From 9e879600c140868d357ba928766c49e951363c49 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Wed, 8 Oct 2025 19:26:44 -0700 Subject: [PATCH] standardize CHECK and RETERR macros previously, there were over 40 separate definitions of CHECK macros, of which most used "goto cleanup", and the rest "goto failure" or "goto out". there were another 10 definitions of RETERR, of which most were identical to CHECK, but some simply returned a result code instead of jumping to a cleanup label. this has now been standardized throughout the code base: RETERR is for returning an error code in the case of an error, and CHECK is for jumping to a cleanup tag, which is now always called "cleanup". both macros are defined in isc/util.h. (cherry picked from commit 25c9fb54daaf71fdaa4a53501ad9864b3db6264e) (cherry picked from commit 52bba5cc343cb105232bb1631b97a8577b751fee) --- bin/check/check-tool.c | 7 - bin/check/named-checkconf.c | 7 - bin/delv/delv.c | 7 - bin/named/controlconf.c | 8 - bin/named/logconf.c | 7 - bin/named/server.c | 7 - bin/named/statschannel.c | 8 - bin/named/tkeyconf.c | 23 +- bin/named/transportconf.c | 5 - bin/named/zoneconf.c | 14 - bin/plugins/filter-a.c | 8 - bin/plugins/filter-aaaa.c | 8 - bin/tests/system/dlzexternal/driver/driver.c | 15 +- bin/tests/system/dyndb/driver/util.h | 13 - bin/tests/system/dyndb/driver/zone.c | 11 +- bin/tests/system/hooks/driver/test-async.c | 8 - bin/tests/system/pipelined/pipequeries.c | 18 +- bin/tests/system/rsabigexponent/bigkey.c | 24 +- bin/tests/system/tkey/keycreate.c | 26 +- bin/tests/system/tkey/keydelete.c | 16 +- bin/tools/mdig.c | 86 ++-- fuzz/dns_rdata_fromwire_text.c | 3 +- fuzz/fuzz.h | 5 - fuzz/isc_lex_getmastertoken.c | 1 + fuzz/isc_lex_gettoken.c | 1 + lib/dns/client.c | 7 - lib/dns/diff.c | 11 +- lib/dns/dnssec.c | 253 +++++----- lib/dns/dnstap.c | 7 - lib/dns/dst_api.c | 278 +++++------ lib/dns/dst_parse.c | 99 ++-- lib/dns/dyndb.c | 7 - lib/dns/gssapictx.c | 27 +- lib/dns/journal.c | 88 ++-- lib/dns/keymgr.c | 33 +- lib/dns/masterdump.c | 13 - lib/dns/nsec.c | 13 +- lib/dns/nsec3.c | 151 +++--- lib/dns/opensslecdsa_link.c | 162 +++---- lib/dns/openssleddsa_link.c | 94 ++-- lib/dns/opensslrsa_link.c | 79 ++-- lib/dns/private.c | 23 +- lib/dns/rbt.c | 7 - lib/dns/rbtdb.c | 7 - lib/dns/rcode.c | 7 - lib/dns/rdata.c | 14 - lib/dns/tkey.c | 239 ++++------ lib/dns/ttl.c | 7 - lib/dns/update.c | 147 +----- lib/dns/view.c | 7 - lib/dns/xfrin.c | 151 ++---- lib/dns/zone.c | 470 ++++++++----------- lib/irs/resconf.c | 7 - lib/isc/base32.c | 7 - lib/isc/base64.c | 7 - lib/isc/hex.c | 7 - lib/isc/httpd.c | 8 - lib/isc/include/isc/util.h | 23 + lib/isccfg/namedconf.c | 8 - lib/isccfg/parser.c | 8 - lib/ns/hooks.c | 8 - lib/ns/update.c | 153 ++---- lib/ns/xfrout.c | 60 +-- tests/dns/rbtdb_test.c | 2 - tests/dns/update_test.c | 2 - 65 files changed, 1116 insertions(+), 1921 deletions(-) diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 52b4da821f..0c5fe28c83 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -58,13 +58,6 @@ #define CHECK_LOCAL 1 #endif /* ifndef CHECK_LOCAL */ -#define CHECK(r) \ - do { \ - result = (r); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - #define ERR_IS_CNAME 1 #define ERR_NO_ADDRESSES 2 #define ERR_LOOKUP_FAILURE 3 diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index a303cf187f..c65642ddd5 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -50,13 +50,6 @@ static bool loadplugins = true; isc_log_t *logc = NULL; -#define CHECK(r) \ - do { \ - result = (r); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - /*% usage */ noreturn static void usage(void); diff --git a/bin/delv/delv.c b/bin/delv/delv.c index 0fed3312e4..8348b7d31a 100644 --- a/bin/delv/delv.c +++ b/bin/delv/delv.c @@ -67,13 +67,6 @@ #include -#define CHECK(r) \ - do { \ - result = (r); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - #define MAXNAME (DNS_NAME_MAXTEXT + 1) /* diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index f648ba41ce..efae601177 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -801,14 +801,6 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, } } -#define CHECK(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) { \ - goto cleanup; \ - } \ - } while (0) - static isc_result_t get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { isc_result_t result; diff --git a/bin/named/logconf.c b/bin/named/logconf.c index 3cc220077b..697c2c3d64 100644 --- a/bin/named/logconf.c +++ b/bin/named/logconf.c @@ -31,13 +31,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - /*% * Set up a logging category according to the named.conf data * in 'ccat' and add it to 'logconfig'. diff --git a/bin/named/server.c b/bin/named/server.c index da2fb01709..125bfa8f94 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -172,13 +172,6 @@ * Check an operation for failure. Assumes that the function * using it has a 'result' variable and a 'cleanup' label. */ -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - #define TCHECK(op) \ do { \ tresult = (op); \ diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c index 5a8483714f..a70d6797b5 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c @@ -62,14 +62,6 @@ #define STATS_JSON_VERSION_MINOR "7" #define STATS_JSON_VERSION STATS_JSON_VERSION_MAJOR "." STATS_JSON_VERSION_MINOR -#define CHECK(m) \ - do { \ - result = (m); \ - if (result != ISC_R_SUCCESS) { \ - goto cleanup; \ - } \ - } while (0) - struct named_statschannel { /* Unlocked */ isc_httpdmgr_t *httpdmgr; diff --git a/bin/named/tkeyconf.c b/bin/named/tkeyconf.c index 3b26273bb6..26c171868f 100644 --- a/bin/named/tkeyconf.c +++ b/bin/named/tkeyconf.c @@ -28,16 +28,8 @@ #include -#include - -#define RETERR(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - #include +#include #define LOG(msg) \ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, \ NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, "%s", msg) @@ -47,12 +39,12 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, dns_tkeyctx_t **tctxp) { isc_result_t result; dns_tkeyctx_t *tctx = NULL; - const char *s; + const char *s = NULL; uint32_t n; dns_fixedname_t fname; - dns_name_t *name; + dns_name_t *name = NULL; isc_buffer_t b; - const cfg_obj_t *obj; + const cfg_obj_t *obj = NULL; int type; result = dns_tkeyctx_create(mctx, &tctx); @@ -60,7 +52,6 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, return result; } - obj = NULL; result = cfg_map_get(options, "tkey-dhkey", &obj); if (result == ISC_R_SUCCESS) { s = cfg_obj_asstring(cfg_tuple_get(obj, "name")); @@ -95,8 +86,8 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, isc_buffer_constinit(&b, s, strlen(s)); isc_buffer_add(&b, strlen(s)); name = dns_fixedname_initname(&fname); - RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); - RETERR(dst_gssapi_acquirecred(name, false, &tctx->gsscred)); + CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); + CHECK(dst_gssapi_acquirecred(name, false, &tctx->gsscred)); } obj = NULL; @@ -109,7 +100,7 @@ named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, *tctxp = tctx; return ISC_R_SUCCESS; -failure: +cleanup: dns_tkeyctx_destroy(&tctx); return result; } diff --git a/bin/named/transportconf.c b/bin/named/transportconf.c index cf56cbad0e..e09eca9850 100644 --- a/bin/named/transportconf.c +++ b/bin/named/transportconf.c @@ -190,11 +190,6 @@ failure: return result; } -#define CHECK(f) \ - if ((result = f) != ISC_R_SUCCESS) { \ - goto failure; \ - } - static isc_result_t transport_list_fromconfig(const cfg_obj_t *config, dns_transport_list_t *list) { const cfg_obj_t *obj = NULL; diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index c3cfbe8a98..2194fffe95 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -62,20 +62,6 @@ typedef enum { allow_update_forwarding } acl_type_t; -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - -#define CHECK(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - /*% * Convenience function for configuring a single zone ACL. */ diff --git a/bin/plugins/filter-a.c b/bin/plugins/filter-a.c index db08f459bd..fd8dde59d5 100644 --- a/bin/plugins/filter-a.c +++ b/bin/plugins/filter-a.c @@ -48,14 +48,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) { \ - goto cleanup; \ - } \ - } while (0) - /* * Possible values for the settings of filter-a-on-v6 and * filter-a-on-v4: "no" is NONE, "yes" is FILTER, "break-dnssec" diff --git a/bin/plugins/filter-aaaa.c b/bin/plugins/filter-aaaa.c index 3230881bce..8f05c51ebe 100644 --- a/bin/plugins/filter-aaaa.c +++ b/bin/plugins/filter-aaaa.c @@ -48,14 +48,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) { \ - goto cleanup; \ - } \ - } while (0) - /* * Possible values for the settings of filter-aaaa-on-v4 and * filter-aaaa-on-v6: "no" is NONE, "yes" is FILTER, "break-dnssec" diff --git a/bin/tests/system/dlzexternal/driver/driver.c b/bin/tests/system/dlzexternal/driver/driver.c index 9750fdc96a..47ab393e73 100644 --- a/bin/tests/system/dlzexternal/driver/driver.c +++ b/bin/tests/system/dlzexternal/driver/driver.c @@ -49,13 +49,6 @@ dlz_dlopen_addrdataset_t dlz_addrdataset; dlz_dlopen_subrdataset_t dlz_subrdataset; dlz_dlopen_delrdataset_t dlz_delrdataset; -#define CHECK(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - #define loginfo(...) \ ({ \ if ((state != NULL) && (state->log != NULL)) \ @@ -258,7 +251,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata, const char *helper_name; va_list ap; char soa_data[sizeof("@ hostmaster.root 123 900 600 86400 3600")]; - isc_result_t result; size_t n; UNUSED(dlzname); @@ -306,7 +298,8 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata, } if (n >= sizeof(soa_data)) { - CHECK(ISC_R_NOSPACE); + free(state); + return ISC_R_NOSPACE; } add_name(state, &state->current[0], state->zone_name, "soa", 3600, @@ -320,10 +313,6 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata, *dbdata = state; return ISC_R_SUCCESS; - -failure: - free(state); - return result; } /* diff --git a/bin/tests/system/dyndb/driver/util.h b/bin/tests/system/dyndb/driver/util.h index d59a7fd6ea..ddd935c0c7 100644 --- a/bin/tests/system/dyndb/driver/util.h +++ b/bin/tests/system/dyndb/driver/util.h @@ -39,19 +39,6 @@ #include "log.h" -#define CLEANUP_WITH(result_code) \ - do { \ - result = (result_code); \ - goto cleanup; \ - } while (0) - -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - #define CHECKED_MEM_GET(m, target_ptr, s) \ do { \ (target_ptr) = isc_mem_get((m), (s)); \ diff --git a/bin/tests/system/dyndb/driver/zone.c b/bin/tests/system/dyndb/driver/zone.c index 32f9004b8a..75523a1a22 100644 --- a/bin/tests/system/dyndb/driver/zone.c +++ b/bin/tests/system/dyndb/driver/zone.c @@ -142,8 +142,8 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) { /* Return success if the zone is already in the view as expected. */ result = dns_view_findzone(inst->view, dns_zone_getorigin(zone), &zone_in_view); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto cleanup; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } view_in_zone = dns_zone_getview(zone); @@ -151,7 +151,8 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) { /* Zone has a view set -> view should contain the same zone. */ if (zone_in_view == zone) { /* Zone is already published in the right view. */ - CLEANUP_WITH(ISC_R_SUCCESS); + result = ISC_R_SUCCESS; + goto cleanup; } else if (view_in_zone != inst->view) { /* * Un-published inactive zone will have @@ -161,7 +162,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) { dns_zone_log(zone, ISC_LOG_ERROR, "zone->view doesn't " "match data in the view"); - CLEANUP_WITH(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } } @@ -169,7 +170,7 @@ publish_zone(sample_instance_t *inst, dns_zone_t *zone) { dns_zone_log(zone, ISC_LOG_ERROR, "cannot publish zone: view already " "contains another zone with this name"); - CLEANUP_WITH(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } run_exclusive_enter(inst, &lock_state); diff --git a/bin/tests/system/hooks/driver/test-async.c b/bin/tests/system/hooks/driver/test-async.c index ac38c1626c..8d601b9f32 100644 --- a/bin/tests/system/hooks/driver/test-async.c +++ b/bin/tests/system/hooks/driver/test-async.c @@ -36,14 +36,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) { \ - goto cleanup; \ - } \ - } while (0) - /* * Persistent data for use by this module. This will be associated * with client object address in the hash table, and will remain diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c index b95a987106..11f4c3fd09 100644 --- a/bin/tests/system/pipelined/pipequeries.c +++ b/bin/tests/system/pipelined/pipequeries.c @@ -45,7 +45,7 @@ #include #include -#define CHECK(str, x) \ +#define CHECKM(str, x) \ { \ if ((x) != ISC_R_SUCCESS) { \ fprintf(stderr, "I:%s: %s\n", (str), \ @@ -91,7 +91,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) { result = dns_request_getresponse(reqev->request, response, DNS_MESSAGEPARSE_PRESERVEORDER); - CHECK("dns_request_getresponse", result); + CHECKM("dns_request_getresponse", result); if (response->rcode != dns_rcode_noerror) { result = dns_result_fromrcode(response->rcode); @@ -108,7 +108,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) { result = dns_message_sectiontotext( response, DNS_SECTION_ANSWER, &dns_master_style_simple, DNS_MESSAGETEXTFLAG_NOCOMMENTS, &outbuf); - CHECK("dns_message_sectiontotext", result); + CHECKM("dns_message_sectiontotext", result); printf("%.*s", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); fflush(stdout); @@ -148,7 +148,7 @@ sendquery(isc_task_t *task) { isc_buffer_add(&buf, strlen(host)); result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf, dns_rootname, 0, NULL); - CHECK("dns_name_fromtext", result); + CHECKM("dns_name_fromtext", result); dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message); @@ -158,10 +158,10 @@ sendquery(isc_task_t *task) { message->id = (unsigned short)(random() & 0xFFFF); result = dns_message_gettempname(message, &qname); - CHECK("dns_message_gettempname", result); + CHECKM("dns_message_gettempname", result); result = dns_message_gettemprdataset(message, &qrdataset); - CHECK("dns_message_gettemprdataset", result); + CHECKM("dns_message_gettemprdataset", result); dns_name_clone(dns_fixedname_name(&queryname), qname); dns_rdataset_makequestion(qrdataset, dns_rdataclass_in, @@ -173,7 +173,7 @@ sendquery(isc_task_t *task) { have_src ? &srcaddr : NULL, &dstaddr, DNS_REQUESTOPT_TCP, NULL, TIMEOUT, 0, 0, task, recvresponse, message, &request); - CHECK("dns_request_create", result); + CHECKM("dns_request_create", result); return ISC_R_SUCCESS; } @@ -248,13 +248,13 @@ main(int argc, char *argv[]) { result = ISC_R_FAILURE; if (inet_pton(AF_INET, "10.53.0.7", &inaddr) != 1) { - CHECK("inet_pton", result); + CHECKM("inet_pton", result); } isc_sockaddr_fromin(&srcaddr, &inaddr, 0); result = ISC_R_FAILURE; if (inet_pton(AF_INET, "10.53.0.4", &inaddr) != 1) { - CHECK("inet_pton", result); + CHECKM("inet_pton", result); } isc_sockaddr_fromin(&dstaddr, &inaddr, port); diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c index e6d5c40615..6be31f1904 100644 --- a/bin/tests/system/rsabigexponent/bigkey.c +++ b/bin/tests/system/rsabigexponent/bigkey.c @@ -58,7 +58,7 @@ RSA *rsa; BIGNUM *e; EVP_PKEY *pkey; -#define CHECK(op, msg) \ +#define CHECKM(op, msg) \ do { \ result = (op); \ if (result != ISC_R_SUCCESS) { \ @@ -127,22 +127,20 @@ main(int argc, char **argv) { name = dns_fixedname_initname(&fname); isc_buffer_constinit(&buf, "example.", strlen("example.")); isc_buffer_add(&buf, strlen("example.")); - CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), "dns_name_" - "fromtext(" - "\"example." - "\")"); + CHECKM(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), + "dns_name_fromtext(\"example.\")"); - CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits, - DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC, - dns_rdataclass_in, pkey, mctx, &key), - "dst_key_buildinternal(...)"); + CHECKM(dst_key_buildinternal(name, DNS_KEYALG_RSASHA256, bits, + DNS_KEYOWNER_ZONE, DNS_KEYPROTO_DNSSEC, + dns_rdataclass_in, pkey, mctx, &key), + "dst_key_buildinternal(...)"); - CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL), - "dst_key_tofile()"); + CHECKM(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL), + "dst_key_tofile()"); isc_buffer_init(&buf, filename, sizeof(filename) - 1); isc_buffer_clear(&buf); - CHECK(dst_key_buildfilename(key, 0, NULL, &buf), "dst_key_" - "buildfilename()"); + CHECKM(dst_key_buildfilename(key, 0, NULL, &buf), + "dst_key_buildfilename()"); printf("%s\n", filename); dst_key_free(&key); diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c index 7d023aabed..3d0c9e4246 100644 --- a/bin/tests/system/tkey/keycreate.c +++ b/bin/tests/system/tkey/keycreate.c @@ -40,7 +40,7 @@ #include #include -#define CHECK(str, x) \ +#define CHECKM(str, x) \ { \ if ((x) != ISC_R_SUCCESS) { \ fprintf(stderr, "I:%s: %s\n", (str), \ @@ -90,7 +90,7 @@ recvquery(isc_task_t *task, isc_event_t *event) { result = dns_request_getresponse(reqev->request, response, DNS_MESSAGEPARSE_PRESERVEORDER); - CHECK("dns_request_getresponse", result); + CHECKM("dns_request_getresponse", result); if (response->rcode != dns_rcode_noerror) { result = dns_result_fromrcode(response->rcode); @@ -101,19 +101,19 @@ recvquery(isc_task_t *task, isc_event_t *event) { result = dns_tkey_processdhresponse(query, response, ourkey, &nonce, &tsigkey, ring); - CHECK("dns_tkey_processdhresponse", result); + CHECKM("dns_tkey_processdhresponse", result); /* * Yes, this is a hack. */ isc_buffer_init(&keynamebuf, keyname, sizeof(keyname)); result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf); - CHECK("dst_key_buildfilename", result); + CHECKM("dst_key_buildfilename", result); printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf), (char *)isc_buffer_base(&keynamebuf)); type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY; result = dst_key_tofile(tsigkey->key, type, ""); - CHECK("dst_key_tofile", result); + CHECKM("dst_key_tofile", result); dns_message_detach(&query); dns_message_detach(&response); @@ -141,7 +141,7 @@ sendquery(isc_task_t *task, isc_event_t *event) { result = ISC_R_FAILURE; if (inet_pton(AF_INET, ip_address, &inaddr) != 1) { - CHECK("inet_pton", result); + CHECKM("inet_pton", result); } isc_sockaddr_fromin(&address, &inaddr, port); @@ -150,18 +150,18 @@ sendquery(isc_task_t *task, isc_event_t *event) { isc_buffer_add(&namestr, 9); result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr, NULL, 0, NULL); - CHECK("dns_name_fromtext", result); + CHECKM("dns_name_fromtext", result); dns_fixedname_init(&ownername); isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str)); isc_buffer_add(&namestr, strlen(ownername_str)); result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr, NULL, 