Fix CID 510858: Null ptr derefs in check_keys

Coverity Scan reported a new issue for the ksr system test. There is allegedly a null pointer dereference (FORWARD_NULL) in check_keys(). This popped up because previously we set 'retired' to 0 in case of unlimited lifetime, but we changed it to None. It is actually a false positive, because if lifetime is unlimited there will be only one key in 'keys'. However, the code would be better if we always initialized 'active' and if it is not the first key and retired is set, set the successor key's active time to the retire time of the predecessor key. (cherry picked from commit e777efb576)
2025-08-30 22:15:20 +00:00 · 2024-10-24 14:03:58 +02:00
parent c905bf1c71
commit 5c724d4c25
1 changed files with 2 additions and 3 deletions
--- a/bin/tests/system/ksr/tests_ksr.py
+++ b/bin/tests/system/ksr/tests_ksr.py
@@ -113,9 +113,8 @@ def check_keys(
        created = key.get_timing("Created") + offset

        # active: retired previous key
-        if num == 0:
-            active = created
-        else:
+        active = created
+        if num > 0 and retired is not None:
            active = retired

        # published: dnskey-ttl + publish-safety + propagation