[Opendnssec-develop] [OpenDNSSEC] #111: Missing sanity check in hsm_get_dnskey()

OpenDNSSEC owner-dnssec-trac at kirei.se
Fri Mar 12 15:50:29 UTC 2010

#111: Missing sanity check in hsm_get_dnskey()
Reporter:  jaroslav.benkovsky@…       |       Owner:  rb     
    Type:  defect                     |      Status:  new    
Priority:  minor                      |   Component:  Unknown
 Version:  1.0.0                      |    Keywords:         
 If a HSM has a private key but not a public key, and the key was imported
 with ods-ksmutil key import, ods-ksmutil key list -verbose propagates
 error to ldns where it aborts with a meaningless assert:

 # ods-ksmutil key list --verbose
 SQLite database set to: /var/opendnssec/kasp.db
 Zone:                           Keytype:      State:    Date of next
 transition:  CKA_ID:                           Repository:
 ods-ksmutil: rdata.c:26: ldns_rdf_size: Assertion `rd != ((void *)0)'
 cz                              ZSK           publish   2010-03-13
 04:00:00       Aborted

 One culprit is in hsm_get_dnskey() in libhsm, as it does not check return
 code from hsm_get_key_rdata().
 2301        ldns_rr_push_rdf(dnskey, hsm_get_key_rdata(ctx, session,

Ticket URL: <http://trac.opendnssec.org/ticket/111>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list