0, NULL); - CHECK("dns_name_fromtext", result); + CHECKM("dns_name_fromtext", result); isc_buffer_init(&keybuf, keydata, 9); result = isc_base64_decodestring(keystr, &keybuf); - CHECK("isc_base64_decodestring", result); + CHECKM("isc_base64_decodestring", result); isc_buffer_usedregion(&keybuf, &r); @@ -169,19 +169,19 @@ sendquery(isc_task_t *task, isc_event_t *event) { dns_fixedname_name(&keyname), DNS_TSIG_HMACMD5_NAME, isc_buffer_base(&keybuf), isc_buffer_usedlength(&keybuf), false, NULL, 0, 0, mctx, ring, &initialkey); - CHECK("dns_tsigkey_create", result); + CHECKM("dns_tsigkey_create", result); dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); result = dns_tkey_builddhquery(query, ourkey, dns_fixedname_name(&ownername), DNS_TSIG_HMACMD5_NAME, &nonce, 3600); - CHECK("dns_tkey_builddhquery", result); + CHECKM("dns_tkey_builddhquery", result); result = dns_request_create(requestmgr, query, NULL, &address, DNS_REQUESTOPT_TCP, initialkey, TIMEOUT, 0, 0, task, recvquery, query, &request); - CHECK("dns_request_create", result); + CHECKM("dns_request_create", result); } int @@ -242,7 +242,7 @@ main(int argc, char *argv[]) { type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY; result = dst_key_fromnamedfile(ourkeyname, NULL, type, mctx, &ourkey); - CHECK("dst_key_fromnamedfile", result); + CHECKM("dst_key_fromnamedfile", result); isc_buffer_init(&nonce, noncedata, sizeof(noncedata)); isc_nonce_buf(noncedata, sizeof(noncedata)); diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c index 8fc3aab06d..c4c8a40685 100644 --- a/bin/tests/system/tkey/keydelete.c +++ b/bin/tests/system/tkey/keydelete.c @@ -39,7 +39,7 @@ #include #include -#define CHECK(str, x) \ +#define CHECKM(str, x) \ { \ if ((x) != ISC_R_SUCCESS) { \ fprintf(stderr, "I:%s: %s\n", (str), \ @@ -81,7 +81,7 @@ recvquery(isc_task_t *task, isc_event_t *event) { result = dns_request_getresponse(reqev->request, response, DNS_MESSAGEPARSE_PRESERVEORDER); - CHECK("dns_request_getresponse", result); + CHECKM("dns_request_getresponse", result); if (response->rcode != dns_rcode_noerror) { result = dns_result_fromrcode(response->rcode); @@ -91,7 +91,7 @@ recvquery(isc_task_t *task, isc_event_t *event) { } result = dns_tkey_processdeleteresponse(query, response, ring); - CHECK("dns_tkey_processdhresponse", result); + CHECKM("dns_tkey_processdhresponse", result); dns_message_detach(&query); dns_message_detach(&response); @@ -113,19 +113,19 @@ sendquery(isc_task_t *task, isc_event_t *event) { result = ISC_R_FAILURE; if (inet_pton(AF_INET, ip_address, &inaddr) != 1) { - CHECK("inet_pton", result); + CHECKM("inet_pton", result); } isc_sockaddr_fromin(&address, &inaddr, port); dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); result = dns_tkey_builddeletequery(query, tsigkey); - CHECK("dns_tkey_builddeletequery", result); + CHECKM("dns_tkey_builddeletequery", result); result = dns_request_create(requestmgr, query, NULL, &address, DNS_REQUESTOPT_TCP, tsigkey, TIMEOUT, 0, 0, task, recvquery, query, &request); - CHECK("dns_request_create", result); + CHECKM("dns_request_create", result); } int @@ -184,12 +184,12 @@ main(int argc, char **argv) { type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY; result = dst_key_fromnamedfile(keyname, NULL, type, mctx, &dstkey); - CHECK("dst_key_fromnamedfile", result); + CHECKM("dst_key_fromnamedfile", result); result = dns_tsigkey_createfromkey(dst_key_name(dstkey), DNS_TSIG_HMACMD5_NAME, dstkey, true, NULL, 0, 0, mctx, ring, &tsigkey); dst_key_free(&dstkey); - CHECK("dns_tsigkey_createfromkey", result); + CHECKM("dns_tsigkey_createfromkey", result); (void)isc_app_run(); diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c index e1bbeb125b..90897574ff 100644 --- a/bin/tools/mdig.c +++ b/bin/tools/mdig.c @@ -56,7 +56,7 @@ #include -#define CHECK(str, x) \ +#define CHECKM(str, x) \ { \ if ((x) != ISC_R_SUCCESS) { \ fprintf(stderr, "mdig: %s failed with %s\n", (str), \ @@ -222,7 +222,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) { msgbuf = dns_request_getanswer(reqev->request); result = dns_request_getresponse(reqev->request, response, parseflags); - CHECK("dns_request_getresponse", result); + CHECKM("dns_request_getresponse", result); styleflags |= DNS_STYLEFLAG_REL_OWNER; if (yaml) { @@ -278,7 +278,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) { 48, 80, 8, display_splitwidth, mctx); } - CHECK("dns_master_stylecreate2", result); + CHECKM("dns_master_stylecreate2", result); flags = 0; if (!display_headers) { @@ -342,7 +342,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) { printf(" %s:\n", "response_message_data"); result = dns_message_headertotext(response, style, flags, buf); - CHECK("dns_message_headertotext", result); + CHECKM("dns_message_headertotext", result); } else if (display_comments && !display_short_form) { printf(";; Got answer:\n"); @@ -405,7 +405,7 @@ repopulate_buffer: isc_buffer_allocate(mctx, &buf, len); goto repopulate_buffer; } - CHECK("dns_message_pseudosectiontotext", result); + CHECKM("dns_message_pseudosectiontotext", result); } if (display_question && display_headers && !display_short_form) { @@ -414,7 +414,7 @@ repopulate_buffer: if (result == ISC_R_NOSPACE) { goto buftoosmall; } - CHECK("dns_message_sectiontotext", result); + CHECKM("dns_message_sectiontotext", result); } if (display_answer && !display_short_form) { @@ -423,7 +423,7 @@ repopulate_buffer: if (result == ISC_R_NOSPACE) { goto buftoosmall; } - CHECK("dns_message_sectiontotext", result); + CHECKM("dns_message_sectiontotext", result); } else if (display_answer) { dns_name_t *name; dns_rdataset_t *rdataset; @@ -442,14 +442,14 @@ repopulate_buffer: dns_name_init(&empty_name, NULL); result = dns_message_firstname(response, DNS_SECTION_ANSWER); if (result != ISC_R_NOMORE) { - CHECK("dns_message_firstname", result); + CHECKM("dns_message_firstname", result); } for (;;) { if (result == ISC_R_NOMORE) { break; } - CHECK("dns_message_nextname", result); + CHECKM("dns_message_nextname", result); name = NULL; dns_message_currentname(response, DNS_SECTION_ANSWER, &name); @@ -467,7 +467,7 @@ repopulate_buffer: if (result == ISC_R_NOSPACE) { goto buftoosmall; } - CHECK("dns_rdata_tofmttext", result); + CHECKM("dns_rdata_tofmttext", result); loopresult = dns_rdataset_next(rdataset); dns_rdata_reset(&rdata); @@ -490,7 +490,7 @@ repopulate_buffer: if (result == ISC_R_NOSPACE) { goto buftoosmall; } - CHECK("dns_message_sectiontotext", result); + CHECKM("dns_message_sectiontotext", result); } if (display_additional && !display_short_form) { @@ -499,7 +499,7 @@ repopulate_buffer: if (result == ISC_R_NOSPACE) { goto buftoosmall; } - CHECK("dns_message_sectiontotext", result); + CHECKM("dns_message_sectiontotext", result); } if (display_additional && !display_short_form && display_headers) { @@ -511,13 +511,13 @@ repopulate_buffer: if (result == ISC_R_NOSPACE) { goto buftoosmall; } - CHECK("dns_message_pseudosectiontotext", result); + CHECKM("dns_message_pseudosectiontotext", result); result = dns_message_pseudosectiontotext( response, DNS_PSEUDOSECTION_SIG0, style, flags, buf); if (result == ISC_R_NOSPACE) { goto buftoosmall; } - CHECK("dns_message_pseudosectiontotext", result); + CHECKM("dns_message_pseudosectiontotext", result); } if (display_headers && display_comments && !display_short_form && !yaml) @@ -562,9 +562,9 @@ add_opt(dns_message_t *msg, uint16_t udpsize, uint16_t edns, unsigned int flags, result = dns_message_buildopt(msg, &rdataset, edns, udpsize, flags, opts, count); - CHECK("dns_message_buildopt", result); + CHECKM("dns_message_buildopt", result); result = dns_message_setopt(msg, rdataset); - CHECK("dns_message_setopt", result); + CHECKM("dns_message_setopt", result); } static void @@ -592,7 +592,7 @@ sendquery(struct query *query, isc_task_t *task) { isc_buffer_add(&buf, strlen(query->textname)); result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf, dns_rootname, 0, NULL); - CHECK("dns_name_fromtext", result); + CHECKM("dns_name_fromtext", result); dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message); @@ -616,10 +616,10 @@ sendquery(struct query *query, isc_task_t *task) { message->id = (unsigned short)(random() & 0xFFFF); result = dns_message_gettempname(message, &qname); - CHECK("dns_message_gettempname", result); + CHECKM("dns_message_gettempname", result); result = dns_message_gettemprdataset(message, &qrdataset); - CHECK("dns_message_gettemprdataset", result); + CHECKM("dns_message_gettemprdataset", result); dns_name_clone(dns_fixedname_name(&queryname), qname); dns_rdataset_makequestion(qrdataset, query->rdclass, query->rdtype); @@ -668,7 +668,7 @@ sendquery(struct query *query, isc_task_t *task) { INSIST(i < DNS_EDNSOPTIONS); opts[i].code = DNS_OPT_CLIENT_SUBNET; opts[i].length = (uint16_t)addrl + 4; - CHECK("isc_buffer_allocate", result); + CHECKM("isc_buffer_allocate", result); isc_buffer_init(&b, ecsbuf, sizeof(ecsbuf)); if (sa->sa_family == AF_INET) { family = 1; @@ -713,7 +713,7 @@ sendquery(struct query *query, isc_task_t *task) { isc_buffer_init(&b, cookie, sizeof(cookie)); result = isc_hex_decodestring(query->cookie, &b); - CHECK("isc_hex_decodestring", result); + CHECKM("isc_hex_decodestring", result); opts[i].value = isc_buffer_base(&b); opts[i].length = isc_buffer_usedlength(&b); } else { @@ -756,7 +756,7 @@ sendquery(struct query *query, isc_task_t *task) { requestmgr, message, have_src ? &srcaddr : NULL, &dstaddr, options, NULL, query->timeout, query->udptimeout, query->udpretries, task, recvresponse, message, &request); - CHECK("dns_request_create", result); + CHECKM("dns_request_create", result); return ISC_R_SUCCESS; } @@ -973,7 +973,7 @@ save_opt(struct query *query, char *code, char *value) { buf = isc_mem_allocate(mctx, strlen(value) / 2 + 1); isc_buffer_init(&b, buf, strlen(value) / 2 + 1); result = isc_hex_decodestring(value, &b); - CHECK("isc_hex_decodestring", result); + CHECKM("isc_hex_decodestring", result); query->ednsopts[query->ednsoptscnt].value = isc_buffer_base(&b); query->ednsopts[query->ednsoptscnt].length = isc_buffer_usedlength(&b); @@ -1070,9 +1070,9 @@ reverse_octets(const char *in, char **p, char *end) { if (dot != NULL) { isc_result_t result; result = reverse_octets(dot + 1, p, end); - CHECK("reverse_octets", result); + CHECKM("reverse_octets", result); result = append(".", 1, p, end); - CHECK("append", result); + CHECKM("append", result); len = (int)(dot - in); } else { len = strlen(in); @@ -1096,7 +1096,7 @@ get_reverse(char *reverse, size_t len, const char *value) { name = dns_fixedname_initname(&fname); result = dns_byaddr_createptrname(&addr, options, name); - CHECK("dns_byaddr_createptrname2", result); + CHECKM("dns_byaddr_createptrname2", result); dns_name_format(name, reverse, (unsigned int)len); return; } else { @@ -1110,10 +1110,10 @@ get_reverse(char *reverse, size_t len, const char *value) { char *p = reverse; char *end = reverse + len; result = reverse_octets(value, &p, end); - CHECK("reverse_octets", result); + CHECKM("reverse_octets", result); /* Append .in-addr.arpa. and a terminating NUL. */ result = append(".in-addr.arpa.", 15, &p, end); - CHECK("append", result); + CHECKM("append", result); return; } } @@ -1230,7 +1230,7 @@ plus_option(char *option, struct query *query, bool global) { } result = parse_uint(&num, value, COMMSIZE, "buffer size"); - CHECK("parse_uint(buffer size)", result); + CHECKM("parse_uint(buffer size)", result); query->udpsize = num; break; case 'r': /* burst */ @@ -1346,8 +1346,8 @@ plus_option(char *option, struct query *query, bool global) { result = parse_uint(&num, value, 255, "edns"); - CHECK("parse_uint(edns)", - result); + CHECKM("parse_uint(edns)", + result); query->edns = num; break; case 'f': @@ -1363,8 +1363,8 @@ plus_option(char *option, struct query *query, bool global) { result = parse_xint( &num, value, 0xffff, "ednsflags"); - CHECK("parse_xint(ednsflags)", - result); + CHECKM("parse_xint(ednsflags)", + result); if (query->edns == -1) { query->edns = 1; } @@ -1446,7 +1446,7 @@ plus_option(char *option, struct query *query, bool global) { } result = parse_uint(&query->udpretries, value, MAXTRIES - 1, "udpretries"); - CHECK("parse_uint(udpretries)", result); + CHECKM("parse_uint(udpretries)", result); break; default: goto invalid_option; @@ -1510,7 +1510,7 @@ plus_option(char *option, struct query *query, bool global) { if (display_splitwidth) { display_splitwidth += 3; } - CHECK("parse_uint(split)", result); + CHECKM("parse_uint(split)", result); break; case 'u': /* subnet */ FULLCHECK("subnet"); @@ -1528,7 +1528,7 @@ plus_option(char *option, struct query *query, bool global) { query->edns = 0; } result = parse_netprefix(&query->ecs_addr, value); - CHECK("parse_netprefix", result); + CHECKM("parse_netprefix", result); break; default: goto invalid_option; @@ -1551,7 +1551,7 @@ plus_option(char *option, struct query *query, bool global) { } result = parse_uint(&query->timeout, value, MAXTIMEOUT, "timeout"); - CHECK("parse_uint(timeout)", result); + CHECKM("parse_uint(timeout)", result); if (query->timeout == 0) { query->timeout = 1; } @@ -1566,7 +1566,7 @@ plus_option(char *option, struct query *query, bool global) { } result = parse_uint(&query->udpretries, value, MAXTRIES, "udpretries"); - CHECK("parse_uint(udpretries)", result); + CHECKM("parse_uint(udpretries)", result); if (query->udpretries > 0) { query->udpretries -= 1; } @@ -1611,7 +1611,7 @@ plus_option(char *option, struct query *query, bool global) { } result = parse_uint(&query->udptimeout, value, MAXTIMEOUT, "udptimeout"); - CHECK("parse_uint(udptimeout)", result); + CHECKM("parse_uint(udptimeout)", result); break; case 'n': FULLCHECK("unknownformat"); @@ -1742,7 +1742,7 @@ dash_option(const char *option, char *next, struct query *query, bool global, if (hash != NULL) { result = parse_uint(&num, hash + 1, MAXPORT, "port number"); - CHECK("parse_uint(srcport)", result); + CHECKM("parse_uint(srcport)", result); srcport = num; *hash = '\0'; } else { @@ -1770,7 +1770,7 @@ dash_option(const char *option, char *next, struct query *query, bool global, tr.length = strlen(value); result = dns_rdataclass_fromtext(&rdclass, (isc_textregion_t *)&tr); - CHECK("dns_rdataclass_fromtext", result); + CHECKM("dns_rdataclass_fromtext", result); query->rdclass = rdclass; return value_from_next; case 'f': @@ -1779,7 +1779,7 @@ dash_option(const char *option, char *next, struct query *query, bool global, case 'p': GLOBAL(); result = parse_uint(&num, value, MAXPORT, "port number"); - CHECK("parse_uint(port)", result); + CHECKM("parse_uint(port)", result); port = num; return value_from_next; case 't': @@ -1787,7 +1787,7 @@ dash_option(const char *option, char *next, struct query *query, bool global, tr.length = strlen(value); result = dns_rdatatype_fromtext(&rdtype, (isc_textregion_t *)&tr); - CHECK("dns_rdatatype_fromtext", result); + CHECKM("dns_rdatatype_fromtext", result); query->rdtype = rdtype; return value_from_next; case 'x': diff --git a/fuzz/dns_rdata_fromwire_text.c b/fuzz/dns_rdata_fromwire_text.c index 11be4adb1c..790ab89997 100644 --- a/fuzz/dns_rdata_fromwire_text.c +++ b/fuzz/dns_rdata_fromwire_text.c @@ -47,7 +47,7 @@ LLVMFuzzerInitialize(int *argc __attribute__((unused)), isc_lexspecials_t specials; isc_mem_create(&mctx); - CHECK(isc_lex_create(mctx, 64, &lex)); + RETERR(isc_lex_create(mctx, 64, &lex)); memset(specials, 0, sizeof(specials)); specials[0] = 1; @@ -215,5 +215,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { assert(target.used == size); assert(!memcmp(target.base, data, size)); +cleanup: return 0; } diff --git a/fuzz/fuzz.h b/fuzz/fuzz.h index 769f846815..1627aa1e01 100644 --- a/fuzz/fuzz.h +++ b/fuzz/fuzz.h @@ -37,9 +37,4 @@ LLVMFuzzerInitialize(int *argc __attribute__((unused)), int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); -#define CHECK(x) \ - if ((x) != ISC_R_SUCCESS) { \ - return 0; \ - } - ISC_LANG_ENDDECLS diff --git a/fuzz/isc_lex_getmastertoken.c b/fuzz/isc_lex_getmastertoken.c index 972845f089..fb3a26c976 100644 --- a/fuzz/isc_lex_getmastertoken.c +++ b/fuzz/isc_lex_getmastertoken.c @@ -77,5 +77,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { result = isc_lex_getmastertoken(lex, &token, expect, eol); } while (result == ISC_R_SUCCESS && token.type != isc_tokentype_eof); +cleanup: return 0; } diff --git a/fuzz/isc_lex_gettoken.c b/fuzz/isc_lex_gettoken.c index 39c876074b..d035df70ee 100644 --- a/fuzz/isc_lex_gettoken.c +++ b/fuzz/isc_lex_gettoken.c @@ -55,5 +55,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { result = isc_lex_gettoken(lex, 0, &token); } while (result == ISC_R_SUCCESS); +cleanup: return 0; } diff --git a/lib/dns/client.c b/lib/dns/client.c index bde6ec61a3..bfaefd1753 100644 --- a/lib/dns/client.c +++ b/lib/dns/client.c @@ -60,13 +60,6 @@ #define UCTX_MAGIC ISC_MAGIC('U', 'c', 't', 'x') #define UCTX_VALID(c) ISC_MAGIC_VALID(c, UCTX_MAGIC) -#define CHECK(r) \ - do { \ - result = (r); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - /*% * DNS client object */ diff --git a/lib/dns/diff.c b/lib/dns/diff.c index 067d3ce53d..a6a78f5d16 100644 --- a/lib/dns/diff.c +++ b/lib/dns/diff.c @@ -35,13 +35,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - #define DIFF_COMMON_LOGARGS \ dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_DIFF @@ -486,7 +479,7 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, bool warn) { } return ISC_R_SUCCESS; -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -569,7 +562,7 @@ dns_diff_load(dns_diff_t *diff, dns_addrdatasetfunc_t addfunc, } } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 400a41f16f..c7e922437c 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -46,13 +46,6 @@ isc_stats_t *dns_dnssec_stats; #define is_response(msg) ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) -#define RETERR(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - #define TYPE_SIGN 0 #define TYPE_VERIFY 1 @@ -752,13 +745,13 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, *nkeys = 0; memset(keys, 0, sizeof(*keys) * maxkeys); dns_rdataset_init(&rdataset); - RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0, - &rdataset, NULL)); - RETERR(dns_rdataset_first(&rdataset)); + CHECK(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0, + &rdataset, NULL)); + CHECK(dns_rdataset_first(&rdataset)); while (result == ISC_R_SUCCESS && count < maxkeys) { pubkey = NULL; dns_rdataset_current(&rdataset, &rdata); - RETERR(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey)); + CHECK(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey)); dst_key_setttl(pubkey, rdataset.ttl); if (!is_zone_key(pubkey) || @@ -845,9 +838,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, goto next; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); /* * If a