Log key calculation overflows

2025-08-31 14:35:26 +00:00 · 2024-06-26 14:49:51 +10:00
parent 25845a866e
commit 14a76ae498
1 changed files with 13 additions and 0 deletions
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -86,6 +86,16 @@ static const char *keystatetags[NUM_KEYSTATES] = { "DNSKEY", "ZRRSIG", "KRRSIG",
 static const char *keystatestrings[4] = { "HIDDEN", "RUMOURED", "OMNIPRESENT",
 					  "UNRETENTIVE" };

+static void
+log_key_overflow(dst_key_t *key, const char *what) {
+	char keystr[DST_KEY_FORMATSIZE];
+	dst_key_format(key, keystr, sizeof(keystr));
+	isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC,
+		      ISC_LOG_WARNING,
+		      "keymgr: DNSKEY %s (%s) calculation overflowed", keystr,
+		      what);
+}
+
 /*
 * Print key role.
 *
@@ -299,6 +309,7 @@ keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp,
 		}

 		if (ISC_OVERFLOW_ADD(active, klifetime, &retire)) {
+			log_key_overflow(key->key, "retire");
 			retire = UINT32_MAX;
 		}
 		dst_key_settime(key->key, DST_TIME_INACTIVE, retire);
@@ -403,6 +414,7 @@ keymgr_key_update_lifetime(dns_dnsseckey_t *key, dns_kasp_t *kasp,
 			uint32_t inactive;
 			(void)dst_key_gettime(key->key, DST_TIME_ACTIVATE, &a);
 			if (ISC_OVERFLOW_ADD(a, lifetime, &inactive)) {
+				log_key_overflow(key->key, "inactive");
 				inactive = UINT32_MAX;
 			}
 			dst_key_settime(key->key, DST_TIME_INACTIVE, inactive);
@@ -1883,6 +1895,7 @@ keymgr_key_rollover(dns_kasp_key_t *kaspkey, dns_dnsseckey_t *active_key,
 		uint32_t inactive;

 		if (ISC_OVERFLOW_ADD(active, lifetime, &inactive)) {
+			log_key_overflow(new_key->key, "inactive");
 			inactive = UINT32_MAX;
 		}
 		dst_key_settime(new_key->key, DST_TIME_INACTIVE, inactive);