From 00ecbad2d0aeb3d7833efdfa10afbeed584c6be7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 15 Jun 2018 09:59:20 +0200 Subject: [PATCH] Do not call exit() upon check_bad_algorithms() errors Replace all fatal() and fprintf() calls inside check_bad_algorithms() with zoneverify_print() calls and error handling code. Enable check_bad_algorithms() to signal errors to the caller using its return value. Modify the call site of check_bad_algorithms() so that its errors are properly handled. --- lib/dns/zoneverify.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c index 4d592424c8..2f724f5931 100644 --- a/lib/dns/zoneverify.c +++ b/lib/dns/zoneverify.c @@ -1526,26 +1526,31 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) { dns_dbiterator_destroy(&dbiter); } -static void +static isc_result_t check_bad_algorithms(const vctx_t *vctx) { char algbuf[DNS_SECALG_FORMATSIZE]; isc_boolean_t first = ISC_TRUE; int i; for (i = 0; i < 256; i++) { - if (vctx->bad_algorithms[i] != 0) { - if (first) - fprintf(stderr, "The zone is not fully signed " - "for the following algorithms:"); - dns_secalg_format(i, algbuf, sizeof(algbuf)); - fprintf(stderr, " %s", algbuf); - first = ISC_FALSE; + if (vctx->bad_algorithms[i] == 0) { + continue; } + if (first) { + zoneverify_print(vctx, + "The zone is not fully signed for " + "the following algorithms:"); + } + dns_secalg_format(i, algbuf, sizeof(algbuf)); + zoneverify_print(vctx, " %s", algbuf); + first = ISC_FALSE; } + if (!first) { - fprintf(stderr, ".\n"); - fatal("DNSSEC completeness test failed."); + zoneverify_print(vctx, ".\n"); } + + return (first ? ISC_R_SUCCESS : ISC_R_FAILURE); } static void @@ -1619,7 +1624,11 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS) vresult = result; - check_bad_algorithms(&vctx); + result = check_bad_algorithms(&vctx); + if (result != ISC_R_SUCCESS) { + zoneverify_print(&vctx, "DNSSEC completeness test failed.\n"); + goto done; + } if (vresult != ISC_R_SUCCESS) fatal("DNSSEC completeness test failed (%s).",