From 19395fd1687f00825ece92338311bb8852d23246 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 17 May 2021 14:06:46 +0200 Subject: [PATCH] Fix coverity issue 331478 Move the "cannot start rollover" warning into code block that checks if 'active_key' is not NULL. --- lib/dns/keymgr.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c index 02dbd711e2..1d47da8c33 100644 --- a/lib/dns/keymgr.c +++ b/lib/dns/keymgr.c @@ -1713,6 +1713,20 @@ keymgr_key_rollover(dns_kasp_key_t *kaspkey, dns_dnsseckey_t *active_key, keystr, keymgr_keyrole(active_key->key), dns_kasp_getname(kasp)); } + + /* + * If rollover is not allowed, warn. + */ + if (!rollover) { + dst_key_format(active_key->key, keystr, sizeof(keystr)); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, + DNS_LOGMODULE_DNSSEC, ISC_LOG_WARNING, + "keymgr: DNSKEY %s (%s) is offline in " + "policy %s, cannot start rollover", + keystr, keymgr_keyrole(active_key->key), + dns_kasp_getname(kasp)); + return (ISC_R_SUCCESS); + } } else if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(1))) { char namestr[DNS_NAME_FORMATSIZE]; dns_name_format(origin, namestr, sizeof(namestr)); @@ -1724,20 +1738,6 @@ keymgr_key_rollover(dns_kasp_key_t *kaspkey, dns_dnsseckey_t *active_key, /* It is time to do key rollover, we need a new key. */ - /* - * If rollover is not allowed, warn. - */ - if (!rollover) { - dst_key_format(active_key->key, keystr, sizeof(keystr)); - isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, - DNS_LOGMODULE_DNSSEC, ISC_LOG_WARNING, - "keymgr: DNSKEY %s (%s) is offline in policy %s, " - "cannot start rollover", - keystr, keymgr_keyrole(active_key->key), - dns_kasp_getname(kasp)); - return (ISC_R_SUCCESS); - } - /* * Check if there is a key available in pool because keys * may have been pregenerated with dnssec-keygen.