[9.20] fix: test: Fix CID 510858: Null ptr derefs in check_keys

Coverity Scan reported a new issue for the ksr system test. There is allegedly a null pointer dereference (FORWARD_NULL) in check_keys(). This popped up because previously we set 'retired' to 0 in case of unlimited lifetime, but we changed it to None. It is actually a false positive, because if lifetime is unlimited there will be only one key in 'keys'. However, the code would be better if we always initialized 'active' and if it is not the first key and retired is set, set the successor key's active time to the retire time of the predecessor key. Closes #5004 Backport of MR !9687 Merge branch 'backport-5004-cid-510858-ksr-check-keys-9.20' into 'bind-9.20' See merge request isc-projects/bind9!9693
2025-08-31 14:35:26 +00:00 · 2024-10-25 14:08:04 +00:00
parent c905bf1c71 5c724d4c25
commit 7995ebf009
1 changed files with 2 additions and 3 deletions
--- a/bin/tests/system/ksr/tests_ksr.py
+++ b/bin/tests/system/ksr/tests_ksr.py
@@ -113,9 +113,8 @@ def check_keys(
        created = key.get_timing("Created") + offset

        # active: retired previous key
-        if num == 0:
-            active = created
-        else:
+        active = created
+        if num > 0 and retired is not None:
            active = retired

        # published: dnskey-ttl + publish-safety + propagation