mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 21:17:54 +00:00
Code Issues Releases Wiki Activity

Do not call exit() upon check_no_nsec() errors

Browse Source 
Replace the fatal() call inside check_no_nsec() with a
zoneverify_log_error() call.  Enable check_no_nsec() to signal errors to
the caller using its return value.

Modify all call sites of check_no_nsec() so that its errors are properly
handled.
This commit is contained in:
Michał Kępień 2018-06-15 09:59:20 +02:00
parent 4354f44d9c
commit 04038baf1a
1 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/dns/zoneverify.c
View File

@ -876,8 +876,9 @@ is_empty(const vctx_t *vctx, dns_dbnode_t *node) {
return (ISC_FALSE); return (ISC_FALSE);
} }
static void static isc_result_t
check_no_nsec(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node) { check_no_nsec(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node) {
isc_boolean_t nsec_exists = ISC_FALSE;
dns_rdataset_t rdataset; dns_rdataset_t rdataset;
isc_result_t result; isc_result_t result;
@ -888,11 +889,15 @@ check_no_nsec(const vctx_t *vctx, dns_name_t *name, dns_dbnode_t *node) {
if (result != ISC_R_NOTFOUND) { if (result != ISC_R_NOTFOUND) {
char namebuf[DNS_NAME_FORMATSIZE]; char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf)); dns_name_format(name, namebuf, sizeof(namebuf));
fatal("unexpected NSEC RRset at %s\n", namebuf); zoneverify_log_error(vctx, "unexpected NSEC RRset at %s",
namebuf);
nsec_exists = ISC_TRUE;
} }
if (dns_rdataset_isassociated(&rdataset)) if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset); dns_rdataset_disassociate(&rdataset);
return (nsec_exists ? ISC_R_FAILURE : ISC_R_SUCCESS);
} }
static isc_boolean_t static isc_boolean_t
@ -1460,7 +1465,11 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
goto done; goto done;
} }
if (!dns_name_issubdomain(name, vctx->origin)) { if (!dns_name_issubdomain(name, vctx->origin)) {
check_no_nsec(vctx, name, node); result = check_no_nsec(vctx, name, node);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(vctx->db, &node);
goto done;
}
dns_db_detachnode(vctx->db, &node); dns_db_detachnode(vctx->db, &node);
result = dns_dbiterator_next(dbiter); result = dns_dbiterator_next(dbiter);
if (result == ISC_R_NOMORE) { if (result == ISC_R_NOMORE) {
@ -1501,7 +1510,13 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
(zonecut != NULL && (zonecut != NULL &&
dns_name_issubdomain(nextname, zonecut))) dns_name_issubdomain(nextname, zonecut)))
{ {
check_no_nsec(vctx, nextname, nextnode); result = check_no_nsec(vctx, nextname,
nextnode);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(vctx->db, &node);
dns_db_detachnode(vctx->db, &nextnode);
goto done;
}
dns_db_detachnode(vctx->db, &nextnode); dns_db_detachnode(vctx->db, &nextnode);
result = dns_dbiterator_next(dbiter); result = dns_dbiterator_next(dbiter);
continue; continue;