From e777efb5767a11b2fa3679b6ea4c6ec4290bd23e Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Thu, 24 Oct 2024 14:03:58 +0200 Subject: [PATCH] Fix CID 510858: Null ptr derefs in check_keys Coverity Scan reported a new issue for the ksr system test. There is allegedly a null pointer dereference (FORWARD_NULL) in check_keys(). This popped up because previously we set 'retired' to 0 in case of unlimited lifetime, but we changed it to None. It is actually a false positive, because if lifetime is unlimited there will be only one key in 'keys'. However, the code would be better if we always initialized 'active' and if it is not the first key and retired is set, set the successor key's active time to the retire time of the predecessor key. --- bin/tests/system/ksr/tests_ksr.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bin/tests/system/ksr/tests_ksr.py b/bin/tests/system/ksr/tests_ksr.py index be2c651aa1..793df81c4c 100644 --- a/bin/tests/system/ksr/tests_ksr.py +++ b/bin/tests/system/ksr/tests_ksr.py @@ -113,9 +113,8 @@ def check_keys( created = key.get_timing("Created") + offset # active: retired previous key - if num == 0: - active = created - else: + active = created + if num > 0 and retired is not None: active = retired # published: dnskey-ttl + publish-safety + propagation