Do not call exit() upon verifynode() errors

Make verifynode() return the verification result through a separate
pointer, thus making it possible to signal errors using function
return value.  Replace all fatal() and check_result() calls inside
verifynode() with zoneverify_log_error() calls and error handling code.
Add a REQUIRE assertion to emphasize verifynode() may be called with
some of its arguments set to NULL.

Modify all call sites of verifynode() so that its errors are properly
handled.

diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c
index 3627f38a8001c0ebd5db8b8780fd93039f1e2559..e29646cdbdcf7c080fdd3e12cc31b6a7cbe061d0 100644 (file)
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -804,16 +804,22 @@ static isc_result_t
 verifynode(vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,
           isc_boolean_t delegation, dns_rdataset_t *keyrdataset,
           dns_rdataset_t *nsecset, dns_rdataset_t *nsec3paramset,
-          dns_name_t *nextname)
+          dns_name_t *nextname, isc_result_t *vresult)
 {
        unsigned char types[8192];
        unsigned int maxtype = 0;
        dns_rdataset_t rdataset; dns_rdatasetiter_t *rdsiter = NULL;
        isc_result_t result, tresult;
 
+       REQUIRE(vresult != NULL || (nsecset == NULL && nsec3paramset == NULL));
+
        memset(types, 0, sizeof(types));
        result = dns_db_allrdatasets(vctx->db, node, vctx->ver, 0, &rdsiter);
-       check_result(result, "dns_db_allrdatasets()");
+       if (result != ISC_R_SUCCESS) {
+               zoneverify_log_error(vctx, "dns_db_allrdatasets(): %s",
+                                    isc_result_totext(result));
+               return (result);
+       }
        result = dns_rdatasetiter_first(rdsiter);
        dns_rdataset_init(&rdataset);
        while (result == ISC_R_SUCCESS) {
@@ -843,23 +849,32 @@ verifynode(vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,
                dns_rdataset_disassociate(&rdataset);
                result = dns_rdatasetiter_next(rdsiter);
        }
-       if (result != ISC_R_NOMORE)
-               fatal("rdataset iteration failed: %s",
-                     isc_result_totext(result));
        dns_rdatasetiter_destroy(&rdsiter);
+       if (result != ISC_R_NOMORE) {
+               zoneverify_log_error(vctx, "rdataset iteration failed: %s",
+                                    isc_result_totext(result));
+               return (result);
+       }
 
-       result = ISC_R_SUCCESS;
+       if (vresult == NULL) {
+               return (ISC_R_SUCCESS);
+       }
+
+       *vresult = ISC_R_SUCCESS;
 
-       if (nsecset != NULL && dns_rdataset_isassociated(nsecset))
-               result = verifynsec(vctx, name, node, nextname);
+       if (nsecset != NULL && dns_rdataset_isassociated(nsecset)) {
+               *vresult = verifynsec(vctx, name, node, nextname);
+       }
 
        if (nsec3paramset != NULL && dns_rdataset_isassociated(nsec3paramset)) {
                tresult = verifynsec3s(vctx, name, nsec3paramset, delegation,
                                       ISC_FALSE, types, maxtype);
-               if (result == ISC_R_SUCCESS && tresult != ISC_R_SUCCESS)
-                       result = tresult;
+               if (*vresult == ISC_R_SUCCESS) {
+                       *vresult = tresult;
+               }
        }
-       return (result);
+
+       return (ISC_R_SUCCESS);
 }
 
 static isc_result_t
@@ -1436,6 +1451,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
        dns_dbnode_t *node = NULL, *nextnode;
        dns_dbiterator_t *dbiter = NULL;
        isc_boolean_t done = ISC_FALSE;
+       isc_result_t tvresult;
        isc_result_t result;
 
        name = dns_fixedname_initname(&fname);
@@ -1552,11 +1568,16 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
                }
                result = verifynode(vctx, name, node, isdelegation,
                                    &vctx->keyset, &vctx->nsecset,
-                                   &vctx->nsec3paramset, nextname);
+                                   &vctx->nsec3paramset, nextname, &tvresult);
+               if (result != ISC_R_SUCCESS) {
+                       dns_db_detachnode(vctx->db, &node);
+                       goto done;
+               }
                if (*vresult == ISC_R_UNSET)
                        *vresult = ISC_R_SUCCESS;
-               if (*vresult == ISC_R_SUCCESS && result != ISC_R_SUCCESS)
-                       *vresult = result;
+               if (*vresult == ISC_R_SUCCESS) {
+                       *vresult = tvresult;
+               }
                if (prevname != NULL) {
                        result = verifyemptynodes(vctx, name, prevname,
                                                  isdelegation,
@@ -1589,7 +1610,7 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
                        goto done;
                }
                result = verifynode(vctx, name, node, ISC_FALSE, &vctx->keyset,
-                                   NULL, NULL, NULL);
+                                   NULL, NULL, NULL, NULL);
                if (result != ISC_R_SUCCESS) {
                        zoneverify_log_error(vctx, "verifynode: %s",
                                             isc_result_totext(result));