From a3d0476d1793a2095047c8e911b33f8bf0ee04cf Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 13 Dec 2023 17:55:09 +1100 Subject: [PATCH] Don't look for KSK status here and squash memory leak Just remove the key from consideration as it is being removed. The old code could leak a key reference as dst_free_key was not called every time we continued. This simplification will address this as well. --- lib/dns/zone.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 8ade0e8cb0..1ab0b2e4e4 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -9149,16 +9149,7 @@ zone_sign(dns_zone_t *zone) { if (ALG(zone_keys[i]) == signing->algorithm && dst_key_id(zone_keys[i]) == signing->keyid) { - bool ksk = false; - isc_result_t ret = dst_key_getbool( - zone_keys[i], DST_BOOL_KSK, - &ksk); - if (ret != ISC_R_SUCCESS) { - ksk = KSK(zone_keys[i]); - } - if (ksk) { - dst_key_free(&zone_keys[i]); - } + dst_key_free(&zone_keys[i]); continue; } zone_keys[j] = zone_keys[i];