mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Fix CID 510858: Null ptr derefs in check_keys

Browse Source 
Coverity Scan reported a new issue for the ksr system test. There
is allegedly a null pointer dereference (FORWARD_NULL) in check_keys().

This popped up because previously we set 'retired' to 0 in case of
unlimited lifetime, but we changed it to None.

It is actually a false positive, because if lifetime is unlimited
there will be only one key in 'keys'.

However, the code would be better if we always initialized 'active'
and if it is not the first key and retired is set, set the successor
key's active time to the retire time of the predecessor key.
This commit is contained in:
Matthijs Mekking 2024-10-24 14:03:58 +02:00
parent 81667b13c7
commit e777efb576
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/tests/system/ksr/tests_ksr.py
View File

@ -113,9 +113,8 @@ def check_keys(
created = key.get_timing("Created") + offset created = key.get_timing("Created") + offset
# active: retired previous key # active: retired previous key
if num == 0: active = created
active = created if num > 0 and retired is not None:
else:
active = retired active = retired
# published: dnskey-ttl + publish-safety + propagation # published: dnskey-ttl + publish-safety + propagation