Fix control flow issue CID 314969 in zoneconf.c

Coverity Scan identified the following issue in bin/named/zoneconf.c:

    *** CID 314969:  Control flow issues  (DEADCODE)
    /bin/named/zoneconf.c: 2212 in named_zone_inlinesigning()

    if (!inline_signing && !zone_is_dynamic &&
        cfg_map_get(zoptions, "dnssec-policy", &signing) == ISC_R_SUCCESS &&
        signing != NULL)
    {
        if (strcmp(cfg_obj_asstring(signing), "none") != 0) {
            inline_signing = true;
    >>>     CID 314969:  Control flow issues  (DEADCODE)
    >>>     Execution cannot reach the expression ""no"" inside this statement: "dns_zone_log(zone, 1, "inli...".
            dns_zone_log(
                zone, ISC_LOG_DEBUG(1), "inline-signing: %s",
                inline_signing
                ? "implicitly through dnssec-policy"
                : "no");
        } else {
                ...
        }
    }

This is because we first set 'inline_signing = true' and then check
its value in 'dns_zone_log'.

(cherry picked from commit 8df629d0b297188578d807aac03f69f1ef7c70cd)

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 3b1186ad001f0fe2f4624a85cecae2d60672082d..b2bb3731fb290dfb31549ba622b6fbd9d1e97285 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -2179,11 +2179,9 @@ named_zone_inlinesigning(dns_zone_t *zone, const cfg_obj_t *zconfig,
        {
                if (strcmp(cfg_obj_asstring(signing), "none") != 0) {
                        inline_signing = true;
-                       dns_zone_log(
-                               zone, ISC_LOG_DEBUG(1), "inline-signing: %s",
-                               inline_signing
-                                       ? "implicitly through dnssec-policy"
-                                       : "no");
+                       dns_zone_log(zone, ISC_LOG_DEBUG(1),
+                                    "inline-signing: "
+                                    "implicitly through dnssec-policy");
                } else {
                        inline_signing = dns_zone_secure_to_insecure(zone,
                                                                     true);