key is marked inactive, skip it @@ -881,7 +872,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, result = dns_rdataset_next(&rdataset); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } if (count == 0) { result = ISC_R_NOTFOUND; @@ -889,7 +880,7 @@ dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, result = ISC_R_SUCCESS; } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -961,25 +952,25 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { isc_buffer_init(&databuf, data, sizeof(data)); - RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0, - &ctx)); + CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, true, 0, + &ctx)); /* * Digest the fields of the SIG - we can cheat and use * dns_rdata_fromstruct. Since siglen is 0, the digested data * is identical to dns format. */ - RETERR(dns_rdata_fromstruct(NULL, dns_rdataclass_any, - dns_rdatatype_sig /* SIG(0) */, &sig, - &databuf)); + CHECK(dns_rdata_fromstruct(NULL, dns_rdataclass_any, + dns_rdatatype_sig /* SIG(0) */, &sig, + &databuf)); isc_buffer_usedregion(&databuf, &r); - RETERR(dst_context_adddata(ctx, &r)); + CHECK(dst_context_adddata(ctx, &r)); /* * If this is a response, digest the query. */ if (is_response(msg)) { - RETERR(dst_context_adddata(ctx, &msg->query)); + CHECK(dst_context_adddata(ctx, &msg->query)); } /* @@ -988,48 +979,48 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) { isc_buffer_init(&headerbuf, header, sizeof(header)); dns_message_renderheader(msg, &headerbuf); isc_buffer_usedregion(&headerbuf, &r); - RETERR(dst_context_adddata(ctx, &r)); + CHECK(dst_context_adddata(ctx, &r)); /* * Digest the remainder of the message. */ isc_buffer_usedregion(msg->buffer, &r); isc_region_consume(&r, DNS_MESSAGE_HEADERLEN); - RETERR(dst_context_adddata(ctx, &r)); + CHECK(dst_context_adddata(ctx, &r)); - RETERR(dst_key_sigsize(key, &sigsize)); + CHECK(dst_key_sigsize(key, &sigsize)); sig.siglen = sigsize; sig.signature = isc_mem_get(mctx, sig.siglen); isc_buffer_init(&sigbuf, sig.signature, sig.siglen); - RETERR(dst_context_sign(ctx, &sigbuf)); + CHECK(dst_context_sign(ctx, &sigbuf)); dst_context_destroy(&ctx); rdata = NULL; - RETERR(dns_message_gettemprdata(msg, &rdata)); + CHECK(dns_message_gettemprdata(msg, &rdata)); isc_buffer_allocate(msg->mctx, &dynbuf, 1024); - RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any, - dns_rdatatype_sig /* SIG(0) */, &sig, - dynbuf)); + CHECK(dns_rdata_fromstruct(rdata, dns_rdataclass_any, + dns_rdatatype_sig /* SIG(0) */, &sig, + dynbuf)); isc_mem_put(mctx, sig.signature, sig.siglen); dns_message_takebuffer(msg, &dynbuf); datalist = NULL; - RETERR(dns_message_gettemprdatalist(msg, &datalist)); + CHECK(dns_message_gettemprdatalist(msg, &datalist)); datalist->rdclass = dns_rdataclass_any; datalist->type = dns_rdatatype_sig; /* SIG(0) */ ISC_LIST_APPEND(datalist->rdata, rdata, link); dataset = NULL; - RETERR(dns_message_gettemprdataset(msg, &dataset)); + CHECK(dns_message_gettemprdataset(msg, &dataset)); RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) == ISC_R_SUCCESS); msg->sig0 = dataset; return ISC_R_SUCCESS; -failure: +cleanup: if (dynbuf != NULL) { isc_buffer_free(&dynbuf); } @@ -1075,21 +1066,19 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, isc_buffer_usedregion(source, &source_r); - RETERR(dns_rdataset_first(msg->sig0)); + CHECK(dns_rdataset_first(msg->sig0)); dns_rdataset_current(msg->sig0, &rdata); - RETERR(dns_rdata_tostruct(&rdata, &sig, NULL)); + CHECK(dns_rdata_tostruct(&rdata, &sig, NULL)); signeedsfree = true; if (sig.labels != 0) { - result = DNS_R_SIGINVALID; - goto failure; + CHECK(DNS_R_SIGINVALID); } if (isc_serial_lt(sig.timeexpire, sig.timesigned)) { - result = DNS_R_SIGINVALID; msg->sig0status = dns_tsigerror_badtime; - goto failure; + CHECK(DNS_R_SIGINVALID); } if (msg->fuzzing) { @@ -1099,36 +1088,33 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, } if (isc_serial_lt((uint32_t)now, sig.timesigned)) { - result = DNS_R_SIGFUTURE; msg->sig0status = dns_tsigerror_badtime; - goto failure; + CHECK(DNS_R_SIGFUTURE); } else if (isc_serial_lt(sig.timeexpire, (uint32_t)now)) { - result = DNS_R_SIGEXPIRED; msg->sig0status = dns_tsigerror_badtime; - goto failure; + CHECK(DNS_R_SIGEXPIRED); } if (!dns_name_equal(dst_key_name(key), &sig.signer)) { - result = DNS_R_SIGINVALID; msg->sig0status = dns_tsigerror_badkey; - goto failure; + CHECK(DNS_R_SIGINVALID); } - RETERR(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, 0, - &ctx)); + CHECK(dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, 0, + &ctx)); /* * Digest the SIG(0) record, except for the signature. */ dns_rdata_toregion(&rdata, &r); r.length -= sig.siglen; - RETERR(dst_context_adddata(ctx, &r)); + CHECK(dst_context_adddata(ctx, &r)); /* * If this is a response, digest the query. */ if (is_response(msg)) { - RETERR(dst_context_adddata(ctx, &msg->query)); + CHECK(dst_context_adddata(ctx, &msg->query)); } /* @@ -1149,21 +1135,21 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, */ header_r.base = (unsigned char *)header; header_r.length = DNS_MESSAGE_HEADERLEN; - RETERR(dst_context_adddata(ctx, &header_r)); + CHECK(dst_context_adddata(ctx, &header_r)); /* * Digest all non-SIG(0) records. */ r.base = source_r.base + DNS_MESSAGE_HEADERLEN; r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN; - RETERR(dst_context_adddata(ctx, &r)); + CHECK(dst_context_adddata(ctx, &r)); sig_r.base = sig.signature; sig_r.length = sig.siglen; result = dst_context_verify(ctx, &sig_r); if (result != ISC_R_SUCCESS) { msg->sig0status = dns_tsigerror_badsig; - goto failure; + goto cleanup; } msg->verified_sig = 1; @@ -1174,7 +1160,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, return ISC_R_SUCCESS; -failure: +cleanup: if (signeedsfree) { dns_rdata_freestruct(&sig); } @@ -1395,14 +1381,14 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory, isc_dir_init(&dir); isc_buffer_init(&b, namebuf, sizeof(namebuf) - 1); - RETERR(dns_name_tofilenametext(origin, false, &b)); + CHECK(dns_name_tofilenametext(origin, false, &b)); len = isc_buffer_usedlength(&b); namebuf[len] = '\0'; if (directory == NULL) { directory = "."; } - RETERR(isc_dir_open(&dir, directory)); + CHECK(isc_dir_open(&dir, directory)); dir_open = true; while (isc_dir_read(&dir) == ISC_R_SUCCESS) { @@ -1479,7 +1465,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory, continue; } - RETERR(dns_dnsseckey_create(mctx, &dstkey, &key)); + CHECK(dns_dnsseckey_create(mctx, &dstkey, &key)); key->source = dns_keysource_repository; dns_dnssec_get_hints(key, now); @@ -1498,7 +1484,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory, result = ISC_R_NOTFOUND; } -failure: +cleanup: if (dir_open) { isc_dir_close(&dir); } @@ -1658,7 +1644,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, goto skip; } - RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey)); + CHECK(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey)); dst_key_setttl(dnskey, keys.ttl); if (!is_zone_key(dnskey)) { @@ -1671,7 +1657,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, } if (publickey) { - RETERR(addkey(keylist, &dnskey, savekeys, mctx)); + CHECK(addkey(keylist, &dnskey, savekeys, mctx)); goto skip; } @@ -1683,7 +1669,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) { result = ISC_R_SUCCESS; } - RETERR(result); + CHECK(result); /* Now read the private key. */ result = dst_key_fromfile( @@ -1754,15 +1740,13 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) { if (pubkey != NULL) { - RETERR(addkey(keylist, &pubkey, savekeys, - mctx)); + CHECK(addkey(keylist, &pubkey, savekeys, mctx)); } else { - RETERR(addkey(keylist, &dnskey, savekeys, - mctx)); + CHECK(addkey(keylist, &dnskey, savekeys, mctx)); } goto skip; } - RETERR(result); + CHECK(result); /* * Whatever the key's default TTL may have @@ -1770,7 +1754,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, */ dst_key_setttl(privkey, dst_key_getttl(dnskey)); - RETERR(addkey(keylist, &privkey, savekeys, mctx)); + CHECK(addkey(keylist, &privkey, savekeys, mctx)); skip: if (dnskey != NULL) { dst_key_free(&dnskey); @@ -1784,20 +1768,20 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory, } if (result != ISC_R_NOMORE) { - RETERR(result); + CHECK(result); } if (keysigs != NULL && dns_rdataset_isassociated(keysigs)) { - RETERR(mark_active_keys(keylist, keysigs)); + CHECK(mark_active_keys(keylist, keysigs)); } if (soasigs != NULL && dns_rdataset_isassociated(soasigs)) { - RETERR(mark_active_keys(keylist, soasigs)); + CHECK(mark_active_keys(keylist, soasigs)); } result = ISC_R_SUCCESS; -failure: +cleanup: if (dns_rdataset_isassociated(&keys)) { dns_rdataset_disassociate(&keys); } @@ -1836,29 +1820,25 @@ dns_dnssec_make_dnskey(dst_key_t *key, unsigned char *buf, int bufsize, static isc_result_t addrdata(dns_rdata_t *rdata, dns_diff_t *diff, const dns_name_t *origin, dns_ttl_t ttl, isc_mem_t *mctx) { - isc_result_t result; dns_difftuple_t *tuple = NULL; RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_ADD, origin, ttl, rdata, &tuple)); dns_diff_appendminimal(diff, &tuple); -failure: - return result; + return ISC_R_SUCCESS; } static isc_result_t delrdata(dns_rdata_t *rdata, dns_diff_t *diff, const dns_name_t *origin, dns_ttl_t ttl, isc_mem_t *mctx) { - isc_result_t result; dns_difftuple_t *tuple = NULL; RETERR(dns_difftuple_create(mctx, DNS_DIFFOP_DEL, origin, ttl, rdata, &tuple)); dns_diff_appendminimal(diff, &tuple); -failure: - return result; + return ISC_R_SUCCESS; } static isc_result_t @@ -1871,7 +1851,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin, dns_rdata_t dnskey = DNS_RDATA_INIT; dns_rdata_reset(&dnskey); - RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey)); + CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey)); dst_key_format(key->key, keystr, sizeof(keystr)); report("Fetching %s (%s) from key %s.", keystr, @@ -1892,7 +1872,7 @@ publish_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin, /* publish key */ result = addrdata(&dnskey, diff, origin, ttl, mctx); -failure: +cleanup: return result; } @@ -1911,10 +1891,10 @@ remove_key(dns_diff_t *diff, dns_dnsseckey_t *key, const dns_name_t *origin, report("Removing %s key %s/%d/%s from DNSKEY RRset.", reason, namebuf, dst_key_id(key->key), alg); - RETERR(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey)); + CHECK(dns_dnssec_make_dnskey(key->key, buf, sizeof(buf), &dnskey)); result = delrdata(&dnskey, diff, origin, ttl, mctx); -failure: +cleanup: return result; } @@ -1972,8 +1952,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, dns_rdata_t cdnskeyrdata = DNS_RDATA_INIT; dns_name_t *origin = dst_key_name(key->key); - RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf), - &cdnskeyrdata)); + CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf), + &cdnskeyrdata)); /* * We construct the SHA-1 version of the record so we can @@ -1983,11 +1963,11 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, * XXXMPA we need to be able to specify the DS algorithms * to be used here and below with rmkeys. */ - RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata, - DNS_DSDIGEST_SHA1, dsbuf1, &cds_sha1)); - RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata, - DNS_DSDIGEST_SHA256, dsbuf2, - &cds_sha256)); + CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata, + DNS_DSDIGEST_SHA1, dsbuf1, &cds_sha1)); + CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata, + DNS_DSDIGEST_SHA256, dsbuf2, + &cds_sha256)); /* * Now that the we have created the DS records convert @@ -2009,8 +1989,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO, "CDNSKEY for key %s is now published", keystr); - RETERR(addrdata(&cdnskeyrdata, diff, origin, - cdnskeyttl, mctx)); + CHECK(addrdata(&cdnskeyrdata, diff, origin, + cdnskeyttl, mctx)); } /* Only publish SHA-256 (SHA-1 is deprecated) */ if (!dns_rdataset_isassociated(cds) || @@ -2021,8 +2001,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, ISC_LOG_INFO, "CDS for key %s is now published", keystr); - RETERR(addrdata(&cds_sha256, diff, origin, - cdsttl, mctx)); + CHECK(addrdata(&cds_sha256, diff, origin, + cdsttl, mctx)); } } @@ -2040,8 +2020,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, "CDS (SHA-1) for key %s " "is now deleted", keystr); - RETERR(delrdata(&cds_sha1, diff, origin, - cds->ttl, mctx)); + CHECK(delrdata(&cds_sha1, diff, origin, + cds->ttl, mctx)); } if (exists(cds, &cds_sha256)) { isc_log_write(dns_lctx, @@ -2051,9 +2031,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, "CDS (SHA-256) for key " "%s is now deleted", keystr); - RETERR(delrdata(&cds_sha256, diff, - origin, cds->ttl, - mctx)); + CHECK(delrdata(&cds_sha256, diff, + origin, cds->ttl, mctx)); } } @@ -2066,9 +2045,9 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, "CDNSKEY for key %s is " "now deleted", keystr); - RETERR(delrdata(&cdnskeyrdata, diff, - origin, cdnskey->ttl, - mctx)); + CHECK(delrdata(&cdnskeyrdata, diff, + origin, cdnskey->ttl, + mctx)); } } } @@ -2094,24 +2073,24 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, char keystr[DST_KEY_FORMATSIZE]; dst_key_format(key->key, keystr, sizeof(keystr)); - RETERR(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf), - &cdnskeyrdata)); + CHECK(dns_dnssec_make_dnskey(key->key, keybuf, sizeof(keybuf), + &cdnskeyrdata)); if (dns_rdataset_isassociated(cds)) { - RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata, - DNS_DSDIGEST_SHA1, dsbuf1, - &cds_sha1)); - RETERR(dns_ds_buildrdata(origin, &cdnskeyrdata, - DNS_DSDIGEST_SHA256, dsbuf2, - &cds_sha256)); + CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata, + DNS_DSDIGEST_SHA1, dsbuf1, + &cds_sha1)); + CHECK(dns_ds_buildrdata(origin, &cdnskeyrdata, + DNS_DSDIGEST_SHA256, dsbuf2, + &cds_sha256)); if (exists(cds, &cds_sha1)) { isc_log_write( dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO, "CDS (SHA-1) for key %s is now deleted", keystr); - RETERR(delrdata(&cds_sha1, diff, origin, - cds->ttl, mctx)); + CHECK(delrdata(&cds_sha1, diff, origin, + cds->ttl, mctx)); } if (exists(cds, &cds_sha256)) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, @@ -2120,8 +2099,8 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, "CDS (SHA-256) for key %s is now " "deleted", keystr); - RETERR(delrdata(&cds_sha256, diff, origin, - cds->ttl, mctx)); + CHECK(delrdata(&cds_sha256, diff, origin, + cds->ttl, mctx)); } } @@ -2132,15 +2111,15 @@ dns_dnssec_syncupdate(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *rmkeys, DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO, "CDNSKEY for key %s is now deleted", keystr); - RETERR(delrdata(&cdnskeyrdata, diff, origin, - cdnskey->ttl, mctx)); + CHECK(delrdata(&cdnskeyrdata, diff, origin, + cdnskey->ttl, mctx)); } } } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -2149,13 +2128,13 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey, dns_name_t *origin, dns_rdataclass_t zclass, dns_ttl_t ttl, dns_diff_t *diff, isc_mem_t *mctx, bool expect_cds_delete, bool expect_cdnskey_delete) { + isc_result_t result; unsigned char dsbuf[5] = { 0, 0, 0, 0, 0 }; /* CDS DELETE rdata */ unsigned char keybuf[5] = { 0, 0, 3, 0, 0 }; /* CDNSKEY DELETE rdata */ char namebuf[DNS_NAME_FORMATSIZE]; dns_rdata_t cds_delete = DNS_RDATA_INIT; dns_rdata_t cdnskey_delete = DNS_RDATA_INIT; isc_region_t r; - isc_result_t result; r.base = keybuf; r.length = sizeof(keybuf); @@ -2177,7 +2156,7 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey, "CDS (DELETE) for zone %s is now " "published", namebuf); - RETERR(addrdata(&cds_delete, diff, origin, ttl, mctx)); + CHECK(addrdata(&cds_delete, diff, origin, ttl, mctx)); } } else { if (dns_rdataset_isassociated(cds) && exists(cds, &cds_delete)) @@ -2187,8 +2166,8 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey, "CDS (DELETE) for zone %s is now " "deleted", namebuf); - RETERR(delrdata(&cds_delete, diff, origin, cds->ttl, - mctx)); + CHECK(delrdata(&cds_delete, diff, origin, cds->ttl, + mctx)); } } @@ -2201,8 +2180,8 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey, "CDNSKEY (DELETE) for zone %s is now " "published", namebuf); - RETERR(addrdata(&cdnskey_delete, diff, origin, ttl, - mctx)); + CHECK(addrdata(&cdnskey_delete, diff, origin, ttl, + mctx)); } } else { if (dns_rdataset_isassociated(cdnskey) && @@ -2213,15 +2192,13 @@ dns_dnssec_syncdelete(dns_rdataset_t *cds, dns_rdataset_t *cdnskey, "CDNSKEY (DELETE) for zone %s is now " "deleted", namebuf); - RETERR(delrdata(&cdnskey_delete, diff, origin, - cdnskey->ttl, mctx)); + CHECK(delrdata(&cdnskey_delete, diff, origin, + cdnskey->ttl, mctx)); } } - result = ISC_R_SUCCESS; - -failure: - return result; +cleanup: + return ISC_R_SUCCESS; } /* @@ -2255,8 +2232,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys, if (key->source == dns_keysource_user && (key->hint_publish || key->force_publish)) { - RETERR(publish_key(diff, key, origin, ttl, mctx, - report)); + CHECK(publish_key(diff, key, origin, ttl, mctx, + report)); } if (key->source == dns_keysource_zoneapex) { ttl = dst_key_getttl(key->key); @@ -2330,8 +2307,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys, if (key1->source != dns_keysource_zoneapex && (key1->hint_publish || key1->force_publish)) { - RETERR(publish_key(diff, key1, origin, ttl, - mctx, report)); + CHECK(publish_key(diff, key1, origin, ttl, mctx, + report)); isc_log_write( dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_DNSSEC, ISC_LOG_INFO, @@ -2366,8 +2343,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys, /* Match found: remove or update it as needed */ if (key1->hint_remove) { - RETERR(remove_key(diff, key2, origin, ttl, mctx, - "expired", report)); + CHECK(remove_key(diff, key2, origin, ttl, mctx, + "expired", report)); ISC_LIST_UNLINK(*keys, key2, link); if (removed != NULL) { @@ -2390,8 +2367,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys, * We need to remove the old version and pull * in the new one. */ - RETERR(remove_key(diff, key2, origin, ttl, mctx, - "revoked", report)); + CHECK(remove_key(diff, key2, origin, ttl, mctx, + "revoked", report)); ISC_LIST_UNLINK(*keys, key2, link); if (removed != NULL) { ISC_LIST_APPEND(*removed, key2, link); @@ -2408,8 +2385,8 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys, dns_dnsseckey_destroy(mctx, &key2); } - RETERR(publish_key(diff, key1, origin, ttl, mctx, - report)); + CHECK(publish_key(diff, key1, origin, ttl, mctx, + report)); ISC_LIST_UNLINK(*newkeys, key1, link); ISC_LIST_APPEND(*keys, key1, link); @@ -2460,7 +2437,7 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys, result = ISC_R_SUCCESS; -failure: +cleanup: return result; } diff --git a/lib/dns/dnstap.c b/lib/dns/dnstap.c index b515b6e6ac..eb94336e8d 100644 --- a/lib/dns/dnstap.c +++ b/lib/dns/dnstap.c @@ -124,13 +124,6 @@ struct dns_dtenv { isc_stats_t *stats; }; -#define