]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 566ad70)
Don't free key in compute_tag in case of failure
authorMatthijs Mekking <github@pletterpet.nl>
Wed, 12 Dec 2018 13:06:10 +0000 (14:06 +0100)
committerEvan Hunt <each@isc.org>
Thu, 21 Feb 2019 01:45:47 +0000 (17:45 -0800)
If `dns_dnssec_keyfromrdata` failed we don't need to call
`dst_key_free` because no `dstkey` was created.  Doing so
nevertheless will result in an assertion failure.

This can happen if the key uses an unsupported algorithm.

lib/dns/zone.c patch | blob | blame | history

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index a4e0f42e44fe682b5a19b37951412f9a835f1d96..fd18e512730fb655b7ccca2e04d1012a00ad25a6 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -3931,9 +3931,10 @@ compute_tag(dns_name_t *name, dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx,
                             dns_rdatatype_dnskey, dnskey, &buffer);
 
        result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &dstkey);
-       if (result == ISC_R_SUCCESS)
+       if (result == ISC_R_SUCCESS) {
                *tag = dst_key_id(dstkey);
-       dst_key_free(&dstkey);
+               dst_key_free(&dstkey);
+       }
 
        return (result);
 }
Mirror of https://gitlab.isc.org/isc-projects/bind9.git