Merge branch '4552-keymgr-depends-function-bug-v9.18' into 'bind-9.18'

[9.18] Fix bug in keymgr Depends function See merge request isc-projects/bind9!8859
2026-06-11 14:00:00 -04:00 · 2024-03-13 18:23:49 +00:00 · 2024-03-13 18:23:49 +00:00 · 0ea08e6dc0
commit 0ea08e6dc0
parent edc44ff82a 3ecccb678f
2 changed files with 10 additions and 1 deletions
--- a/4
+++ b/4
@ -1,4 +1,6 @@
-6356.	[bug]		Create the pruning task in the dns_cache_flush(), so
+6359.	[bug]		Fix bug in Depends (keymgr_dep) function. [GL #4552]
+
+6356.	[bug]		Attach the loop also in the dns_cache_flush(), so
 			the cache pruning still works after the flush.
 			[GL #4621]

--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@ -617,6 +617,13 @@ keymgr_dep(dst_key_t *k, dns_dnsseckeylist_t *keyring, uint32_t *dep) {
 		 * Check if k is a direct successor of d, e.g. d depends on k.
 		 */
 		if (keymgr_direct_dep(d->key, k)) {
+			dst_key_state_t hidden[NUM_KEYSTATES] = {
+				HIDDEN, HIDDEN, HIDDEN, HIDDEN
+			};
+			if (keymgr_key_match_state(d->key, k, NA, NA, hidden)) {
+				continue;
+			}
+
 			if (dep != NULL) {
 				*dep = dst_key_id(d->key);
 			}