ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Do not call exit() upon isoptout() errors

Browse Source 
Replace all check_result() calls inside isoptout() with
zoneverify_log_error() calls and error handling code.  Enable isoptout()
to signal errors to the caller using its return value.

Modify the call site of isoptout() so that its errors are properly
handled.
This commit is contained in:
Michał Kępień
2018-06-15 09:59:20 +02:00
parent c76fcdd2a2
commit 0ed3a2b269
1 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
lib/dns/zoneverify.c
View File

@@ -605,8 +605,8 @@ record_found(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,
return (ISC_R_SUCCESS);
}
static isc_boolean_t
isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
static isc_result_t
isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata, isc_boolean_t *optout) {
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_nsec3_t nsec3;
@@ -617,7 +617,6 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
dns_dbnode_t *node = NULL;
unsigned char rawhash[NSEC3_MAX_HASH_LENGTH];
size_t rhsize = sizeof(rawhash);
isc_boolean_t ret;
result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -627,7 +626,11 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
vctx->origin, nsec3param.hash,
nsec3param.iterations, nsec3param.salt,
nsec3param.salt_length);
check_result(result, "dns_nsec3_hashname()");
if (result != ISC_R_SUCCESS) {
zoneverify_log_error(vctx, "dns_nsec3_hashname(): %s",
isc_result_totext(result));
return (result);
}
dns_rdataset_init(&rdataset);
hashname = dns_fixedname_name(&fixed);
@@ -636,24 +639,32 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
result = dns_db_findrdataset(vctx->db, node, vctx->ver,
dns_rdatatype_nsec3, 0, 0,
&rdataset, NULL);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
if (result != ISC_R_SUCCESS) {
*optout = ISC_FALSE;
result = ISC_R_SUCCESS;
goto done;
}
result = dns_rdataset_first(&rdataset);
check_result(result, "dns_rdataset_first()");
if (result != ISC_R_SUCCESS) {
zoneverify_log_error(vctx, "dns_rdataset_first(): %s",
isc_result_totext(result));
goto done;
}
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
ret = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
*optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
done:
if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset);
if (node != NULL)
dns_db_detachnode(vctx->db, &node);
return (ret);
return (result);
}
static isc_result_t
@@ -672,7 +683,7 @@ verifynsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t *rdata,
dns_dbnode_t *node = NULL;
unsigned char rawhash[NSEC3_MAX_HASH_LENGTH];
size_t rhsize = sizeof(rawhash);
isc_boolean_t optout;
isc_boolean_t optout = ISC_FALSE;
result = dns_rdata_tostruct(rdata, &nsec3param, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -683,7 +694,10 @@ verifynsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t *rdata,
if (!dns_nsec3_supportedhash(nsec3param.hash))
return (ISC_R_SUCCESS);
optout = isoptout(vctx, rdata);
result = isoptout(vctx, rdata, &optout);
if (result != ISC_R_SUCCESS) {
return (result);
}
dns_fixedname_init(&fixed);
result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, name,