zone_keys[i];