CHECK(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - typedef struct ioq { unsigned int generation; struct fstrm_iothr_queue *ioq; diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index 5ee6098777..e0c22eb7f5 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -68,35 +68,35 @@ #define DST_AS_STR(t) ((t).value.as_textregion.base) -#define NEXTTOKEN(lex, opt, token) \ - { \ - ret = isc_lex_gettoken(lex, opt, token); \ - if (ret != ISC_R_SUCCESS) \ - goto cleanup; \ +#define NEXTTOKEN(lex, opt, token) \ + { \ + CHECK(isc_lex_gettoken(lex, opt, token)); \ } -#define NEXTTOKEN_OR_EOF(lex, opt, token) \ - do { \ - ret = isc_lex_gettoken(lex, opt, token); \ - if (ret == ISC_R_EOF) \ - break; \ - if (ret != ISC_R_SUCCESS) \ - goto cleanup; \ +#define NEXTTOKEN_OR_EOF(lex, opt, token) \ + do { \ + result = isc_lex_gettoken(lex, opt, token); \ + if (result == ISC_R_EOF) { \ + break; \ + } \ + if (result != ISC_R_SUCCESS) { \ + goto cleanup; \ + } \ } while ((*token).type == isc_tokentype_eol); -#define READLINE(lex, opt, token) \ - do { \ - ret = isc_lex_gettoken(lex, opt, token); \ - if (ret == ISC_R_EOF) \ - break; \ - if (ret != ISC_R_SUCCESS) \ - goto cleanup; \ +#define READLINE(lex, opt, token) \ + do { \ + result = isc_lex_gettoken(lex, opt, token); \ + if (result == ISC_R_EOF) \ + break; \ + if (result != ISC_R_SUCCESS) \ + goto cleanup; \ } while ((*token).type != isc_tokentype_eol) -#define BADTOKEN() \ - { \ - ret = ISC_R_UNEXPECTEDTOKEN; \ - goto cleanup; \ +#define BADTOKEN() \ + { \ + result = ISC_R_UNEXPECTEDTOKEN; \ + goto cleanup; \ } #define NUMERIC_NTAGS (DST_MAX_NUMERIC + 1) @@ -174,13 +174,6 @@ static isc_result_t addsuffix(char *filename, int len, const char *dirname, const char *ofilename, const char *suffix); -#define RETERR(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto out; \ - } while (0) - #define CHECKALG(alg) \ do { \ isc_result_t _r; \ @@ -199,39 +192,39 @@ dst_lib_init(isc_mem_t *mctx, const char *engine) { UNUSED(engine); memset(dst_t_func, 0, sizeof(dst_t_func)); - RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); - RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1])); - RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224])); - RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256])); - RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384])); - RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512])); - RETERR(dst__openssl_init(engine)); - RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1], - DST_ALG_RSASHA1)); - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1], - DST_ALG_NSEC3RSASHA1)); - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256], - DST_ALG_RSASHA256)); - RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512], - DST_ALG_RSASHA512)); - RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256])); - RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384])); + CHECK(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); + CHECK(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1])); + CHECK(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224])); + CHECK(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256])); + CHECK(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384])); + CHECK(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512])); + CHECK(dst__openssl_init(engine)); + CHECK(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); + CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1], + DST_ALG_RSASHA1)); + CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1], + DST_ALG_NSEC3RSASHA1)); + CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA256], + DST_ALG_RSASHA256)); + CHECK(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA512], + DST_ALG_RSASHA512)); + CHECK(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256])); + CHECK(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384])); #ifdef HAVE_OPENSSL_ED25519 - RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519])); + CHECK(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519])); #endif /* ifdef HAVE_OPENSSL_ED25519 */ #ifdef HAVE_OPENSSL_ED448 - RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448])); + CHECK(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448])); #endif /* ifdef HAVE_OPENSSL_ED448 */ #if HAVE_GSSAPI - RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI])); + CHECK(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI])); #endif /* HAVE_GSSAPI */ dst_initialized = true; return ISC_R_SUCCESS; -out: +cleanup: /* avoid immediate crash! */ dst_initialized = true; dst_lib_destroy(); @@ -428,9 +421,6 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_result_t dst_key_tofile(const dst_key_t *key, int type, const char *directory) { - isc_result_t ret = ISC_R_SUCCESS; - - REQUIRE(dst_initialized); REQUIRE(VALID_KEY(key)); REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE)) != 0); @@ -442,17 +432,11 @@ dst_key_tofile(const dst_key_t *key, int type, const char *directory) { } if ((type & DST_TYPE_PUBLIC) != 0) { - ret = write_public_key(key, type, directory); - if (ret != ISC_R_SUCCESS) { - return ret; - } + RETERR(write_public_key(key, type, directory)); } if ((type & DST_TYPE_STATE) != 0) { - ret = write_key_state(key, type, directory); - if (ret != ISC_R_SUCCESS) { - return ret; - } + RETERR(write_key_state(key, type, directory)); } if (((type & DST_TYPE_PRIVATE) != 0) && @@ -545,32 +529,20 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, key = NULL; isc_buffer_init(&buf, filename, NAME_MAX); - result = dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf); - if (result != ISC_R_SUCCESS) { - goto out; - } - - result = dst_key_fromnamedfile(filename, directory, type, mctx, &key); - if (result != ISC_R_SUCCESS) { - goto out; - } - - result = computeid(key); - if (result != ISC_R_SUCCESS) { - goto out; - } + CHECK(dst_key_getfilename(name, id, alg, type, NULL, mctx, &buf)); + CHECK(dst_key_fromnamedfile(filename, directory, type, mctx, &key)); + CHECK(computeid(key)); if (!dns_name_equal(name, key->key_name) || id != key->key_id || alg != key->key_alg) { - result = DST_R_INVALIDPRIVATEKEY; - goto out; + CHECK(DST_R_INVALIDPRIVATEKEY); } *keyp = key; result = ISC_R_SUCCESS; -out: +cleanup: if ((key != NULL) && (result != ISC_R_SUCCESS)) { dst_key_free(&key); } @@ -607,7 +579,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type, ".key"); INSIST(result == ISC_R_SUCCESS); - RETERR(dst_key_read_public(newfilename, type, mctx, &pubkey)); + CHECK(dst_key_read_public(newfilename, type, mctx, &pubkey)); isc_mem_put(mctx, newfilename, newfilenamelen); /* @@ -633,31 +605,31 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type, /* Having no state is valid. */ result = ISC_R_SUCCESS; } - RETERR(result); + CHECK(result); } if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC || (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { - RETERR(computeid(pubkey)); + CHECK(computeid(pubkey)); pubkey->modified = false; *keyp = pubkey; pubkey = NULL; - goto out; + goto cleanup; } - RETERR(algorithm_status(pubkey->key_alg)); + CHECK(algorithm_status(pubkey->key_alg)); key = get_key_struct(pubkey->key_name, pubkey->key_alg, pubkey->key_flags, pubkey->key_proto, pubkey->key_size, pubkey->key_class, pubkey->key_ttl, mctx); if (key == NULL) { - RETERR(ISC_R_NOMEMORY); + CHECK(ISC_R_NOMEMORY); } if (key->func->parse == NULL) { - RETERR(DST_R_UNSUPPORTEDALG); + CHECK(DST_R_UNSUPPORTEDALG); } newfilenamelen = strlen(filename) + 9; @@ -669,11 +641,11 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type, ".private"); INSIST(result == ISC_R_SUCCESS); - RETERR(isc_lex_create(mctx, 1500, &lex)); - RETERR(isc_lex_openfile(lex, newfilename)); + CHECK(isc_lex_create(mctx, 1500, &lex)); + CHECK(isc_lex_openfile(lex, newfilename)); isc_mem_put(mctx, newfilename, newfilenamelen); - RETERR(key->func->parse(key, lex, pubkey)); + CHECK(key->func->parse(key, lex, pubkey)); isc_lex_destroy(&lex); key->kasp = false; @@ -685,20 +657,20 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type, /* Having no state is valid. */ result = ISC_R_SUCCESS; } - RETERR(result); + CHECK(result); } - RETERR(computeid(key)); + CHECK(computeid(key)); if (pubkey->key_id != key->key_id) { - RETERR(DST_R_INVALIDPRIVATEKEY); + CHECK(DST_R_INVALIDPRIVATEKEY); } key->modified = false; *keyp = key; key = NULL; -out: +cleanup: if (pubkey != NULL) { dst_key_free(&pubkey); } @@ -853,13 +825,13 @@ dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) { REQUIRE(buffer != NULL); if (key->func->parse == NULL) { - RETERR(DST_R_UNSUPPORTEDALG); + CHECK(DST_R_UNSUPPORTEDALG); } - RETERR(isc_lex_create(key->mctx, 1500, &lex)); - RETERR(isc_lex_openbuffer(lex, buffer)); - RETERR(key->func->parse(key, lex, NULL)); -out: + CHECK(isc_lex_create(key->mctx, 1500, &lex)); + CHECK(isc_lex_openbuffer(lex, buffer)); + CHECK(key->func->parse(key, lex, NULL)); +cleanup: if (lex != NULL) { isc_lex_destroy(&lex); } @@ -895,13 +867,13 @@ dst_key_fromgssapi(const dns_name_t *name, dns_gss_ctx_id_t gssctx, */ isc_buffer_allocate(key->mctx, &key->key_tkeytoken, intoken->length); - RETERR(isc_buffer_copyregion(key->key_tkeytoken, intoken)); + CHECK(isc_buffer_copyregion(key->key_tkeytoken, intoken)); } key->keydata.gssctx = gssctx; *keyp = key; result = ISC_R_SUCCESS; -out: +cleanup: if (result != ISC_R_SUCCESS) { dst_key_free(&key); } @@ -1050,7 +1022,7 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp, void (*callback)(int)) { dst_key_t *key; - isc_result_t ret; + isc_result_t result; REQUIRE(dst_initialized); REQUIRE(dns_name_isabsolute(name)); @@ -1076,16 +1048,16 @@ dst_key_generate(const dns_name_t *name, unsigned int alg, unsigned int bits, return DST_R_UNSUPPORTEDALG; } - ret = key->func->generate(key, param, callback); - if (ret != ISC_R_SUCCESS) { + result = key->func->generate(key, param, callback); + if (result != ISC_R_SUCCESS) { dst_key_free(&key); - return ret; + return result; } - ret = computeid(key); - if (ret != ISC_R_SUCCESS) { + result = computeid(key); + if (result != ISC_R_SUCCESS) { dst_key_free(&key); - return ret; + return result; } *keyp = key; @@ -1653,13 +1625,12 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, dns_fixedname_t name; isc_lex_t *lex = NULL; isc_token_t token; - isc_result_t ret; + isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; unsigned int opt = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE; dns_rdataclass_t rdclass = dns_rdataclass_in; isc_lexspecials_t specials; uint32_t ttl = 0; - isc_result_t result; dns_rdatatype_t keytype; /* @@ -1670,10 +1641,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, */ /* 1500 should be large enough for any key */ - ret = isc_lex_create(mctx, 1500, &lex); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(isc_lex_create(mctx, 1500, &lex)); memset(specials, 0, sizeof(specials)); specials['('] = 1; @@ -1682,10 +1650,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, isc_lex_setspecials(lex, specials); isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); - ret = isc_lex_openfile(lex, filename); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(isc_lex_openfile(lex, filename)); /* Read the domain name */ NEXTTOKEN(lex, opt, &token); @@ -1703,11 +1668,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, dns_fixedname_init(&name); isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token))); isc_buffer_add(&b, strlen(DST_AS_STR(token))); - ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0, - NULL); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, 0, + NULL)); /* Read the next word: either TTL, class, or 'KEY' */ NEXTTOKEN(lex, opt, &token); @@ -1726,8 +1688,8 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, BADTOKEN(); } - ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion); - if (ret == ISC_R_SUCCESS) { + result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion); + if (result == ISC_R_SUCCESS) { NEXTTOKEN(lex, opt, &token); } @@ -1746,22 +1708,16 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) || ((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey)) { - ret = DST_R_BADKEYTYPE; + result = DST_R_BADKEYTYPE; goto cleanup; } isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf)); - ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false, - mctx, &b, NULL); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, false, + mctx, &b, NULL)); - ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx, - keyp); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx, + keyp)); dst_key_setttl(*keyp, ttl); @@ -1769,7 +1725,7 @@ cleanup: if (lex != NULL) { isc_lex_destroy(&lex); } - return ret; + return result; } static int @@ -1820,19 +1776,13 @@ isc_result_t dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) { isc_lex_t *lex = NULL; isc_token_t token; - isc_result_t ret; + isc_result_t result; unsigned int opt = ISC_LEXOPT_EOL; - ret = isc_lex_create(mctx, 1500, &lex); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(isc_lex_create(mctx, 1500, &lex)); isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); - ret = isc_lex_openfile(lex, filename); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(isc_lex_openfile(lex, filename)); /* * Read the comment line. @@ -1884,7 +1834,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) { int tag; NEXTTOKEN_OR_EOF(lex, opt, &token); - if (ret == ISC_R_EOF) { + if (result == ISC_R_EOF) { break; } if (token.type != isc_tokentype_string) { @@ -1937,10 +1887,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) { BADTOKEN(); } - ret = dns_time32_fromtext(DST_AS_STR(token), &when); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(dns_time32_fromtext(DST_AS_STR(token), &when)); dst_key_settime(*keyp, tag, when); goto next; @@ -1958,10 +1905,7 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) { BADTOKEN(); } - ret = keystate_fromtext(DST_AS_STR(token), &state); - if (ret != ISC_R_SUCCESS) { - goto cleanup; - } + CHECK(keystate_fromtext(DST_AS_STR(token), &state)); dst_key_setstate(*keyp, tag, state); goto next; @@ -1972,13 +1916,13 @@ dst_key_read_state(const char *filename, isc_mem_t *mctx, dst_key_t **keyp) { } /* Done, successfully parsed the whole file. */ - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; cleanup: if (lex != NULL) { isc_lex_destroy(&lex); } - return ret; + return result; } static bool @@ -2342,13 +2286,9 @@ computeid(dst_key_t *key) { isc_buffer_t dnsbuf; unsigned char dns_array[DST_KEY_MAXSIZE]; isc_region_t r; - isc_result_t ret; isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array)); - ret = dst_key_todns(key, &dnsbuf); - if (ret != ISC_R_SUCCESS) { - return ret; - } + RETERR(dst_key_todns(key, &dnsbuf)); isc_buffer_usedregion(&dnsbuf, &r); key->key_id = dst_region_computeid(&r); @@ -2362,7 +2302,7 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags, isc_buffer_t *source, isc_mem_t *mctx, bool no_rdata, dst_key_t **keyp) { dst_key_t *key; - isc_result_t ret; + isc_result_t result; REQUIRE(dns_name_isabsolute(name)); REQUIRE(source != NULL); @@ -2375,10 +2315,10 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags, } if (isc_buffer_remaininglength(source) > 0) { - ret = algorithm_status(alg); - if (ret != ISC_R_SUCCESS) { + result = algorithm_status(alg); + if (result != ISC_R_SUCCESS) { dst_key_free(&key); - return ret; + return result; } if (key->func->fromdns == NULL) { dst_key_free(&key); @@ -2386,10 +2326,10 @@ frombuffer(const dns_name_t *name, unsigned int alg, unsigned int flags, } if (!no_rdata) { - ret = key->func->fromdns(key, source); - if (ret != ISC_R_SUCCESS) { + result = key->func->fromdns(key, source); + if (result != ISC_R_SUCCESS) { dst_key_free(&key); - return ret; + return result; } } } diff --git a/lib/dns/dst_parse.c b/lib/dns/dst_parse.c index d5ea0e418b..a353b8613d 100644 --- a/lib/dns/dst_parse.c +++ b/lib/dns/dst_parse.c @@ -417,7 +417,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, unsigned char *data = NULL; unsigned int opt = ISC_LEXOPT_EOL; isc_stdtime_t when; - isc_result_t ret; + isc_result_t result; bool external = false; REQUIRE(priv != NULL); @@ -425,20 +425,19 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, priv->nelements = 0; memset(priv->elements, 0, sizeof(priv->elements)); -#define NEXTTOKEN(lex, opt, token) \ - do { \ - ret = isc_lex_gettoken(lex, opt, token); \ - if (ret != ISC_R_SUCCESS) \ - goto fail; \ +#define NEXTTOKEN(lex, opt, token) \ + do { \ + CHECK(isc_lex_gettoken(lex, opt, token)); \ } while (0) -#define READLINE(lex, opt, token) \ - do { \ - ret = isc_lex_gettoken(lex, opt, token); \ - if (ret == ISC_R_EOF) \ - break; \ - else if (ret != ISC_R_SUCCESS) \ - goto fail; \ +#define READLINE(lex, opt, token) \ + do { \ + result = isc_lex_gettoken(lex, opt, token); \ + if (result == ISC_R_EOF) { \ + break; \ + } else if (result != ISC_R_SUCCESS) { \ + goto cleanup; \ + } \ } while ((*token).type != isc_tokentype_eol) /* @@ -448,24 +447,24 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, if (token.type != isc_tokentype_string || strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } NEXTTOKEN(lex, opt, &token); if (token.type != isc_tokentype_string || (DST_AS_STR(token))[0] != 'v') { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } if (major > DST_MAJOR_VERSION) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } /* @@ -482,16 +481,16 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, if (token.type != isc_tokentype_string || strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token); if (token.type != isc_tokentype_number || token.value.as_ulong != (unsigned long)dst_key_alg(key)) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } READLINE(lex, opt, &token); @@ -503,18 +502,18 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, int tag; isc_region_t r; do { - ret = isc_lex_gettoken(lex, opt, &token); - if (ret == ISC_R_EOF) { + result = isc_lex_gettoken(lex, opt, &token); + if (result == ISC_R_EOF) { goto done; } - if (ret != ISC_R_SUCCESS) { - goto fail; + if (result != ISC_R_SUCCESS) { + goto cleanup; } } while (token.type == isc_tokentype_eol); if (token.type != isc_tokentype_string) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } if (strcmp(DST_AS_STR(token), "External:") == 0) { @@ -529,8 +528,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token); if (token.type != isc_tokentype_number) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } dst_key_setnum(key, tag, token.value.as_ulong); @@ -544,14 +543,11 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, NEXTTOKEN(lex, opt, &token); if (token.type != isc_tokentype_string) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } - ret = dns_time32_fromtext(DST_AS_STR(token), &when); - if (ret != ISC_R_SUCCESS) { - goto fail; - } + CHECK(dns_time32_fromtext(DST_AS_STR(token), &when)); dst_key_settime(key, tag, when); @@ -563,8 +559,8 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, if (tag < 0 && minor > DST_MINOR_VERSION) { goto next; } else if (tag < 0) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } priv->elements[n].tag = tag; @@ -572,10 +568,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, data = isc_mem_get(mctx, MAXFIELDSIZE); isc_buffer_init(&b, data, MAXFIELDSIZE); - ret = isc_base64_tobuffer(lex, &b, -1); - if (ret != ISC_R_SUCCESS) { - goto fail; - } + CHECK(isc_base64_tobuffer(lex, &b, -1)); isc_buffer_usedregion(&b, &r); priv->elements[n].length = r.length; @@ -589,30 +582,30 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, done: if (external && priv->nelements != 0) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } check = check_data(priv, alg, true, external); if (check < 0) { - ret = DST_R_INVALIDPRIVATEKEY; - goto fail; + result = DST_R_INVALIDPRIVATEKEY; + goto cleanup; } else if (check != ISC_R_SUCCESS) { - ret = check; - goto fail; + result = check; + goto cleanup; } key->external = external; return ISC_R_SUCCESS; -fail: +cleanup: dst__privstruct_free(priv, mctx); if (data != NULL) { isc_mem_put(mctx, data, MAXFIELDSIZE); } - return ret; + return result; } isc_result_t diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c index 37a87449d5..f89d364164 100644 --- a/lib/dns/dyndb.c +++ b/lib/dns/dyndb.c @@ -30,13 +30,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - typedef struct dyndb_implementation dyndb_implementation_t; struct dyndb_implementation { isc_mem_t *mctx; diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c index 06580c2352..74505e3cd0 100644 --- a/lib/dns/gssapictx.c +++ b/lib/dns/gssapictx.c @@ -93,13 +93,6 @@ static gss_OID_desc __gss_spnego_mechanism_oid_desc = { (r).base = (gb).value; \ } while (0) -#define RETERR(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto out; \ - } while (0) - static void name_to_gbuffer(const dns_name_t *name, isc_buffer_t *buffer, gss_buffer_desc *gbuffer) { @@ -589,8 +582,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken, gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname); if (gret != GSS_S_COMPLETE) { gss_err_message(mctx, gret, minor, err_message); - result = ISC_R_FAILURE; - goto out; + CHECK(ISC_R_FAILURE); } if (intoken != NULL) { @@ -621,8 +613,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken, gss_log(3, "Failure initiating security context"); } - result = ISC_R_FAILURE; - goto out; + CHECK(ISC_R_FAILURE); } /* @@ -635,7 +626,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken, */ if (gouttoken.length != 0U) { GBUFFER_TO_REGION(gouttoken, r); - RETERR(isc_buffer_copyregion(outtoken, &r)); + CHECK(isc_buffer_copyregion(outtoken, &r)); } if (gret == GSS_S_COMPLETE) { @@ -644,7 +635,7 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken, result = DNS_R_CONTINUE; } -out: +cleanup: if (gouttoken.length != 0U) { (void)gss_release_buffer(&minor, &gouttoken); } @@ -749,7 +740,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab, isc_buffer_allocate(mctx, outtoken, (unsigned int)gouttoken.length); GBUFFER_TO_REGION(gouttoken, r); - RETERR(isc_buffer_copyregion(*outtoken, &r)); + CHECK(isc_buffer_copyregion(*outtoken, &r)); (void)gss_release_buffer(&minor, &gouttoken); } @@ -759,7 +750,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab, gss_log(3, "failed gss_display_name: %s", gss_error_tostring(gret, minor, buf, sizeof(buf))); - RETERR(ISC_R_FAILURE); + CHECK(ISC_R_FAILURE); } /* @@ -781,8 +772,8 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab, isc_buffer_init(&namebuf, r.base, r.length); isc_buffer_add(&namebuf, r.length); - RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, 0, - NULL)); + CHECK(dns_name_fromtext(principal, &namebuf, dns_rootname, 0, + NULL)); if (gnamebuf.length != 0U) { gret = gss_release_buffer(&minor, &gnamebuf); @@ -798,7 +789,7 @@ dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab, *ctxout = context; -out: +cleanup: if (gname != NULL) { gret = gss_release_name(&minor, &gname); if (gret != GSS_S_COMPLETE) { diff --git a/lib/dns/journal.c b/lib/dns/journal.c index b8e7d729bc..a0d378bd0d 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -86,25 +86,6 @@ #define JOURNAL_DEBUG_LOGARGS(n) JOURNAL_COMMON_LOGARGS, ISC_LOG_DEBUG(n) -/*% - * It would be non-sensical (or at least obtuse) to use FAIL() with an - * ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define FAIL(code) \ - do { \ - result = (code); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - #define JOURNAL_SERIALSET 0x01U static isc_result_t @@ -648,14 +629,14 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create, */ result = isc_stdio_open(j->filename, "rb+", &fp); } else { - FAIL(ISC_R_NOTFOUND); + CHECK(ISC_R_NOTFOUND); } } if (result != ISC_R_SUCCESS) { isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR, "%s: open: %s", j->filename, isc_result_totext(result)); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } j->fp = fp; @@ -693,7 +674,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create, } else { isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR, "%s: journal format not recognized", j->filename); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } journal_header_decode(&rawheader, &j->header); @@ -745,7 +726,7 @@ journal_open(isc_mem_t *mctx, const char *filename, bool writable, bool create, *journalp = j; return ISC_R_SUCCESS; -failure: +cleanup: j->magic = 0; if (j->rawindex != NULL) { isc_mem_put(j->mctx, j->rawindex, @@ -921,7 +902,7 @@ maybe_fixup_xhdr(dns_journal_t *j, journal_xhdr_t *xhdr, uint32_t serial, j->recovered = true; } -failure: +cleanup: return result; } @@ -1001,7 +982,7 @@ journal_next(dns_journal_t *j, journal_pos_t *pos) { pos->serial = xhdr.serial1; return ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -1181,7 +1162,7 @@ dns_journal_begin_transaction(dns_journal_t *j) { j->state = JOURNAL_STATE_TRANSACTION; result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -1272,7 +1253,7 @@ dns_journal_writediff(dns_journal_t *j, dns_diff_t *diff) { result = ISC_R_SUCCESS; -failure: +cleanup: if (mem != NULL) { isc_mem_put(j->mctx, mem, size); } @@ -1415,7 +1396,7 @@ dns_journal_commit(dns_journal_t *j) { result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -1428,7 +1409,7 @@ dns_journal_write_transaction(dns_journal_t *j, dns_diff_t *diff) { CHECK(dns_journal_writediff(j, diff)); CHECK(dns_journal_commit(j)); result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -1566,7 +1547,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) { "%s: journal file corrupt: missing " "initial SOA", j->filename); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } if ((options & DNS_JOURNALOPT_RESIGN) != 0) { op = (n_soa == 1) ? DNS_DIFFOP_DELRESIGN @@ -1603,7 +1584,7 @@ dns_journal_rollforward(dns_journal_t *j, dns_db_t *db, unsigned int options) { dns_diff_clear(&diff); } -failure: +cleanup: if (ver != NULL) { dns_db_closeversion(db, &ver, result == ISC_R_SUCCESS ? true : false); @@ -1709,7 +1690,7 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename, "%s: journal file corrupt: missing " "initial SOA", j->filename); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } if (print) { @@ -1751,13 +1732,13 @@ dns_journal_print(isc_mem_t *mctx, uint32_t flags, const char *filename, result = dns_diff_print(&diff, file); dns_diff_clear(&diff); } - goto cleanup; + goto done; -failure: +cleanup: isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR, "%s: cannot print: journal file corrupt", j->filename); -cleanup: +done: if (source.base != NULL) { isc_mem_put(j->mctx, source.base, source.length); } @@ -1921,7 +1902,7 @@ dns_journal_iter_init(dns_journal_t *j, uint32_t begin_serial, } result = ISC_R_SUCCESS; -failure: +cleanup: j->it.result = result; return j->it.result; } @@ -1942,7 +1923,7 @@ dns_journal_first_rr(dns_journal_t *j) { return read_one_rr(j); -failure: +cleanup: return result; } @@ -1976,7 +1957,7 @@ read_one_rr(dns_journal_t *j) { isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR, "%s: journal corrupt: empty transaction", j->filename); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } if (j->header_ver1) { @@ -1992,7 +1973,7 @@ read_one_rr(dns_journal_t *j) { "expected serial %u, got %u", j->filename, j->it.current_serial, xhdr.serial0); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } j->it.xsize = xhdr.size; @@ -2014,7 +1995,7 @@ read_one_rr(dns_journal_t *j) { "%s: journal corrupt: impossible RR size " "(%d bytes)", j->filename, rrhdr.size); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } CHECK(size_buffer(j->mctx, &j->it.source, rrhdr.size)); @@ -2043,7 +2024,7 @@ read_one_rr(dns_journal_t *j) { * Check that the RR header is there, and parse it. */ if (isc_buffer_remaininglength(&j->it.source) < 10) { - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } rdtype = isc_buffer_getuint16(&j->it.source); @@ -2056,14 +2037,14 @@ read_one_rr(dns_journal_t *j) { "%s: journal corrupt: impossible rdlen " "(%u bytes)", j->filename, rdlen); - FAIL(ISC_R_FAILURE); + CHECK(ISC_R_FAILURE); } /* * Parse the rdata. */ if (isc_buffer_remaininglength(&j->it.source) != rdlen) { - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } isc_buffer_setactive(&j->it.source, rdlen); dns_rdata_reset(&j->it.rdata); @@ -2079,7 +2060,7 @@ read_one_rr(dns_journal_t *j) { result = ISC_R_SUCCESS; -failure: +cleanup: j->it.result = result; return result; } @@ -2255,7 +2236,7 @@ dns_diff_subtract(dns_diff_t diff[2], dns_diff_t *r) { ISC_LIST_APPENDLIST(r->tuples, del, link); ISC_LIST_APPENDLIST(r->tuples, add, link); result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -2347,16 +2328,16 @@ diff_namespace(dns_db_t *dba, dns_dbversion_t *dbvera, dns_db_t *dbb, next:; } if (itresult[0] != ISC_R_NOMORE) { - FAIL(itresult[0]); + CHECK(itresult[0]); } if (itresult[1] != ISC_R_NOMORE) { - FAIL(itresult[1]); + CHECK(itresult[1]); } INSIST(ISC_LIST_EMPTY(diff[0].tuples)); INSIST(ISC_LIST_EMPTY(diff[1].tuples)); -failure: +cleanup: dns_dbiterator_destroy(&dbit[1]); cleanup_iterator: @@ -2412,7 +2393,7 @@ dns_db_diffx(dns_diff_t *diff, dns_db_t *dba, dns_dbversion_t *dbvera, } } -failure: +cleanup: if (journal != NULL) { dns_journal_destroy(&journal); } @@ -2796,7 +2777,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial, if (result != ISC_R_SUCCESS && result != ISC_R_FILENOTFOUND) { - goto failure; + CHECK(result); } if (rename(filename, backup) == -1) { goto maperrno; @@ -2807,14 +2788,13 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, uint32_t serial, (void)isc_file_remove(backup); } else { maperrno: - result = ISC_R_FAILURE; - goto failure; + CHECK(ISC_R_FAILURE); } } result = ISC_R_SUCCESS; -failure: +cleanup: (void)isc_file_remove(newname); if (buf != NULL) { isc_mem_put(mctx, buf, size); @@ -2851,6 +2831,6 @@ index_to_disk(dns_journal_t *j) { CHECK(journal_seek(j, sizeof(journal_rawheader_t))); CHECK(journal_write(j, j->rawindex, rawbytes)); } -failure: +cleanup: return result; } diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c index 9b1fc03d2b..68e1bccdb4 100644 --- a/lib/dns/keymgr.c +++ b/lib/dns/keymgr.c @@ -34,13 +34,6 @@ #include -#define RETERR(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - /* * Set key state to `target` state and change last changed * to `time`, only if key state has not been set before. @@ -494,9 +487,9 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin, if (dns_kasp_key_ksk(kkey)) { keyflags |= DNS_KEYFLAG_KSK; } - RETERR(dst_key_generate(origin, algo, size, 0, keyflags, - DNS_KEYPROTO_DNSSEC, rdclass, mctx, - &newkey, NULL)); + CHECK(dst_key_generate(origin, algo, size, 0, keyflags, + DNS_KEYPROTO_DNSSEC, rdclass, mctx, + &newkey, NULL)); /* Key collision? */ conflict = keymgr_keyid_conflict(newkey, keylist); @@ -520,7 +513,7 @@ keymgr_createkey(dns_kasp_key_t *kkey, const dns_name_t *origin, *dst_key = newkey; return ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -2238,7 +2231,7 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass, } /* See if this key requires a rollover. */ - RETERR(keymgr_key_rollover( + CHECK(keymgr_key_rollover( kkey, active_key, keyring, &newkeys, origin, rdclass, kasp, lifetime, rollover_allowed, now, nexttime, mctx)); } @@ -2268,14 +2261,14 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass, } if (modified && !dkey->purge) { dns_dnssec_get_hints(dkey, now); - RETERR(dst_key_tofile(dkey->key, options, directory)); + CHECK(dst_key_tofile(dkey->key, options, directory)); } dst_key_setmodified(dkey->key, false); } result = ISC_R_SUCCESS; -failure: +cleanup: if (dir_open) { isc_dir_close(&dir); } @@ -2437,7 +2430,7 @@ static void rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now, isc_buffer_t *buf, bool zsk) { char timestr[26]; /* Minimal buf as per ctime_r() spec. */ - isc_result_t ret = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; isc_stdtime_t active_time = 0; dst_key_state_t state = NA, goal = NA; int rrsig, active, retire; @@ -2469,9 +2462,9 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now, state = NA; (void)dst_key_getstate(key, DST_KEY_DNSKEY, &state); if (state == RUMOURED || state == OMNIPRESENT) { - ret = dst_key_gettime(key, DST_TIME_DELETE, - &remove_time); - if (ret == ISC_R_SUCCESS) { + result = dst_key_gettime(key, DST_TIME_DELETE, + &remove_time); + if (result == ISC_R_SUCCESS) { isc_buffer_printf(buf, " Key is retired, will " "be removed on "); isc_stdtime_tostring(remove_time, timestr, @@ -2484,8 +2477,8 @@ rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now, } } else { isc_stdtime_t retire_time = 0; - ret = dst_key_gettime(key, retire, &retire_time); - if (ret == ISC_R_SUCCESS) { + result = dst_key_gettime(key, retire, &retire_time); + if (result == ISC_R_SUCCESS) { if (now < retire_time) { if (goal == OMNIPRESENT) { isc_buffer_printf(buf, diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c index 1c850d9125..f7993616c0 100644 --- a/lib/dns/masterdump.c +++ b/lib/dns/masterdump.c @@ -52,19 +52,6 @@ #define DNS_DCTX_MAGIC ISC_MAGIC('D', 'c', 't', 'x') #define DNS_DCTX_VALID(d) ISC_MAGIC_VALID(d, DNS_DCTX_MAGIC) -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - -#define CHECK(x) \ - do { \ - if ((x) != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - struct dns_master_style { dns_masterstyle_flags_t flags; /* DNS_STYLEFLAG_* */ unsigned int ttl_column; diff --git a/lib/dns/nsec.c b/lib/dns/nsec.c index fe53e2a4e3..80ee8d7d58 100644 --- a/lib/dns/nsec.c +++ b/lib/dns/nsec.c @@ -30,13 +30,6 @@ #include -#define RETERR(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - void dns_nsec_setbit(unsigned char *array, unsigned int type, unsigned int bit) { unsigned int shift, mask; @@ -189,20 +182,20 @@ dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_rdataset_init(&rdataset); dns_rdata_init(&rdata); - RETERR(dns_nsec_buildrdata(db, version, node, target, data, &rdata)); + CHECK(dns_nsec_buildrdata(db, version, node, target, data, &rdata)); dns_rdatalist_init(&rdatalist); rdatalist.rdclass = dns_db_class(db); rdatalist.type = dns_rdatatype_nsec; rdatalist.ttl = ttl; ISC_LIST_APPEND(rdatalist.rdata, &rdata, link); - RETERR(dns_rdatalist_tordataset(&rdatalist, &rdataset)); + CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset)); result = dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL); if (result == DNS_R_UNCHANGED) { result = ISC_R_SUCCESS; } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index f3987b9c5a..f902c63022 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -41,13 +41,6 @@ #include -#define CHECK(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - #define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0) #define CREATE(x) (((x) & DNS_NSEC3FLAG_CREATE) != 0) #define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0) @@ -444,22 +437,16 @@ delnsec3(dns_db_t *db, dns_dbversion_t *version, const dns_name_t *name, continue; } - result = dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name, - rdataset.ttl, &rdata, &tuple); - if (result != ISC_R_SUCCESS) { - goto failure; - } - result = do_one_tuple(&tuple, db, version, diff); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_DEL, name, + rdataset.ttl, &rdata, &tuple)); + CHECK(do_one_tuple(&tuple, db, version, diff)); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } result = ISC_R_SUCCESS; -failure: +cleanup: dns_rdataset_disassociate(&rdataset); cleanup_node: dns_db_detachnode(db, &node); @@ -532,7 +519,7 @@ find_nsec3(dns_rdata_nsec3_t *nsec3, dns_rdataset_t *rdataset, break; } } -failure: +cleanup: return result; } @@ -640,14 +627,14 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, } else if (CREATE(nsec3param->flags) && OPTOUT(flags)) { result = dns_nsec3_delnsec3(db, version, name, nsec3param, diff); - goto failure; + goto cleanup; } else { maybe_remove_unsecure = true; } } else { dns_rdataset_disassociate(&rdataset); if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } } } @@ -677,9 +664,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, dns_rdataset_disassociate(&rdataset); continue; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); if (maybe_remove_unsecure) { dns_rdataset_disassociate(&rdataset); @@ -691,7 +676,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, if (OPTOUT(nsec3.flags)) { result = dns_nsec3_delnsec3(db, version, name, nsec3param, diff); - goto failure; + goto cleanup; } goto addnsec3; } else { @@ -701,7 +686,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, */ if (OPTOUT(nsec3.flags) && unsecure) { dns_rdataset_disassociate(&rdataset); - goto failure; + goto cleanup; } } @@ -795,7 +780,7 @@ addnsec3: break; } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } } @@ -824,9 +809,7 @@ addnsec3: dns_rdataset_disassociate(&rdataset); continue; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); old_next = nsec3.next; old_length = nsec3.next_length; @@ -886,7 +869,7 @@ addnsec3: /* result cannot be ISC_R_NOMORE here */ INSIST(result != ISC_R_NOMORE); -failure: +cleanup: if (dbit != NULL) { dns_dbiterator_destroy(&dbit); } @@ -960,7 +943,7 @@ dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version, result = ISC_R_SUCCESS; } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -1036,7 +1019,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name, if (result == ISC_R_NOTFOUND) { *flag = false; result = ISC_R_SUCCESS; - goto failure; + goto cleanup; } for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; @@ -1056,7 +1039,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, const dns_name_t *name, result = ISC_R_SUCCESS; } -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -1128,9 +1111,7 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver, if (result == ISC_R_NOTFOUND) { goto