From: Michał Kępień Date: Fri, 15 Jun 2018 07:59:20 +0000 (+0200) Subject: Do not call exit() upon check_bad_algorithms() errors X-Git-Tag: v9.13.2~31^2~19 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=00ecbad2d0aeb3d7833efdfa10afbeed584c6be7;p=thirdparty%2Fbind9.git Do not call exit() upon check_bad_algorithms() errors Replace all fatal() and fprintf() calls inside check_bad_algorithms() with zoneverify_print() calls and error handling code. Enable check_bad_algorithms() to signal errors to the caller using its return value. Modify the call site of check_bad_algorithms() so that its errors are properly handled. --- diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c index 4d592424c83..2f724f5931d 100644 --- a/lib/dns/zoneverify.c +++ b/lib/dns/zoneverify.c @@ -1526,26 +1526,31 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) { dns_dbiterator_destroy(&dbiter); } -static void +static isc_result_t check_bad_algorithms(const vctx_t *vctx) { char algbuf[DNS_SECALG_FORMATSIZE]; isc_boolean_t first = ISC_TRUE; int i; for (i = 0; i < 256; i++) { - if (vctx->bad_algorithms[i] != 0) { - if (first) - fprintf(stderr, "The zone is not fully signed " - "for the following algorithms:"); - dns_secalg_format(i, algbuf, sizeof(algbuf)); - fprintf(stderr, " %s", algbuf); - first = ISC_FALSE; + if (vctx->bad_algorithms[i] == 0) { + continue; + } + if (first) { + zoneverify_print(vctx, + "The zone is not fully signed for " + "the following algorithms:"); } + dns_secalg_format(i, algbuf, sizeof(algbuf)); + zoneverify_print(vctx, " %s", algbuf); + first = ISC_FALSE; } + if (!first) { - fprintf(stderr, ".\n"); - fatal("DNSSEC completeness test failed."); + zoneverify_print(vctx, ".\n"); } + + return (first ? ISC_R_SUCCESS : ISC_R_FAILURE); } static void @@ -1619,7 +1624,11 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS) vresult = result; - check_bad_algorithms(&vctx); + result = check_bad_algorithms(&vctx); + if (result != ISC_R_SUCCESS) { + zoneverify_print(&vctx, "DNSSEC completeness test failed.\n"); + goto done; + } if (vresult != ISC_R_SUCCESS) fatal("DNSSEC completeness test failed (%s).",