From ee06182057073bb3d4831bba00bea1277d01b9ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 15 Jun 2018 09:59:20 +0200 Subject: [PATCH] Use RUNTIME_CHECK instead of check_result() where it is safe to do so Replace calls to check_result() with RUNTIME_CHECK assertions for all dns_rdata_tostruct() calls in lib/dns/zoneverify.c as this function cannot fail when the "mctx" argument is NULL (and that is the case for all call sites of this function throughout lib/dns/zoneverify.c). --- lib/dns/zoneverify.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c index c12eb81d33..e7b532317e 100644 --- a/lib/dns/zoneverify.c +++ b/lib/dns/zoneverify.c @@ -205,7 +205,7 @@ goodsig(const vctx_t *vctx, dns_rdata_t *sigrdata, dns_name_t *name, isc_result_t result; result = dns_rdata_tostruct(sigrdata, &sig, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); for (result = dns_rdataset_first(keyrdataset); result == ISC_R_SUCCESS; @@ -213,7 +213,7 @@ goodsig(const vctx_t *vctx, dns_rdata_t *sigrdata, dns_name_t *name, dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(keyrdataset, &rdata); result = dns_rdata_tostruct(&rdata, &key, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); result = dns_dnssec_keyfromrdata(vctx->origin, &rdata, vctx->mctx, &dstkey); if (result != ISC_R_SUCCESS) @@ -263,7 +263,7 @@ verifynsec(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node, dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &nsec, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); /* Check bit next name is consistent */ if (!dns_name_equal(&nsec.next, nextname)) { dns_name_format(name, namebuf, sizeof(namebuf)); @@ -435,7 +435,7 @@ match_nsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &nsec3, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (nsec3.hash == nsec3param->hash && nsec3.next_length == rhsize && nsec3.iterations == nsec3param->iterations && @@ -478,7 +478,7 @@ match_nsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &nsec3, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (nsec3.hash == nsec3param->hash && nsec3.iterations == nsec3param->iterations && nsec3.salt_length == nsec3param->salt_length && @@ -510,7 +510,7 @@ innsec3params(dns_rdata_nsec3_t *nsec3, dns_rdataset_t *nsec3paramset) { dns_rdataset_current(nsec3paramset, &rdata); result = dns_rdata_tostruct(&rdata, &nsec3param, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (nsec3param.flags == 0 && nsec3param.hash == nsec3->hash && nsec3param.iterations == nsec3->iterations && @@ -556,7 +556,7 @@ record_found(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node, dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &nsec3, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (nsec3.next_length != isc_buffer_usedlength(&b)) continue; /* @@ -594,7 +594,7 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) { isc_boolean_t ret; result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); dns_fixedname_init(&fixed); result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, vctx->origin, @@ -619,10 +619,8 @@ isoptout(const vctx_t *vctx, dns_rdata_t *nsec3rdata) { dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &nsec3, NULL); - if (result != ISC_R_SUCCESS) - ret = ISC_FALSE; - else - ret = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + ret = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); @@ -650,7 +648,7 @@ verifynsec3(const vctx_t *vctx, dns_name_t *name, dns_rdata_t *rdata, isc_boolean_t optout; result = dns_rdata_tostruct(rdata, &nsec3param, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (nsec3param.flags != 0) return (ISC_R_SUCCESS); @@ -774,7 +772,7 @@ verifyset(vctx_t *vctx, dns_rdataset_t *rdataset, dns_name_t *name, dns_rdataset_current(&sigrdataset, &rdata); result = dns_rdata_tostruct(&rdata, &sig, NULL); - check_result(result, "dns_rdata_tostruct()"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (rdataset->ttl != sig.originalttl) { dns_name_format(name, namebuf, sizeof(namebuf)); dns_rdatatype_format(rdataset->type, typebuf, @@ -1270,7 +1268,7 @@ check_dnskey(vctx_t *vctx) { result = dns_rdataset_next(&vctx->keyset)) { dns_rdataset_current(&vctx->keyset, &rdata); result = dns_rdata_tostruct(&rdata, &dnskey, NULL); - check_result(result, "dns_rdata_tostruct"); + RUNTIME_CHECK(result == ISC_R_SUCCESS); is_ksk = ISC_TF((dnskey.flags & DNS_KEYFLAG_KSK) != 0); if ((dnskey.flags & DNS_KEYOWNER_ZONE) == 0)