[Opendnssec-develop] [OpenDNSSEC] #111: Missing sanity check in hsm_get_dnskey()

Fri Mar 12 15:50:29 UTC 2010

#111: Missing sanity check in hsm_get_dnskey()
--------------------------------------+-------------------------------------
Reporter:  jaroslav.benkovsky@…       |       Owner:  rb     
    Type:  defect                     |      Status:  new    
Priority:  minor                      |   Component:  Unknown
 Version:  1.0.0                      |    Keywords:         
--------------------------------------+-------------------------------------
 If a HSM has a private key but not a public key, and the key was imported
 with ods-ksmutil key import, ods-ksmutil key list -verbose propagates
 error to ldns where it aborts with a meaningless assert:

 {{{
 # ods-ksmutil key list --verbose
 SQLite database set to: /var/opendnssec/kasp.db
 Keys:
 Zone:                           Keytype:      State:    Date of next
 transition:  CKA_ID:                           Repository:
 Keytag:
 ....
 ods-ksmutil: rdata.c:26: ldns_rdf_size: Assertion `rd != ((void *)0)'
 failed.
 cz                              ZSK           publish   2010-03-13
 04:00:00       Aborted
 }}}

 One culprit is in hsm_get_dnskey() in libhsm, as it does not check return
 code from hsm_get_key_rdata().
 {{{
 2301        ldns_rr_push_rdf(dnskey, hsm_get_key_rdata(ctx, session,
 key));
 }}}

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/111>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC