Use RUNTIME_CHECK instead of check_result() where it is safe to do so

Replace calls to check_result() with RUNTIME_CHECK assertions for all dns_rdata_tostruct() calls in lib/dns/zoneverify.c as this function cannot fail when the "mctx" argument is NULL (and that is the case for all call sites of this function throughout lib/dns/zoneverify.c).
2018-06-15 09:59:20 +02:00
parent fc6b5ad585
commit ee06182057
1 changed files with 13 additions and 15 deletions
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -205,7 +205,7 @@ goodsig(const vctx_t *vctx, dns_rdata_t *sigrdata, dns_name_t *name,
 	isc_result_t result;

 	result = dns_rdata_tostruct(sigrdata, &sig, NULL);
-	check_result(result, "dns_rdata_tostruct()");
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);

 	for (result = dns_rdataset_first(keyrdataset);
 	     result == ISC_R_SUCCESS;
@@ -213,7 +213,7 @@ goodsig(const vctx_t *vctx, dns_rdata_t *sigrdata, dns_name_t *name,
 		dns_rdata_t rdata = DNS_RDATA_INIT;
 		dns_rdataset_current(keyrdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &key, NULL);
-		check_result(result, "dns_rdata_tostruct()");
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		result = dns_dnssec_keyfromrdata(vctx->origin, &rdata,
 						 vctx->mctx, &dstkey);
 		if (result != ISC_R_SUCCESS)
@@ -263,7 +263,7 @@ verifynsec(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,

 	dns_rdataset_current(&rdataset, &rdata);
 	result = dns_rdata_tostruct(&rdata, &nsec, NULL);
-	check_result(result, "dns_rdata_tostruct()");
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
 	/* Check bit next name is consistent */
 	if (!dns_name_equal(&nsec.next, nextname)) {
 		dns_name_format(name, namebuf, sizeof(namebuf));
@@ -435,7 +435,7 @@ match_nsec3(const vctx_t *vctx, dns_name_t *name,
 		dns_rdata_t rdata = DNS_RDATA_INIT;
 		dns_rdataset_current(rdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
-		check_result(result, "dns_rdata_tostruct()");
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		if (nsec3.hash == nsec3param->hash &&
 		    nsec3.next_length == rhsize &&
 		    nsec3.iterations == nsec3param->iterations &&
@@ -478,7 +478,7 @@ match_nsec3(const vctx_t *vctx, dns_name_t *name,
 		dns_rdata_t rdata = DNS_RDATA_INIT;
 		dns_rdataset_current(rdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
-		check_result(result, "dns_rdata_tostruct()");
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		if (nsec3.hash == nsec3param->hash &&
 		    nsec3.iterations == nsec3param->iterations &&
 		    nsec3.salt_length == nsec3param->salt_length &&
@@ -510,7 +510,7 @@ innsec3params(dns_rdata_nsec3_t *nsec3, dns_rdataset_t *nsec3paramset) {

 		dns_rdataset_current(nsec3paramset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
-		check_result(result, "dns_rdata_tostruct()");
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		if (nsec3param.flags == 0 &&
 		    nsec3param.hash == nsec3->hash &&
 		    nsec3param.iterations == nsec3->iterations &&
@@ -556,7 +556,7 @@ record_found(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node,
 		dns_rdata_t rdata = DNS_RDATA_INIT;
 		dns_rdataset_current(&rdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
-		check_result(result, "dns_rdata_tostruct()");
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		if (nsec3.next_length != isc_buffer_usedlength(&b))
 			continue;
 		/*
@@ -594,7 +594,7 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
 	isc_boolean_t ret;

 	result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL);
-	check_result(result, "dns_rdata_tostruct()");
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);

 	dns_fixedname_init(&fixed);
 	result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, vctx->origin,
@@ -619,10 +619,8 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) {
 	dns_rdataset_current(&rdataset, &rdata);

 	result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
-	if (result != ISC_R_SUCCESS)
-		ret = ISC_FALSE;
-	else
-		ret = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
+	ret = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0);

 	if (dns_rdataset_isassociated(&rdataset))
 		dns_rdataset_disassociate(&rdataset);
@@ -650,7 +648,7 @@ verifynsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t *rdata,
 	isc_boolean_t optout;

 	result = dns_rdata_tostruct(rdata, &nsec3param, NULL);
-	check_result(result, "dns_rdata_tostruct()");
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);

 	if (nsec3param.flags != 0)
 		return (ISC_R_SUCCESS);
@@ -774,7 +772,7 @@ verifyset(vctx_t *vctx, dns_rdataset_t *rdataset, dns_name_t *name,

 		dns_rdataset_current(&sigrdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &sig, NULL);
-		check_result(result, "dns_rdata_tostruct()");
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		if (rdataset->ttl != sig.originalttl) {
 			dns_name_format(name, namebuf, sizeof(namebuf));
 			dns_rdatatype_format(rdataset->type, typebuf,
@@ -1270,7 +1268,7 @@ check_dnskey(vctx_t *vctx) {
 	     result = dns_rdataset_next(&vctx->keyset)) {
 		dns_rdataset_current(&vctx->keyset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
-		check_result(result, "dns_rdata_tostruct");
+		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		is_ksk = ISC_TF((dnskey.flags & DNS_KEYFLAG_KSK) != 0);

 		if ((dnskey.flags & DNS_KEYOWNER_ZONE) == 0)