diff options
| author | Vladimír Čunát <vladimir.cunat@nic.cz> | 2023-12-30 09:20:56 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vladimir.cunat@nic.cz> | 2024-02-13 09:47:33 +0100 |
| commit | f9ba52e6f54bc1db122870df50cb364cb977436e (patch) | |
| tree | 030fdf64dd9f3b765789b57fdca2bd7bc1701977 | |
| parent | Merge CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU (diff) | |
| download | knot-resolver-f9ba52e6f54bc1db122870df50cb364cb977436e.tar.xz knot-resolver-f9ba52e6f54bc1db122870df50cb364cb977436e.zip | |
lib/dnssec kr_rrset_validate_with_key(): deduplicate cleanup
| -rw-r--r-- | lib/dnssec.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/lib/dnssec.c b/lib/dnssec.c index d6ae3cc6..c5363572 100644 --- a/lib/dnssec.c +++ b/lib/dnssec.c @@ -356,9 +356,8 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx, int retv = validate_rrsig_rr(&val_flgs, covered_labels, rdata_j, key_alg, keytag, vctx); if (retv == kr_error(EAGAIN)) { - kr_dnssec_key_free(&created_key); vctx->result = retv; - return retv; + goto finish; } else if (retv != 0) { continue; } @@ -392,15 +391,15 @@ static int kr_rrset_validate_with_key(kr_rrset_validation_ctx_t *vctx, trim_ttl(covered, rdata_j, vctx); - kr_dnssec_key_free(&created_key); - vctx->result = kr_ok(); kr_rank_set(&vctx->rrs->at[i]->rank, KR_RANK_SECURE); /* upgrade from bogus */ - return vctx->result; + vctx->result = kr_ok(); + goto finish; } } /* No applicable key found, cannot be validated. */ - kr_dnssec_key_free(&created_key); vctx->result = kr_error(ENOENT); +finish: + kr_dnssec_key_free(&created_key); return vctx->result; } |