Do not call exit() upon isoptout() errors

Replace all check_result() calls inside isoptout() with
zoneverify_log_error() calls and error handling code.  Enable isoptout()
to signal errors to the caller using its return value.

Modify the call site of isoptout() so that its errors are properly
handled.

diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c
index 20e0c41fd2bb3d25f74983be17ff239cad2e9493..f06dd062d31df1212436cd572a87f91f1ae715b6 100644 (file)
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -605,8 +605,8 @@ record_found(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,
        return (ISC_R_SUCCESS);
 }
 
-static isc_boolean_t
-isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
+static isc_result_t
+isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata, isc_boolean_t *optout) {
        dns_rdataset_t rdataset;
        dns_rdata_t rdata = DNS_RDATA_INIT;
        dns_rdata_nsec3_t nsec3;
@@ -617,7 +617,6 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
        dns_dbnode_t *node = NULL;
        unsigned char rawhash[NSEC3_MAX_HASH_LENGTH];
        size_t rhsize = sizeof(rawhash);
-       isc_boolean_t ret;
 
        result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL);
        RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -627,7 +626,11 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
                                    vctx->origin, nsec3param.hash,
                                    nsec3param.iterations, nsec3param.salt,
                                    nsec3param.salt_length);
-       check_result(result, "dns_nsec3_hashname()");
+       if (result != ISC_R_SUCCESS) {
+               zoneverify_log_error(vctx, "dns_nsec3_hashname(): %s",
+                                    isc_result_totext(result));
+               return (result);
+       }
 
        dns_rdataset_init(&rdataset);
        hashname = dns_fixedname_name(&fixed);
@@ -636,24 +639,32 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
                result = dns_db_findrdataset(vctx->db, node, vctx->ver,
                                             dns_rdatatype_nsec3, 0, 0,
                                             &rdataset, NULL);
-       if (result != ISC_R_SUCCESS)
-               return (ISC_FALSE);
+       if (result != ISC_R_SUCCESS) {
+               *optout = ISC_FALSE;
+               result = ISC_R_SUCCESS;
+               goto done;
+       }
 
        result = dns_rdataset_first(&rdataset);
-       check_result(result, "dns_rdataset_first()");
+       if (result != ISC_R_SUCCESS) {
+               zoneverify_log_error(vctx, "dns_rdataset_first(): %s",
+                                    isc_result_totext(result));
+               goto done;
+       }
 
        dns_rdataset_current(&rdataset, &rdata);
 
        result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
        RUNTIME_CHECK(result == ISC_R_SUCCESS);
-       ret = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
+       *optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
 
+ done:
        if (dns_rdataset_isassociated(&rdataset))
                dns_rdataset_disassociate(&rdataset);
        if (node != NULL)
                dns_db_detachnode(vctx->db, &node);
 
-       return (ret);
+       return (result);
 }
 
 static isc_result_t
@@ -672,7 +683,7 @@ verifynsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t *rdata,
        dns_dbnode_t *node = NULL;
        unsigned char rawhash[NSEC3_MAX_HASH_LENGTH];
        size_t rhsize = sizeof(rawhash);
-       isc_boolean_t optout;
+       isc_boolean_t optout = ISC_FALSE;
 
        result = dns_rdata_tostruct(rdata, &nsec3param, NULL);
        RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -683,7 +694,10 @@ verifynsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t *rdata,
        if (!dns_nsec3_supportedhash(nsec3param.hash))
                return (ISC_R_SUCCESS);
 
-       optout = isoptout(vctx, rdata);
+       result = isoptout(vctx, rdata, &optout);
+       if (result != ISC_R_SUCCESS) {
+               return (result);
+       }
 
        dns_fixedname_init(&fixed);
        result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, name,