From d85918aebf8e0ce0d19cc44df3bdf04cfae3b475 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Mon, 2 Sep 2024 14:44:05 +0000 Subject: [PATCH] Process canceled/shut down results in validate_dnskey_dsset_done() When a validator is already shut down, val->name becomes NULL. We need to process and keep the ISC_R_CANCELED or ISC_R_SHUTTINGDOWN result code before calling validate_async_done(), otherwise, when it is called with the hardcoded DNS_R_NOVALIDSIG result code, it can cause an assetion failure when val->name (being NULL) is used in proveunsecure(). --- lib/dns/validator.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 62f60c7c42..7ad05ef9bb 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -1952,15 +1952,26 @@ get_dsset(dns_validator_t *val, dns_name_t *tname, isc_result_t *resp) { static void validate_dnskey_dsset_done(dns_validator_t *val, isc_result_t result) { - if (result == ISC_R_SUCCESS) { + switch (result) { + case ISC_R_CANCELED: + case ISC_R_SHUTTINGDOWN: + /* Abort, abort, abort! */ + break; + case ISC_R_SUCCESS: marksecure(val); validator_log(val, ISC_LOG_DEBUG(3), "marking as secure (DS)"); - } else if (result == ISC_R_NOMORE && !val->supported_algorithm) { - validator_log(val, ISC_LOG_DEBUG(3), - "no supported algorithm/digest (DS)"); - result = markanswer(val, "validate_dnskey (3)", - "no supported algorithm/digest (DS)"); - } else { + break; + case ISC_R_NOMORE: + if (!val->supported_algorithm) { + validator_log(val, ISC_LOG_DEBUG(3), + "no supported algorithm/digest (DS)"); + result = markanswer( + val, "validate_dnskey (3)", + "no supported algorithm/digest (DS)"); + break; + } + FALLTHROUGH; + default: validator_log(val, ISC_LOG_INFO, "no valid signature found (DS)"); result = DNS_R_NOVALIDSIG;