Process canceled/shut down results in validate_dnskey_dsset_done()

When a validator is already shut down, val->name becomes NULL. We need to process and keep the ISC_R_CANCELED or ISC_R_SHUTTINGDOWN result code before calling validate_async_done(), otherwise, when it is called with the hardcoded DNS_R_NOVALIDSIG result code, it can cause an assetion failure when val->name (being NULL) is used in proveunsecure().
2025-08-31 14:35:26 +00:00 · 2024-09-02 14:44:05 +00:00
parent 8a09d54d6b
commit d85918aebf
1 changed files with 18 additions and 7 deletions
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -1952,15 +1952,26 @@ get_dsset(dns_validator_t *val, dns_name_t *tname, isc_result_t *resp) {

 static void
 validate_dnskey_dsset_done(dns_validator_t *val, isc_result_t result) {
-	if (result == ISC_R_SUCCESS) {
+	switch (result) {
+	case ISC_R_CANCELED:
+	case ISC_R_SHUTTINGDOWN:
+		/* Abort, abort, abort! */
+		break;
+	case ISC_R_SUCCESS:
 		marksecure(val);
 		validator_log(val, ISC_LOG_DEBUG(3), "marking as secure (DS)");
-	} else if (result == ISC_R_NOMORE && !val->supported_algorithm) {
-		validator_log(val, ISC_LOG_DEBUG(3),
-			      "no supported algorithm/digest (DS)");
-		result = markanswer(val, "validate_dnskey (3)",
-				    "no supported algorithm/digest (DS)");
-	} else {
+		break;
+	case ISC_R_NOMORE:
+		if (!val->supported_algorithm) {
+			validator_log(val, ISC_LOG_DEBUG(3),
+				      "no supported algorithm/digest (DS)");
+			result = markanswer(
+				val, "validate_dnskey (3)",
+				"no supported algorithm/digest (DS)");
+			break;
+		}
+		FALLTHROUGH;
+	default:
 		validator_log(val, ISC_LOG_INFO,
 			      "no valid signature found (DS)");
 		result = DNS_R_NOVALIDSIG;