Address Coverity warnings in keymgr.c

Coverity showed that the return value of `dst_key_gettime` was
unchecked in INITIALIZE_STATE. If DST_TIME_CREATED was not set we
would set the state to be initialized to a weird last changed time.

This would normally not happen because DST_TIME_CREATED is always
set. However, we would rather set the time to now (as the comment
also indicates) not match the creation time.

The comment on INITIALIZE_STATE also needs updating as we no
longer always initialize to HIDDEN.

(cherry picked from commit 564f9dca3578234214eaffc4f6220a73315dde8f)

diff --git a/CHANGES b/CHANGES
index 0ae86b96f9901ff3ecc9f791228d559d4313f3d5..9bb43f2f69a8ada336071433765d07051fa72747 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5386.  [cleanup]       Address Coverity warnings in keymgr.c [GL #1737]
+
+
 5385.  [func]          Make ISC rwlock implementation the default again.
                        [GL #1753]
 

diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 09ba4dc9c47acff6d53feaf985f2eeb26e17e650..5c5bba8e3ba1c73c139c21dfe456675ee331df35 100644 (file)
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -40,17 +40,15 @@
        } while (0)
 
 /*
- * Set key state to HIDDEN and change last changed to now,
- * only if key state has not been set before.
+ * Set key state to `target` state and change last changed
+ * to `time`, only if key state has not been set before.
  */
-#define INITIALIZE_STATE(key, state, time, target)                            \
+#define INITIALIZE_STATE(key, state, timing, target, time)                    \
        do {                                                                  \
                dst_key_state_t s;                                            \
                if (dst_key_getstate((key), (state), &s) == ISC_R_NOTFOUND) { \
-                       isc_stdtime_t t;                                      \
-                       dst_key_gettime((key), DST_TIME_CREATED, &t);         \
-                       dst_key_setstate((key), (state), target);             \
-                       dst_key_settime((key), (time), t);                    \
+                       dst_key_setstate((key), (state), (target));           \
+                       dst_key_settime((key), (timing), time);               \
                }                                                             \
        } while (0)
 
@@ -1286,15 +1284,16 @@ keymgr_key_init(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now) {
 
        /* Set key states for all keys that do not have them. */
        INITIALIZE_STATE(key->key, DST_KEY_DNSKEY, DST_TIME_DNSKEY,
-                        dnskey_state);
+                        dnskey_state, now);
        if (ksk) {
                INITIALIZE_STATE(key->key, DST_KEY_KRRSIG, DST_TIME_KRRSIG,
-                                dnskey_state);
-               INITIALIZE_STATE(key->key, DST_KEY_DS, DST_TIME_DS, ds_state);
+                                dnskey_state, now);
+               INITIALIZE_STATE(key->key, DST_KEY_DS, DST_TIME_DS, ds_state,
+                                now);
        }
        if (zsk) {
                INITIALIZE_STATE(key->key, DST_KEY_ZRRSIG, DST_TIME_ZRRSIG,
-                                zrrsig_state);
+                                zrrsig_state, now);
        }
 }