From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 12 Mar 2024 10:59:38 +0000 (+0100)
Subject: Fix Coverity CID 487882: Error handling issues
X-Git-Tag: v9.19.23~34^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ad33a73f83a847874ba0d2e7e882e394618a3f7a;p=thirdparty%2Fbind9.git

Fix Coverity CID 487882: Error handling issues

The dns_qpiter_next() was called without checking the return value. If
we cannot move the iterator forward, there is no use in calling the
step() function.

/lib/dns/qpzone.c: 2804 in activeempty()
2798     	 * of the name we were searching for. Step the iterator
2799     	 * forward, then step() will continue forward until it
2800     	 * finds a node with active data. If that node is a
2801     	 * subdomain of the one we were looking for, then we're
2802     	 * at an active empty nonterminal node.
2803     	 */
>>>     CID 487882:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "dns_qpiter_next" without checking return value (as is done elsewhere 26 out of 27 times).
2804     	dns_qpiter_next(it, NULL, NULL, NULL);
2805     	return (step(search, it, FORWARD, next) &&
2806     		dns_name_issubdomain(next, current));
2807     }
---

diff --git a/lib/dns/qpzone.c b/lib/dns/qpzone.c
index ae77f197a01..615e3e7c533 100644
--- a/lib/dns/qpzone.c
+++ b/lib/dns/qpzone.c
@@ -2786,7 +2786,11 @@ activeempty(qpdb_search_t *search, dns_qpiter_t *it,
 	 * subdomain of the one we were looking for, then we're
 	 * at an active empty nonterminal node.
 	 */
-	dns_qpiter_next(it, NULL, NULL, NULL);
+	isc_result_t result = dns_qpiter_next(it, NULL, NULL, NULL);
+	if (result != ISC_R_SUCCESS) {
+		/* An ENT at the end of the zone is impossible */
+		return (false);
+	}
 	return (step(search, it, FORWARD, next) &&
 		dns_name_issubdomain(next, current));
 }