Don't free key in compute_tag in case of failure

If `dns_dnssec_keyfromrdata` failed we don't need to call
`dst_key_free` because no `dstkey` was created.  Doing so
nevertheless will result in an assertion failure.

This can happen if the key uses an unsupported algorithm.

(cherry picked from commit 7a1ca39b950b7d5230b605ac60f15a1cb94e3d69)
(cherry picked from commit 1a39964067ba4107b3ab155cfab4ba8719f1f031)
(cherry picked from commit a92081a2daad9e1b8ce7b31f09c05a51c8c7fd52)

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 24e1cf869318ab006865f8ea7f618ddbde437a48..d1f59168c61bca58019e002ff5b60ae9bc5fdc8d 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -3928,9 +3928,10 @@ compute_tag(dns_name_t *name, dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx,
                             dns_rdatatype_dnskey, dnskey, &buffer);
 
        result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &dstkey);
-       if (result == ISC_R_SUCCESS)
+       if (result == ISC_R_SUCCESS) {
                *tag = dst_key_id(dstkey);
-       dst_key_free(&dstkey);
+               dst_key_free(&dstkey);
+       }
 
        return (result);
 }