From 00cb151f8e6a280152f8da3cf9e008fa69599e73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 23 Aug 2023 16:04:44 +0200 Subject: [PATCH] Unobfuscate the code-flow logic in got_transfer_quota() This refactors the code flow in got_transfer_quota() to not use the CHECK() macro as it really obfuscates the code flow logic here. --- lib/dns/zone.c | 64 ++++++++++++++++++++++---------------------------- 1 file changed, 28 insertions(+), 36 deletions(-) diff --git a/lib/dns/zone.c b/lib/dns/zone.c index f9918d172f..9dfa27551e 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -17618,7 +17618,8 @@ got_transfer_quota(void *arg) { isc_tlsctx_cache_t *zmgr_tlsctx_cache = NULL; if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) { - CHECK(ISC_R_CANCELED); + zone_xfrdone(zone, NULL, ISC_R_CANCELED); + return; } now = isc_time_now(); @@ -17633,7 +17634,8 @@ got_transfer_quota(void *arg) { "got_transfer_quota: skipping zone transfer as " "primary %s (source %s) is unreachable (cached)", primary, source); - CHECK(ISC_R_CANCELED); + zone_xfrdone(zone, NULL, ISC_R_CANCELED); + return; } isc_netaddr_fromsockaddr(&primaryip, &primaryaddr); @@ -17711,11 +17713,11 @@ got_transfer_quota(void *arg) { dns_name_t *keyname = dns_remote_keyname(&zone->primaries); result = dns_view_gettsig(view, keyname, &zone->tsigkey); } - if (zone->tsigkey == NULL) { + if (result != ISC_R_SUCCESS) { + INSIST(zone->tsigkey == NULL); result = dns_view_getpeertsig(zone->view, &primaryip, &zone->tsigkey); } - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_ERROR, "could not get TSIG key for zone transfer: %s", @@ -17723,26 +17725,20 @@ got_transfer_quota(void *arg) { } /* - * Get the TLS transport for the primary, if configured + * Get the TLS transport for the primary, if configured. */ - result = ISC_R_NOTFOUND; - if (dns_remote_tlsname(&zone->primaries) != NULL) { dns_view_t *view = dns_zone_getview(zone); dns_name_t *tlsname = dns_remote_tlsname(&zone->primaries); result = dns_view_gettransport(view, DNS_TRANSPORT_TLS, tlsname, &zone->transport); - - dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_INFO, - "got TLS configuration for zone transfer: %s", - isc_result_totext(result)); - } - - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - dns_zone_logc( - zone, DNS_LOGCATEGORY_XFER_IN, ISC_LOG_ERROR, - "could not get TLS configuration for zone transfer: %s", - isc_result_totext(result)); + if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { + dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, + ISC_LOG_ERROR, + "could not get TLS configuration for " + "zone transfer: %s", + isc_result_totext(result)); + } } LOCK_ZONE(zone); @@ -17756,13 +17752,23 @@ got_transfer_quota(void *arg) { zmgr_tlsctx_attach(zone->zmgr, &zmgr_tlsctx_cache); - CHECK(dns_xfrin_create(zone, xfrtype, &primaryaddr, &sourceaddr, - zone->tsigkey, zone->transport, - zmgr_tlsctx_cache, zone->mctx, zone_xfrdone, - &zone->xfr)); + result = dns_xfrin_create(zone, xfrtype, &primaryaddr, &sourceaddr, + zone->tsigkey, zone->transport, + zmgr_tlsctx_cache, zone->mctx, zone_xfrdone, + &zone->xfr); isc_tlsctx_cache_detach(&zmgr_tlsctx_cache); + /* + * Any failure in this function is handled like a failed + * zone transfer. This ensures that we get removed from + * zmgr->xfrin_in_progress. + */ + if (result != ISC_R_SUCCESS) { + zone_xfrdone(zone, NULL, result); + return; + } + LOCK_ZONE(zone); if (xfrtype == dns_rdatatype_axfr) { if (isc_sockaddr_pf(&primaryaddr) == PF_INET) { @@ -17778,20 +17784,6 @@ got_transfer_quota(void *arg) { } } UNLOCK_ZONE(zone); - -failure: - /* - * Any failure in this function is handled like a failed - * zone transfer. This ensures that we get removed from - * zmgr->xfrin_in_progress. - */ - if (result != ISC_R_SUCCESS) { - zone_xfrdone(zone, NULL, result); - } - - if (zmgr_tlsctx_cache != NULL) { - isc_tlsctx_cache_detach(&zmgr_tlsctx_cache); - } } /*