try_private; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) @@ -1157,23 +1138,23 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver, dns_rdata_reset(&rdata); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } dns_rdataset_disassociate(&rdataset); try_private: if (privatetype == 0) { - goto success; + result = ISC_R_SUCCESS; + goto cleanup; } result = dns_db_findrdataset(db, node, ver, privatetype, 0, (isc_stdtime_t)0, &rdataset, NULL); if (result == ISC_R_NOTFOUND) { - goto success; - } - if (result != ISC_R_SUCCESS) { - goto failure; + result = ISC_R_SUCCESS; + goto cleanup; } + CHECK(result); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) @@ -1215,12 +1196,12 @@ try_private: } } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } -success: + result = ISC_R_SUCCESS; -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -1252,7 +1233,7 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version, result = dns_db_findrdataset(db, node, version, type, 0, 0, &prdataset, NULL); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + CHECK(result); } result = dns_db_findrdataset(db, node, version, @@ -1261,9 +1242,7 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version, if (result == ISC_R_NOTFOUND) { goto try_private; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); /* * Update each active NSEC3 chain. @@ -1287,15 +1266,17 @@ dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version, nsecttl, unsecure, diff)); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } dns_rdataset_disassociate(&rdataset); try_private: if (!dns_rdataset_isassociated(&prdataset)) { - goto success; + result = ISC_R_SUCCESS; + goto cleanup; } + /* * Update each active NSEC3 chain. */ @@ -1328,10 +1309,10 @@ try_private: nsecttl, unsecure, diff)); } if (result == ISC_R_NOMORE) { - success: result = ISC_R_SUCCESS; } -failure: + +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -1439,9 +1420,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) { goto cleanup_orphaned_ents; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); CHECK(dns_dbiterator_current(dbit, &node, NULL)); CHECK(dns_dbiterator_pause(dbit)); @@ -1451,9 +1430,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, if (result == ISC_R_NOTFOUND) { goto cleanup_orphaned_ents; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); /* * If we find a existing NSEC3 for this chain then save the @@ -1467,11 +1444,9 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, } dns_rdataset_disassociate(&rdataset); if (result == ISC_R_NOMORE) { - goto success; - } - if (result != ISC_R_SUCCESS) { - goto failure; + result = ISC_R_SUCCESS; } + CHECK(result); /* * Find the previous NSEC3 and update it. @@ -1497,9 +1472,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_rdataset_disassociate(&rdataset); continue; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); /* * Delete the old previous NSEC3. @@ -1553,11 +1526,10 @@ cleanup_orphaned_ents: salt_length)); result = dns_dbiterator_seek(dbit, hashname); if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) { - goto success; - } - if (result != ISC_R_SUCCESS) { - goto failure; + result = ISC_R_SUCCESS; + goto cleanup; } + CHECK(result); CHECK(dns_dbiterator_current(dbit, &node, NULL)); CHECK(dns_dbiterator_pause(dbit)); @@ -1566,11 +1538,10 @@ cleanup_orphaned_ents: (isc_stdtime_t)0, &rdataset, NULL); dns_db_detachnode(db, &node); if (result == ISC_R_NOTFOUND) { - goto success; - } - if (result != ISC_R_SUCCESS) { - goto failure; + result = ISC_R_SUCCESS; + goto cleanup; } + CHECK(result); result = find_nsec3(&nsec3, &rdataset, nsec3param); if (result == ISC_R_SUCCESS) { @@ -1580,11 +1551,9 @@ cleanup_orphaned_ents: } dns_rdataset_disassociate(&rdataset); if (result == ISC_R_NOMORE) { - goto success; - } - if (result != ISC_R_SUCCESS) { - goto failure; + result = ISC_R_SUCCESS; } + CHECK(result); pass = 0; do { @@ -1607,9 +1576,7 @@ cleanup_orphaned_ents: dns_rdataset_disassociate(&rdataset); continue; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); /* * Delete the old previous NSEC3. @@ -1642,10 +1609,9 @@ cleanup_orphaned_ents: CHECK(delnsec3(db, version, hashname, nsec3param, diff)); } while (1); -success: result = ISC_R_SUCCESS; -failure: +cleanup: if (dbit != NULL) { dns_dbiterator_destroy(&dbit); } @@ -1689,9 +1655,7 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version, if (result == ISC_R_NOTFOUND) { goto try_private; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); /* * Update each active NSEC3 chain. @@ -1716,16 +1680,16 @@ dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version, try_private: if (privatetype == 0) { - goto success; + result = ISC_R_SUCCESS; + goto cleanup; } result = dns_db_findrdataset(db, node, version, privatetype, 0, 0, &rdataset, NULL); if (result == ISC_R_NOTFOUND) { - goto success; - } - if (result != ISC_R_SUCCESS) { - goto failure; + result = ISC_R_SUCCESS; + goto cleanup; } + CHECK(result); /* * Update each NSEC3 chain being built. @@ -1758,11 +1722,10 @@ try_private: CHECK(dns_nsec3_delnsec3(db, version, name, &nsec3param, diff)); } if (result == ISC_R_NOMORE) { - success: result = ISC_R_SUCCESS; } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c index ca12bb5620..af45fdc00f 100644 --- a/lib/dns/opensslecdsa_link.c +++ b/lib/dns/opensslecdsa_link.c @@ -51,17 +51,17 @@ #error "P-384 group is not known (NID_secp384r1)" #endif /* ifndef NID_secp384r1 */ -#define DST_RET(a) \ - { \ - ret = a; \ - goto err; \ +#define DST_RET(a) \ + { \ + result = a; \ + goto cleanup; \ } #if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 static isc_result_t raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key, size_t key_len, EVP_PKEY **pkey) { - isc_result_t ret; + isc_result_t result; int status; const char *groupname; OSSL_PARAM_BLD *bld = NULL; @@ -141,9 +141,9 @@ raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key, DST_R_OPENSSLFAILURE)); } - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: if (params != NULL) { OSSL_PARAM_free(params); } @@ -157,14 +157,14 @@ err: BN_clear_free(priv); } - return ret; + return result; } #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \ */ static isc_result_t opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) { - isc_result_t ret = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; EVP_MD_CTX *evp_md_ctx; const EVP_MD *type = NULL; @@ -205,8 +205,8 @@ opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) { dctx->ctxdata.evp_md_ctx = evp_md_ctx; -err: - return ret; +cleanup: + return result; } static void @@ -225,7 +225,7 @@ opensslecdsa_destroyctx(dst_context_t *dctx) { static isc_result_t opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) { - isc_result_t ret = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 || @@ -250,8 +250,8 @@ opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) { } } -err: - return ret; +cleanup: + return result; } static int @@ -269,7 +269,7 @@ BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size) { static isc_result_t opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { - isc_result_t ret; + isc_result_t result; dst_key_t *key = dctx->key; isc_region_t region; EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; @@ -320,19 +320,19 @@ opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { isc_region_consume(®ion, siglen / 2); ECDSA_SIG_free(ecdsasig); isc_buffer_add(sig, siglen); - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: if (sigder != NULL && sigder_alloced != 0) { isc_mem_put(dctx->mctx, sigder, sigder_alloced); } - return ret; + return result; } static isc_result_t opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) { - isc_result_t ret; + isc_result_t result; dst_key_t *key = dctx->key; int status; unsigned char *cp = sig->base; @@ -388,19 +388,19 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) { switch (status) { case 1: - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; break; case 0: - ret = dst__openssl_toresult(DST_R_VERIFYFAILURE); + result = dst__openssl_toresult(DST_R_VERIFYFAILURE); break; default: - ret = dst__openssl_toresult3(dctx->category, - "EVP_DigestVerifyFinal", - DST_R_VERIFYFAILURE); + result = dst__openssl_toresult3(dctx->category, + "EVP_DigestVerifyFinal", + DST_R_VERIFYFAILURE); break; } -err: +cleanup: if (ecdsasig != NULL) { ECDSA_SIG_free(ecdsasig); } @@ -408,12 +408,12 @@ err: isc_mem_put(dctx->mctx, sigder, sigder_alloced); } - return ret; + return result; } static bool opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) { - bool ret; + bool result; EVP_PKEY *pkey1 = key1->keydata.pkey; EVP_PKEY *pkey2 = key2->keydata.pkey; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 @@ -464,9 +464,9 @@ opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) { ERR_clear_error(); } - ret = true; + result = true; -err: +cleanup: #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 if (eckey1 != NULL) { EC_KEY_free(eckey1); @@ -483,12 +483,12 @@ err: } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } static isc_result_t opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { - isc_result_t ret; + isc_result_t result; int status; EVP_PKEY *pkey = NULL; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 @@ -577,9 +577,9 @@ opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { key->keydata.pkey = pkey; pkey = NULL; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: if (pkey != NULL) { EVP_PKEY_free(pkey); } @@ -596,12 +596,12 @@ err: } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } static bool opensslecdsa_isprivate(const dst_key_t *key) { - bool ret; + bool result; EVP_PKEY *pkey; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 EC_KEY *eckey; @@ -620,22 +620,22 @@ opensslecdsa_isprivate(const dst_key_t *key) { #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 eckey = EVP_PKEY_get1_EC_KEY(pkey); - ret = (eckey != NULL && EC_KEY_get0_private_key(eckey) != NULL); + result = (eckey != NULL && EC_KEY_get0_private_key(eckey) != NULL); if (eckey != NULL) { EC_KEY_free(eckey); } else { ERR_clear_error(); } #else - ret = (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv) == - 1 && - priv != NULL); + result = (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, + &priv) == 1 && + priv != NULL); if (priv != NULL) { BN_clear_free(priv); } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } static void @@ -650,7 +650,7 @@ opensslecdsa_destroy(dst_key_t *key) { static isc_result_t opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) { - isc_result_t ret; + isc_result_t result; EVP_PKEY *pkey; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 EC_KEY *eckey = NULL; @@ -719,9 +719,9 @@ opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) { #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ isc_buffer_add(data, len); - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 if (eckey != NULL) { EC_KEY_free(eckey); @@ -735,12 +735,12 @@ err: } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } static isc_result_t opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) { - isc_result_t ret; + isc_result_t result; EVP_PKEY *pkey = NULL; isc_region_t r; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 @@ -803,29 +803,29 @@ opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) { DST_RET(dst__openssl_toresult(ISC_R_FAILURE)); } #else - ret = raw_key_to_ossl(key->key_alg, 0, r.base, len, &pkey); - if (ret != ISC_R_SUCCESS) { - DST_RET(ret); + result = raw_key_to_ossl(key->key_alg, 0, r.base, len, &pkey); + if (result != ISC_R_SUCCESS) { + DST_RET(result); } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ isc_buffer_forward(data, len); key->keydata.pkey = pkey; key->key_size = len * 4; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 if (eckey != NULL) { EC_KEY_free(eckey); } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } static isc_result_t opensslecdsa_tofile(const dst_key_t *key, const char *directory) { - isc_result_t ret; + isc_result_t result; EVP_PKEY *pkey; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 EC_KEY *eckey = NULL; @@ -895,9 +895,9 @@ opensslecdsa_tofile(const dst_key_t *key, const char *directory) { } priv.nelements = i; - ret = dst__privstruct_writefile(key, &priv, directory); + result = dst__privstruct_writefile(key, &priv, directory); -err: +cleanup: if (buf != NULL && privkey != NULL) { isc_mem_put(key->mctx, buf, BN_num_bytes(privkey)); } @@ -911,7 +911,7 @@ err: } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 @@ -940,7 +940,7 @@ ecdsa_check(EC_KEY *eckey, EC_KEY *pubeckey) { #else static isc_result_t ecdsa_check(EVP_PKEY **pkey, EVP_PKEY *pubpkey) { - isc_result_t ret = ISC_R_FAILURE; + isc_result_t result = ISC_R_FAILURE; int status; size_t pkey_len = 0; BIGNUM *x = NULL; @@ -1057,7 +1057,7 @@ ecdsa_check(EVP_PKEY **pkey, EVP_PKEY *pubpkey) { DST_RET(ISC_R_SUCCESS); } -err: +cleanup: if (ctx != NULL) { EVP_PKEY_CTX_free(ctx); } @@ -1077,7 +1077,7 @@ err: BN_clear_free(y); } - return ret; + return result; } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ @@ -1186,7 +1186,7 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label, static isc_result_t opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { dst_private_t priv; - isc_result_t ret; + isc_result_t result; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 EC_KEY *eckey = NULL; EC_KEY *pubeckey = NULL; @@ -1200,11 +1200,8 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { key->key_alg == DST_ALG_ECDSA384); /* read private key file */ - ret = dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx, - &priv); - if (ret != ISC_R_SUCCESS) { - goto err; - } + CHECK(dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, key->mctx, + &priv)); if (key->external) { if (priv.nelements != 0 || pub == NULL) { @@ -1236,10 +1233,7 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { } if (label != NULL) { - ret = opensslecdsa_fromlabel(key, engine, label, NULL); - if (ret != ISC_R_SUCCESS) { - goto err; - } + CHECK(opensslecdsa_fromlabel(key, engine, label, NULL)); #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 eckey = EVP_PKEY_get1_EC_KEY(key->keydata.pkey); @@ -1249,28 +1243,22 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ } else { #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 - ret = dst__key_to_eckey(key, &eckey); - if (ret != ISC_R_SUCCESS) { - goto err; - } + CHECK(dst__key_to_eckey(key, &eckey)); - ret = load_privkey_from_privstruct(eckey, &priv, privkey_index); + CHECK(load_privkey_from_privstruct(eckey, &priv, + privkey_index)); #else if (key->keydata.pkey != NULL) { EVP_PKEY_free(key->keydata.pkey); key->keydata.pkey = NULL; } - ret = raw_key_to_ossl(key->key_alg, 1, + CHECK(raw_key_to_ossl(key->key_alg, 1, priv.elements[privkey_index].data, priv.elements[privkey_index].length, - &key->keydata.pkey); + &key->keydata.pkey)); #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - if (ret != ISC_R_SUCCESS) { - goto err; - } - finalize_key = true; } @@ -1284,7 +1272,7 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { } if (finalize_key) { - ret = finalize_eckey(key, eckey, engine, label); + result = finalize_eckey(key, eckey, engine, label); } #else if (ecdsa_check(&key->keydata.pkey, @@ -1295,11 +1283,11 @@ opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { } if (finalize_key) { - ret = finalize_eckey(key, engine, label); + result = finalize_eckey(key, engine, label); } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ -err: +cleanup: #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 if (pubeckey != NULL) { EC_KEY_free(pubeckey); @@ -1308,21 +1296,21 @@ err: EC_KEY_free(eckey); } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - if (ret != ISC_R_SUCCESS) { + if (result != ISC_R_SUCCESS) { key->keydata.generic = NULL; } dst__privstruct_free(&priv, key->mctx); isc_safe_memwipe(&priv, sizeof(priv)); - return ret; + return result; } static isc_result_t opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label, const char *pin) { #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 - isc_result_t ret = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; ENGINE *e; EC_KEY *eckey = NULL; EC_KEY *pubeckey = NULL; @@ -1395,7 +1383,7 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label, key->keydata.pkey = pkey; pkey = NULL; -err: +cleanup: if (pubpkey != NULL) { EVP_PKEY_free(pubpkey); } @@ -1409,7 +1397,7 @@ err: EC_KEY_free(eckey); } - return ret; + return result; #else UNUSED(key); UNUSED(engine); diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c index 74dac17bc6..6301db4c36 100644 --- a/lib/dns/openssleddsa_link.c +++ b/lib/dns/openssleddsa_link.c @@ -38,10 +38,10 @@ #include "dst_parse.h" #include "openssl_shim.h" -#define DST_RET(a) \ - { \ - ret = a; \ - goto err; \ +#define DST_RET(a) \ + { \ + result = a; \ + goto cleanup; \ } #if HAVE_OPENSSL_ED25519 @@ -59,7 +59,7 @@ static isc_result_t raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key, size_t *key_len, EVP_PKEY **pkey) { - isc_result_t ret; + isc_result_t result; int pkey_type = EVP_PKEY_NONE; size_t len = 0; @@ -79,9 +79,9 @@ raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key, return ISC_R_NOTIMPLEMENTED; } - ret = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY); + result = (private ? DST_R_INVALIDPRIVATEKEY : DST_R_INVALIDPUBLICKEY); if (*key_len < len) { - return ret; + return result; } if (private) { @@ -90,7 +90,7 @@ raw_key_to_ossl(unsigned int key_alg, int private, const unsigned char *key, *pkey = EVP_PKEY_new_raw_public_key(pkey_type, NULL, key, len); } if (*pkey == NULL) { - return dst__openssl_toresult(ret); + return dst__openssl_toresult(result); } *key_len = len; @@ -156,7 +156,7 @@ openssleddsa_adddata(dst_context_t *dctx, const isc_region_t *data) { static isc_result_t openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { - isc_result_t ret; + isc_result_t result; dst_key_t *key = dctx->key; isc_region_t tbsreg; isc_region_t sigreg; @@ -196,19 +196,19 @@ openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { DST_R_SIGNFAILURE)); } isc_buffer_add(sig, (unsigned int)siglen); - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: EVP_MD_CTX_free(ctx); isc_buffer_free(&buf); dctx->ctxdata.generic = NULL; - return ret; + return result; } static isc_result_t openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) { - isc_result_t ret; + isc_result_t result; dst_key_t *key = dctx->key; int status; isc_region_t tbsreg; @@ -254,23 +254,24 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) { switch (status) { case 1: - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; break; case 0: - ret = dst__openssl_toresult(DST_R_VERIFYFAILURE); + result = dst__openssl_toresult(DST_R_VERIFYFAILURE); break; default: - ret = dst__openssl_toresult3(dctx->category, "EVP_DigestVerify", - DST_R_VERIFYFAILURE); + result = dst__openssl_toresult3(dctx->category, + "EVP_DigestVerify", + DST_R_VERIFYFAILURE); break; } -err: +cleanup: EVP_MD_CTX_free(ctx); isc_buffer_free(&buf); dctx->ctxdata.generic = NULL; - return ret; + return result; } static bool @@ -294,7 +295,7 @@ openssleddsa_compare(const dst_key_t *key1, const dst_key_t *key2) { static isc_result_t openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { - isc_result_t ret; + isc_result_t result; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; int nid = 0, status; @@ -339,11 +340,11 @@ openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { } key->keydata.pkey = pkey; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: EVP_PKEY_CTX_free(ctx); - return ret; + return result; } static bool @@ -412,7 +413,6 @@ openssleddsa_todns(const dst_key_t *key, isc_buffer_t *data) { static isc_result_t openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) { - isc_result_t ret; isc_region_t r; size_t len; EVP_PKEY *pkey; @@ -426,10 +426,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) { } len = r.length; - ret = raw_key_to_ossl(key->key_alg, 0, r.base, &len, &pkey); - if (ret != ISC_R_SUCCESS) { - return ret; - } + RETERR(raw_key_to_ossl(key->key_alg, 0, r.base, &len, &pkey)); isc_buffer_forward(data, len); key->keydata.pkey = pkey; @@ -439,7 +436,7 @@ openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) { static isc_result_t openssleddsa_tofile(const dst_key_t *key, const char *directory) { - isc_result_t ret; + isc_result_t result; dst_private_t priv; unsigned char *buf = NULL; size_t len; @@ -492,13 +489,13 @@ openssleddsa_tofile(const dst_key_t *key, const char *directory) { } priv.nelements = i; - ret = dst__privstruct_writefile(key, &priv, directory); + result = dst__privstruct_writefile(key, &priv, directory); -err: +cleanup: if (buf != NULL) { isc_mem_put(key->mctx, buf, len); } - return ret; + return result; } static isc_result_t @@ -515,7 +512,7 @@ eddsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) { static isc_result_t openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { dst_private_t priv; - isc_result_t ret; + isc_result_t result; int i, privkey_index = -1; const char *engine = NULL, *label = NULL; EVP_PKEY *pkey = NULL, *pubpkey = NULL; @@ -526,10 +523,7 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { key->key_alg == DST_ALG_ED448); /* read private key file */ - ret = dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv); - if (ret != ISC_R_SUCCESS) { - goto err; - } + CHECK(dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv)); if (key->external) { if (priv.nelements != 0) { @@ -566,10 +560,7 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { } if (label != NULL) { - ret = openssleddsa_fromlabel(key, engine, label, NULL); - if (ret != ISC_R_SUCCESS) { - goto err; - } + CHECK(openssleddsa_fromlabel(key, engine, label, NULL)); if (eddsa_check(key->keydata.pkey, pubpkey) != ISC_R_SUCCESS) { DST_RET(DST_R_INVALIDPRIVATEKEY); } @@ -581,30 +572,27 @@ openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { } len = priv.elements[privkey_index].length; - ret = raw_key_to_ossl(key->key_alg, 1, - priv.elements[privkey_index].data, &len, &pkey); - if (ret != ISC_R_SUCCESS) { - goto err; - } + CHECK(raw_key_to_ossl(key->key_alg, 1, + priv.elements[privkey_index].data, &len, &pkey)); if (eddsa_check(pkey, pubpkey) != ISC_R_SUCCESS) { EVP_PKEY_free(pkey); DST_RET(DST_R_INVALIDPRIVATEKEY); } key->keydata.pkey = pkey; key->key_size = len * 8; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: dst__privstruct_free(&priv, mctx); isc_safe_memwipe(&priv, sizeof(priv)); - return ret; + return result; } static isc_result_t openssleddsa_fromlabel(dst_key_t *key, const char *engine, const char *label, const char *pin) { #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 - isc_result_t ret; + isc_result_t result; ENGINE *e; EVP_PKEY *pkey = NULL, *pubpkey = NULL; int baseid = EVP_PKEY_NONE; @@ -654,16 +642,16 @@ openssleddsa_fromlabel(dst_key_t *key, const char *engine, const char *label, key->key_size = EVP_PKEY_bits(pkey); key->keydata.pkey = pkey; pkey = NULL; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: if (pubpkey != NULL) { EVP_PKEY_free(pubpkey); } if (pkey != NULL) { EVP_PKEY_free(pkey); } - return ret; + return result; #else /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ UNUSED(key); UNUSED(engine); diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 37e8a63a61..b92e1bfc88 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -42,10 +42,10 @@ #include "dst_parse.h" #include "openssl_shim.h" -#define DST_RET(a) \ - { \ - ret = a; \ - goto err; \ +#define DST_RET(a) \ + { \ + result = a; \ + goto cleanup; \ } static isc_result_t @@ -256,7 +256,7 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { static bool opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) { - bool ret; + bool result; int status; EVP_PKEY *pkey1 = key1->keydata.pkey; EVP_PKEY *pkey2 = key2->keydata.pkey; @@ -323,9 +323,9 @@ opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) { } } - ret = true; + result = true; -err: +cleanup: #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 if (rsa1 != NULL) { RSA_free(rsa1); @@ -354,7 +354,7 @@ err: } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 @@ -392,7 +392,7 @@ progress_cb(EVP_PKEY_CTX *ctx) { static isc_result_t opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) { - isc_result_t ret; + isc_result_t result; union { void *dptr; void (*fptr)(int); @@ -500,9 +500,9 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) { key->keydata.pkey = pkey; pkey = NULL; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: if (pkey != NULL) { EVP_PKEY_free(pkey); } @@ -521,7 +521,7 @@ err: if (e != NULL) { BN_free(e); } - return ret; + return result; } static bool @@ -584,7 +584,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { isc_region_t r; unsigned int e_bytes; unsigned int mod_bytes; - isc_result_t ret; + isc_result_t result; EVP_PKEY *pkey; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 RSA *rsa; @@ -641,8 +641,8 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { isc_buffer_add(data, e_bytes + mod_bytes); - ret = ISC_R_SUCCESS; -err: + result = ISC_R_SUCCESS; +cleanup: #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 if (rsa != NULL) { RSA_free(rsa); @@ -655,12 +655,12 @@ err: BN_free(n); } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } static isc_result_t opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { - isc_result_t ret; + isc_result_t result; int status; isc_region_t r; unsigned int e_bytes; @@ -778,9 +778,9 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { key->keydata.pkey = pkey; pkey = NULL; - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; -err: +cleanup: #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 if (rsa != NULL) { @@ -807,12 +807,12 @@ err: EVP_PKEY_free(pkey); } - return ret; + return result; } static isc_result_t opensslrsa_tofile(const dst_key_t *key, const char *directory) { - isc_result_t ret; + isc_result_t result; dst_private_t priv = { 0 }; unsigned char *bufs[8] = { NULL }; unsigned short i = 0; @@ -952,9 +952,9 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { } priv.nelements = i; - ret = dst__privstruct_writefile(key, &priv, directory); + result = dst__privstruct_writefile(key, &priv, directory); -err: +cleanup: for (i = 0; i < ARRAY_SIZE(bufs); i++) { if (bufs[i] != NULL) { isc_mem_put(key->mctx, bufs[i], @@ -990,7 +990,7 @@ err: } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - return ret; + return result; } #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 @@ -1053,7 +1053,7 @@ rsa_check(RSA *rsa, RSA *pub) { #else static isc_result_t rsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) { - isc_result_t ret = ISC_R_FAILURE; + isc_result_t result = ISC_R_FAILURE; int status; BIGNUM *n1 = NULL, *n2 = NULL; BIGNUM *e1 = NULL, *e2 = NULL; @@ -1101,7 +1101,7 @@ rsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) { DST_RET(ISC_R_SUCCESS); } -err: +cleanup: if (n1 != NULL) { BN_free(n1); } @@ -1115,14 +1115,14 @@ err: BN_free(e2); } - return ret; + return result; } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ static isc_result_t opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { dst_private_t priv; - isc_result_t ret; + isc_result_t result; int i; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 RSA *rsa = NULL, *pubrsa = NULL; @@ -1152,10 +1152,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { mctx = key->mctx; /* read private key file */ - ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); - if (ret != ISC_R_SUCCESS) { - goto err; - } + CHECK(dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv)); if (key->external) { if (priv.nelements != 0 || pub == NULL) { @@ -1405,7 +1402,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { key->keydata.pkey = pkey; pkey = NULL; -err: +cleanup: if (pkey != NULL) { EVP_PKEY_free(pkey); } @@ -1451,14 +1448,14 @@ err: BN_clear_free(iqmp); } #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ - if (ret != ISC_R_SUCCESS) { + if (result != ISC_R_SUCCESS) { key->keydata.generic = NULL; } dst__privstruct_free(&priv, mctx); isc_safe_memwipe(&priv, sizeof(priv)); - return ret; + return result; } static isc_result_t @@ -1466,7 +1463,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, const char *pin) { #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 ENGINE *e = NULL; - isc_result_t ret = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; EVP_PKEY *pkey = NULL, *pubpkey = NULL; RSA *rsa = NULL, *pubrsa = NULL; const BIGNUM *ex = NULL; @@ -1520,7 +1517,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, key->keydata.pkey = pkey; pkey = NULL; -err: +cleanup: if (rsa != NULL) { RSA_free(rsa); } @@ -1533,7 +1530,7 @@ err: if (pubpkey != NULL) { EVP_PKEY_free(pubpkey); } - return ret; + return result; #else /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ UNUSED(key); UNUSED(engine); @@ -1651,7 +1648,7 @@ check_algorithm(unsigned char algorithm) { const EVP_MD *type = NULL; const unsigned char *sig = NULL; int status; - isc_result_t ret = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; size_t len; #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 RSA *rsa = NULL; @@ -1769,7 +1766,7 @@ check_algorithm(unsigned char algorithm) { DST_RET(ISC_R_NOTIMPLEMENTED); } -err: +cleanup: BN_free(e); BN_free(n); #if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 @@ -1794,7 +1791,7 @@ err: EVP_MD_CTX_destroy(evp_md_ctx); } ERR_clear_error(); - return ret; + return result; } isc_result_t diff --git a/lib/dns/private.c b/lib/dns/private.c index b165440348..eef3bbb4a4 100644 --- a/lib/dns/private.c +++ b/lib/dns/private.c @@ -44,13 +44,6 @@ #define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0) #define NONSEC(x) (((x) & DNS_NSEC3FLAG_NONSEC) != 0) -#define CHECK(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - /* * Work out if 'param' should be ignored or not (i.e. it is in the process * of being removed). @@ -126,14 +119,14 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver, result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec, 0, (isc_stdtime_t)0, &nsecset, NULL); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param, 0, (isc_stdtime_t)0, &nsec3paramset, NULL); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } if (dns_rdataset_isassociated(&nsecset) && @@ -152,8 +145,8 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver, result = dns_db_findrdataset(db, node, ver, privatetype, 0, (isc_stdtime_t)0, &privateset, NULL); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } } @@ -318,7 +311,7 @@ dns_private_chains(dns_db_t *db, dns_dbversion_t *ver, success: result = ISC_R_SUCCESS; -failure: +cleanup: if (dns_rdataset_isassociated(&nsecset)) { dns_rdataset_disassociate(&nsecset); } @@ -412,6 +405,6 @@ dns_private_totext(dns_rdata_t *private, isc_buffer_t *buf) { isc_buffer_putuint8(buf, 0); result = ISC_R_SUCCESS; -failure: +cleanup: return result; } diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c index d054acadb4..7e8ee98ac3 100644 --- a/lib/dns/rbt.c +++ b/lib/dns/rbt.c @@ -42,13 +42,6 @@ #include #include -#define CHECK(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - #define RBT_MAGIC ISC_MAGIC('R', 'B', 'T', '+') #define VALID_RBT(rbt) ISC_MAGIC_VALID(rbt, RBT_MAGIC) diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 82cb74db26..cb7f410311 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -65,13 +65,6 @@ #define RBTDB_MAGIC ISC_MAGIC('R', 'B', 'D', '4') -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - /*% * Note that "impmagic" is not the first four bytes of the struct, so * ISC_MAGIC_VALID cannot be used. diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c index a60997873c..37b8148a26 100644 --- a/lib/dns/rcode.c +++ b/lib/dns/rcode.c @@ -37,13 +37,6 @@ #include #include -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - #define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */ #define TOTEXTONLY 0x01 diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index 9087bae11c..2f6595d732 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -48,13 +48,6 @@ #include #include -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - #define RETTOK(x) \ do { \ isc_result_t _r = (x); \ @@ -64,13 +57,6 @@ } \ } while (0) -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - #define CHECKTOK(op) \ do { \ result = (op); \ diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c index f03716c7d2..8aa4c076d3 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -54,13 +54,6 @@ #define TEMP_BUFFER_SZ 8192 #define TKEY_RANDOM_AMOUNT 16 -#define RETERR(x) \ - do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - static void tkey_log(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2); @@ -167,7 +160,7 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata, dns_rdataset_t *newset = NULL; isc_buffer_t *tmprdatabuf = NULL; - RETERR(dns_message_gettemprdata(msg, &newrdata)); + CHECK(dns_message_gettemprdata(msg, &newrdata)); dns_rdata_toregion(rdata, &r); isc_buffer_allocate(msg->mctx, &tmprdatabuf, r.length); @@ -176,17 +169,17 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata, dns_rdata_fromregion(newrdata, rdata->rdclass, rdata->type, &newr); dns_message_takebuffer(msg, &tmprdatabuf); - RETERR(dns_message_gettempname(msg, &newname)); + CHECK(dns_message_gettempname(msg, &newname)); dns_name_copy(name, newname); - RETERR(dns_message_gettemprdatalist(msg, &newlist)); + CHECK(dns_message_gettemprdatalist(msg, &newlist)); newlist->rdclass = newrdata->rdclass; newlist->type = newrdata->type; newlist->ttl = ttl; ISC_LIST_APPEND(newlist->rdata, newrdata, link); - RETERR(dns_message_gettemprdataset(msg, &newset)); - RETERR(dns_rdatalist_tordataset(newlist, newset)); + CHECK(dns_message_gettemprdataset(msg, &newset)); + CHECK(dns_rdatalist_tordataset(newlist, newset)); ISC_LIST_INIT(newname->list); ISC_LIST_APPEND(newname->list, newset, link); @@ -195,7 +188,7 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata, return ISC_R_SUCCESS; -failure: +cleanup: if (newrdata != NULL) { if (ISC_LINK_LINKED(newrdata, link)) { INSIST(newlist != NULL); @@ -430,10 +423,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, } } - RETERR(add_rdata_to_list(msg, keyname, &keyrdata, ttl, namelist)); + CHECK(add_rdata_to_list(msg, keyname, &keyrdata, ttl, namelist)); isc_buffer_init(&ourkeybuf, keydata, sizeof(keydata)); - RETERR(dst_key_todns(tctx->dhkey, &ourkeybuf)); + CHECK(dst_key_todns(tctx->dhkey, &ourkeybuf)); isc_buffer_usedregion(&ourkeybuf, &ourkeyr); dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_any, dns_rdatatype_key, &ourkeyr); @@ -444,16 +437,16 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, /* * XXXBEW The TTL should be obtained from the database, if it exists. */ - RETERR(add_rdata_to_list(msg, &ourname, &ourkeyrdata, 0, namelist)); + CHECK(add_rdata_to_list(msg, &ourname, &ourkeyrdata, 0, namelist)); - RETERR(dst_key_secretsize(tctx->dhkey, &sharedsize)); + CHECK(dst_key_secretsize(tctx->dhkey, &sharedsize)); isc_buffer_allocate(msg->mctx, &shared, sharedsize); result = dst_key_computesecret(pubkey, tctx->dhkey, shared); if (result != ISC_R_SUCCESS) { tkey_log("process_dhtkey: failed to compute shared secret: %s", isc_result_totext(result)); - goto failure; + goto cleanup; } dst_key_free(&pubkey); @@ -467,10 +460,10 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, r.length = TKEY_RANDOM_AMOUNT; r2.base = tkeyin->key; r2.length = tkeyin->keylen; - RETERR(compute_secret(shared, &r2, &r, &secret)); + CHECK(compute_secret(shared, &r2, &r, &secret)); isc_buffer_free(&shared); - RETERR(dns_tsigkey_create( + CHECK(dns_tsigkey_create( name, &tkeyin->algorithm, isc_buffer_base(&secret), isc_buffer_usedlength(&secret), true, signer, tkeyin->inception, tkeyin->expire, ring->mctx, ring, NULL)); @@ -484,7 +477,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, return ISC_R_SUCCESS; -failure: +cleanup: if (!ISC_LIST_EMPTY(*namelist)) { free_namelist(msg, namelist); } @@ -566,7 +559,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin, return ISC_R_SUCCESS; } if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS) { - goto failure; + CHECK(result); } /* * XXXDCL Section 4.1.3: Limit GSS_S_CONTINUE_NEEDED to 10 times. @@ -584,8 +577,8 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin, #endif /* HAVE_GSSAPI */ uint32_t expire; - RETERR(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey, - &intoken)); + CHECK(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey, + &intoken)); /* * Limit keys to 1 hour or the context's lifetime whichever * is smaller. @@ -597,7 +590,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin, expire = now + lifetime; } #endif /* HAVE_GSSAPI */ - RETERR(dns_tsigkey_createfromkey( + CHECK(dns_tsigkey_createfromkey( name, &tkeyin->algorithm, dstkey, true, principal, now, expire, ring->mctx, ring, &tsigkey)); dst_key_free(&dstkey); @@ -639,7 +632,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin, return ISC_R_SUCCESS; -failure: +cleanup: if (tsigkey != NULL) { dns_tsigkey_detach(&tsigkey); } @@ -743,26 +736,23 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, dns_rdatatype_tkey, 0, &name, &tkeyset) != ISC_R_SUCCESS) { - result = DNS_R_FORMERR; tkey_log("dns_tkey_processquery: couldn't find a TKEY " "matching the question"); - goto failure; + CHECK(DNS_R_FORMERR); } } result = dns_rdataset_first(tkeyset); if (result != ISC_R_SUCCESS) { - result = DNS_R_FORMERR; - goto failure; + CHECK(DNS_R_FORMERR); } dns_rdata_init(&rdata); dns_rdataset_current(tkeyset, &rdata); - RETERR(dns_rdata_tostruct(&rdata, &tkeyin, NULL)); + CHECK(dns_rdata_tostruct(&rdata, &tkeyin, NULL)); freetkeyin = true; if (tkeyin.error != dns_rcode_noerror) { - result = DNS_R_FORMERR; - goto failure; + CHECK(DNS_R_FORMERR); } /* @@ -779,8 +769,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, } else { tkey_log("dns_tkey_processquery: query was not " "properly signed - rejecting"); - result = DNS_R_FORMERR; - goto failure; + CHECK(DNS_R_FORMERR); } } else { signer = &tsigner; @@ -814,8 +803,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, if (tctx->domain == NULL && tkeyin.mode != DNS_TKEYMODE_GSSAPI) { tkey_log("dns_tkey_processquery: tkey-domain not set"); - result = DNS_R_REFUSED; - goto failure; + CHECK(DNS_R_REFUSED); } keyname = dns_fixedname_initname(&fkeyname); @@ -843,35 +831,25 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, } isc_buffer_init(&b, randomtext, sizeof(randomtext)); isc_buffer_add(&b, sizeof(randomtext)); - result = dns_name_fromtext(keyname, &b, NULL, 0, NULL); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_name_fromtext(keyname, &b, NULL, 0, NULL)); } if (tkeyin.mode == DNS_TKEYMODE_GSSAPI) { /* Yup. This is a hack */ - result = dns_name_concatenate(keyname, dns_rootname, - keyname, NULL); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_name_concatenate(keyname, dns_rootname, + keyname, NULL)); } else { - result = dns_name_concatenate(keyname, tctx->domain, - keyname, NULL); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_name_concatenate(keyname, tctx->domain, + keyname, NULL)); } result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring); - if (result == ISC_R_SUCCESS) { tkeyout.error = dns_tsigerror_badname; dns_tsigkey_detach(&tsigkey); goto failure_with_tkey; } else if (result != ISC_R_NOTFOUND) { - goto failure; + CHECK(result); } } else { keyname = qname; @@ -880,23 +858,23 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, switch (tkeyin.mode) { case DNS_TKEYMODE_DIFFIEHELLMAN: tkeyout.error = dns_rcode_noerror; - RETERR(process_dhtkey(msg, signer, keyname, &tkeyin, tctx, - &tkeyout, ring, &namelist)); + CHECK(process_dhtkey(msg, signer, keyname, &tkeyin, tctx, + &tkeyout, ring, &namelist)); break; case DNS_TKEYMODE_GSSAPI: tkeyout.error = dns_rcode_noerror; - RETERR(process_gsstkey(msg, keyname, &tkeyin, tctx, &tkeyout, - ring)); + CHECK(process_gsstkey(msg, keyname, &tkeyin, tctx, &tkeyout, + ring)); break; case DNS_TKEYMODE_DELETE: tkeyout.error = dns_rcode_noerror; - RETERR(process_deletetkey(signer, keyname, &tkeyin, &tkeyout, - ring)); + CHECK(process_deletetkey(signer, keyname, &tkeyin, &tkeyout, + ring)); break; case DNS_TKEYMODE_SERVERASSIGNED: case DNS_TKEYMODE_RESOLVERASSIGNED: result = DNS_R_NOTIMP; - goto failure; + goto cleanup; default: tkeyout.error = dns_tsigerror_badmode; } @@ -920,13 +898,11 @@ failure_with_tkey: if (tkeyout.other != NULL) { isc_mem_put(tkeyout.mctx, tkeyout.other, tkeyout.otherlen); } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); - RETERR(add_rdata_to_list(msg, keyname, &rdata, 0, &namelist)); + CHECK(add_rdata_to_list(msg, keyname, &rdata, 0, &namelist)); - RETERR(dns_message_reply(msg, true)); + CHECK(dns_message_reply(msg, true)); name = ISC_LIST_HEAD(namelist); while (name != NULL) { @@ -938,7 +914,7 @@ failure_with_tkey: return ISC_R_SUCCESS; -failure: +cleanup: if (freetkeyin) { dns_rdata_freestruct(&tkeyin); @@ -964,28 +940,28 @@ buildquery(dns_message_t *msg, const dns_name_t *name, dns_rdata_tkey_t *tkey, REQUIRE(name != NULL); REQUIRE(tkey != NULL); - RETERR(dns_message_gettempname(msg, &qname)); - RETERR(dns_message_gettempname(msg, &aname)); + CHECK(dns_message_gettempname(msg, &qname)); + CHECK(dns_message_gettempname(msg, &aname)); - RETERR(dns_message_gettemprdataset(msg, &question)); + CHECK(dns_message_gettemprdataset(msg, &question)); dns_rdataset_makequestion(question, dns_rdataclass_any, dns_rdatatype_tkey); len = 16 + tkey->algorithm.length + tkey->keylen + tkey->otherlen; isc_buffer_allocate(msg->mctx, &dynbuf, len); - RETERR(dns_message_gettemprdata(msg, &rdata)); + CHECK(dns_message_gettemprdata(msg, &rdata)); - RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any, - dns_rdatatype_tkey, tkey, dynbuf)); + CHECK(dns_rdata_fromstruct(rdata, dns_rdataclass_any, + dns_rdatatype_tkey, tkey, dynbuf)); dns_message_takebuffer(msg, &dynbuf); - RETERR(dns_message_gettemprdatalist(msg, &tkeylist)); + CHECK(dns_message_gettemprdatalist(msg, &tkeylist)); tkeylist->rdclass = dns_rdataclass_any; tkeylist->type = dns_rdatatype_tkey; ISC_LIST_APPEND(tkeylist->rdata, rdata, link); - RETERR(dns_message_gettemprdataset(msg, &tkeyset)); - RETERR(dns_rdatalist_tordataset(tkeylist, tkeyset)); + CHECK(dns_message_gettemprdataset(msg, &tkeyset)); + CHECK(dns_rdatalist_tordataset(tkeylist, tkeyset)); dns_name_copy(name, qname); dns_name_copy(name, aname); @@ -1007,7 +983,7 @@ buildquery(dns_message_t *msg, const dns_name_t *name, dns_rdata_tkey_t *tkey, return ISC_R_SUCCESS; -failure: +cleanup: if (qname != NULL) { dns_message_puttempname(msg, &qname); } @@ -1079,11 +1055,11 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, tkey.other = NULL; tkey.otherlen = 0; - RETERR(buildquery(msg, name, &tkey, false)); + CHECK(buildquery(msg, name, &tkey, false)); - RETERR(dns_message_gettemprdata(msg, &rdata)); + CHECK(dns_message_gettemprdata(msg, &rdata)); isc_buffer_allocate(msg->mctx, &dynbuf, 1024); - RETERR(dst_key_todns(key, dynbuf)); + CHECK(dst_key_todns(key, dynbuf)); isc_buffer_usedregion(dynbuf, &r); dns_rdata_fromregion(rdata, dns_rdataclass_any, dns_rdatatype_key, &r); dns_message_takebuffer(msg, &dynbuf); @@ -1092,7 +1068,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_clone(dst_key_name(key), &keyname); ISC_LIST_INIT(namelist); - RETERR(add_rdata_to_list(msg, &keyname, rdata, 0, &namelist)); + CHECK(add_rdata_to_list(msg, &keyname, rdata, 0, &namelist)); item = ISC_LIST_HEAD(namelist); while (item != NULL) { dns_name_t *next = ISC_LIST_NEXT(item, link); @@ -1103,7 +1079,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, return ISC_R_SUCCESS; -failure: +cleanup: if (dynbuf != NULL) { isc_buffer_free(&dynbuf); @@ -1242,12 +1218,12 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, if (rmsg->rcode != dns_rcode_noerror) { return dns_result_fromrcode(rmsg->rcode); } - RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); - RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); + CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); + CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); freertkey = true; - RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL)); - RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); + CHECK(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL)); + CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); if (rtkey.error != dns_rcode_noerror || rtkey.mode != DNS_TKEYMODE_DIFFIEHELLMAN || @@ -1257,9 +1233,8 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, { tkey_log("dns_tkey_processdhresponse: tkey mode invalid " "or error set(1)"); - result = DNS_R_INVALIDTKEY; dns_rdata_freestruct(&qtkey); - goto failure; + CHECK(DNS_R_INVALIDTKEY); } dns_rdata_freestruct(&qtkey); @@ -1269,9 +1244,9 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, ourkeyname = NULL; ourkeyset = NULL; - RETERR(dns_message_findname(rmsg, DNS_SECTION_ANSWER, &keyname, - dns_rdatatype_key, 0, &ourkeyname, - &ourkeyset)); + CHECK(dns_message_findname(rmsg, DNS_SECTION_ANSWER, &keyname, + dns_rdatatype_key, 0, &ourkeyname, + &ourkeyset)); result = dns_message_firstname(rmsg, DNS_SECTION_ANSWER); while (result == ISC_R_SUCCESS) { @@ -1285,7 +1260,7 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, result = dns_message_findtype(theirkeyname, dns_rdatatype_key, 0, &theirkeyset); if (result == ISC_R_SUCCESS) { - RETERR(dns_rdataset_first(theirkeyset)); + CHECK(dns_rdataset_first(theirkeyset)); break; } next: @@ -1295,18 +1270,17 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, if (theirkeyset == NULL) { tkey_log("dns_tkey_processdhresponse: failed to find server " "key"); - result = ISC_R_NOTFOUND; - goto failure; + CHECK(ISC_R_NOTFOUND); } dns_rdataset_current(theirkeyset, &theirkeyrdata); - RETERR(dns_dnssec_keyfromrdata(theirkeyname, &theirkeyrdata, rmsg->mctx, - &theirkey)); + CHECK(dns_dnssec_keyfromrdata(theirkeyname, &theirkeyrdata, rmsg->mctx, + &theirkey)); - RETERR(dst_key_secretsize(key, &sharedsize)); + CHECK(dst_key_secretsize(key, &sharedsize)); isc_buffer_allocate(rmsg->mctx, &shared, sharedsize); - RETERR(dst_key_computesecret(theirkey, key, shared)); + CHECK(dst_key_computesecret(theirkey, key, shared)); isc_buffer_init(&secret, secretdata, sizeof(secretdata)); @@ -1318,7 +1292,7 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, r2.base = NULL; r2.length = 0; } - RETERR(compute_secret(shared, &r2, &r, &secret)); + CHECK(compute_secret(shared, &r2, &r, &secret)); isc_buffer_usedregion(&secret, &r); result = dns_tsigkey_create(tkeyname, &rtkey.algorithm, r.base, @@ -1329,7 +1303,7 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, dst_key_free(&theirkey); return result; -failure: +cleanup: if (shared != NULL) { isc_buffer_free(&shared); } @@ -1370,8 +1344,8 @@ dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, if (rmsg->rcode != dns_rcode_noerror) { return dns_result_fromrcode(rmsg->rcode); } - RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); - RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); + CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); + CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); /* * Win2k puts the item in the ANSWER section, while the RFC @@ -1384,11 +1358,9 @@ dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, result = find_tkey(qmsg, &tkeyname, &qtkeyrdata, DNS_SECTION_ANSWER); } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); - RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); + CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); if (rtkey.error != dns_rcode_noerror || rtkey.mode != DNS_TKEYMODE_GSSAPI || @@ -1399,26 +1371,25 @@ dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, rtkey.error); dumpmessage(qmsg); dumpmessage(rmsg); - result = DNS_R_INVALIDTKEY; - goto failure; + CHECK(DNS_R_INVALIDTKEY); } isc_buffer_init(outtoken, array, sizeof(array)); isc_buffer_init(&intoken, rtkey.key, rtkey.keylen); - RETERR(dst_gssapi_initctx(gname, &intoken, outtoken, context, - ring->mctx, err_message)); + CHECK(dst_gssapi_initctx(gname, &intoken, outtoken, context, ring->mctx, + err_message)); - RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey, - NULL)); + CHECK(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey, + NULL)); - RETERR(dns_tsigkey_createfromkey( + CHECK(dns_tsigkey_createfromkey( tkeyname, DNS_TSIG_GSSAPI_NAME, dstkey, false, NULL, rtkey.inception, rtkey.expire, ring->mctx, ring, outkey)); dst_key_free(&dstkey); dns_rdata_freestruct(&rtkey); return result; -failure: +cleanup: /* * XXXSRA This probably leaks memory from rtkey and qtkey. */ @@ -1444,11 +1415,11 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, return dns_result_fromrcode(rmsg->rcode); } - RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); - RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); + CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); + CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); - RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL)); - RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); + CHECK(find_tkey(qmsg, &tempname, &qtkeyrdata, DNS_SECTION_ADDITIONAL)); + CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); if (rtkey.error != dns_rcode_noerror || rtkey.mode != DNS_TKEYMODE_DELETE || rtkey.mode != qtkey.mode || @@ -1457,15 +1428,14 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, { tkey_log("dns_tkey_processdeleteresponse: tkey mode invalid " "or error set(3)"); - result = DNS_R_INVALIDTKEY; dns_rdata_freestruct(&qtkey); dns_rdata_freestruct(&rtkey); - goto failure; + CHECK(DNS_R_INVALIDTKEY); } dns_rdata_freestruct(&qtkey); - RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring)); + CHECK(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring)); dns_rdata_freestruct(&rtkey); @@ -1478,7 +1448,7 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, */ dns_tsigkey_detach(&tsigkey); -failure: +cleanup: return result; } @@ -1507,19 +1477,19 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, return dns_result_fromrcode(rmsg->rcode); } - RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); - RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); + CHECK(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); + CHECK(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); freertkey = true; if (win2k) { - RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata, - DNS_SECTION_ANSWER)); + CHECK(find_tkey(qmsg, &tkeyname, &qtkeyrdata, + DNS_SECTION_ANSWER)); } else { - RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata, - DNS_SECTION_ADDITIONAL)); + CHECK(find_tkey(qmsg, &tkeyname, &qtkeyrdata, + DNS_SECTION_ADDITIONAL)); } - RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); + CHECK(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); if (rtkey.error != dns_rcode_noerror || rtkey.mode != DNS_TKEYMODE_GSSAPI || @@ -1527,8 +1497,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, { tkey_log("dns_tkey_processdhresponse: tkey mode invalid " "or error set(4)"); - result = DNS_R_INVALIDTKEY; - goto failure; + CHECK(DNS_R_INVALIDTKEY); } isc_buffer_init(&intoken, rtkey.key, rtkey.keylen); @@ -1569,12 +1538,12 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, tkey.otherlen = 0; dns_message_reset(qmsg, DNS_MESSAGE_INTENTRENDER); - RETERR(buildquery(qmsg, tkeyname, &tkey, win2k)); + CHECK(buildquery(qmsg, tkeyname, &tkey, win2k)); return DNS_R_CONTINUE; } - RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey, - NULL)); + CHECK(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey, + NULL)); /* * XXXSRA This seems confused. If we got CONTINUE from initctx, @@ -1582,7 +1551,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, * anything yet. */ - RETERR(dns_tsigkey_createfromkey( + CHECK(dns_tsigkey_createfromkey( tkeyname, win2k ? DNS_TSIG_GSSAPIMS_NAME : DNS_TSIG_GSSAPI_NAME, dstkey, true, NULL, rtkey.inception, rtkey.expire, ring->mctx, ring, outkey)); @@ -1590,7 +1559,7 @@ dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, dns_rdata_freestruct(&rtkey); return result; -failure: +cleanup: /* * XXXSRA This probably leaks memory from qtkey. */ diff --git a/lib/dns/ttl.c b/lib/dns/ttl.c index 79d45593c5..33ab78a560 100644 --- a/lib/dns/ttl.c +++ b/lib/dns/ttl.c @@ -30,13 +30,6 @@ #include -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - static isc_result_t bind_ttl(isc_textregion_t *source, uint32_t *ttl); diff --git a/lib/dns/update.c b/lib/dns/update.c index 6f2f80479d..c6dacad5b2 100644 --- a/lib/dns/update.c +++ b/lib/dns/update.c @@ -73,116 +73,6 @@ */ #define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8) -/*% - * Check an operation for failure. These macros all assume that - * the function using them has a 'result' variable and a 'failure' - * label. - */ -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -/*% - * Fail unconditionally with result 'code', which must not - * be ISC_R_SUCCESS. The reason for failure presumably has - * been logged already. - * - * The test against ISC_R_SUCCESS is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ - -#define FAIL(code) \ - do { \ - result = (code); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -/*% - * Fail unconditionally and log as a client error. - * The test against ISC_R_SUCCESS is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define FAILC(code, msg) \ - do { \ - const char *_what = "failed"; \ - result = (code); \ - switch (result) { \ - case DNS_R_NXDOMAIN: \ - case DNS_R_YXDOMAIN: \ - case DNS_R_YXRRSET: \ - case DNS_R_NXRRSET: \ - _what = "unsuccessful"; \ - } \ - update_log(log, zone, LOGLEVEL_PROTOCOL, "update %s: %s (%s)", \ - _what, msg, isc_result_totext(result)); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -#define FAILN(code, name, msg) \ - do { \ - const char *_what = "failed"; \ - result = (code); \ - switch (result) { \ - case DNS_R_NXDOMAIN: \ - case DNS_R_YXDOMAIN: \ - case DNS_R_YXRRSET: \ - case DNS_R_NXRRSET: \ - _what = "unsuccessful"; \ - } \ - if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \ - char _nbuf[DNS_NAME_FORMATSIZE]; \ - dns_name_format(name, _nbuf, sizeof(_nbuf)); \ - update_log(log, zone, LOGLEVEL_PROTOCOL, \ - "update %s: %s: %s (%s)", _what, _nbuf, \ - msg, isc_result_totext(result)); \ - } \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -#define FAILNT(code, name, type, msg) \ - do { \ - const char *_what = "failed"; \ - result = (code); \ - switch (result) { \ - case DNS_R_NXDOMAIN: \ - case DNS_R_YXDOMAIN: \ - case DNS_R_YXRRSET: \ - case DNS_R_NXRRSET: \ - _what = "unsuccessful"; \ - } \ - if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \ - char _nbuf[DNS_NAME_FORMATSIZE]; \ - char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \ - dns_name_format(name, _nbuf, sizeof(_nbuf)); \ - dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \ - update_log(log, zone, LOGLEVEL_PROTOCOL, \ - "update %s: %s/%s: %s (%s)", _what, _nbuf, \ - _tbuf, msg, isc_result_totext(result)); \ - } \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -/*% - * Fail unconditionally and log as a server error. - * The test against ISC_R_SUCCESS is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define FAILS(code, msg) \ - do { \ - result = (code); \ - update_log(log, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", msg, \ - isc_result_totext(result)); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - /**************************************************************************/ typedef struct rr rr_t; @@ -735,7 +625,7 @@ namelist_append_name(dns_diff_t *list, dns_name_t *name) { CHECK(dns_difftuple_create(list->mctx, DNS_DIFFOP_EXISTS, name, 0, &dummy_rdata, &tuple)); dns_diff_append(list, &tuple); -failure: +cleanup: return result; } @@ -765,7 +655,7 @@ namelist_append_subdomain(dns_db_t *db, dns_name_t *name, if (result == ISC_R_NOMORE) { result = ISC_R_SUCCESS; } -failure: +cleanup: if (dbit != NULL) { dns_dbiterator_destroy(&dbit); } @@ -836,7 +726,7 @@ uniqify_name_list(dns_diff_t *list) { } while (1); p = ISC_LIST_NEXT(p, link); } -failure: +cleanup: return result; } @@ -938,8 +828,7 @@ next_active(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, if (wraps == 2) { update_log(log, zone, ISC_LOG_ERROR, "secure zone with no NSECs"); - result = DNS_R_BADZONE; - goto failure; + CHECK(DNS_R_BADZONE); } } CHECK(dns_dbiterator_current(dbit, &node, newname)); @@ -975,7 +864,7 @@ next_active(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, } } } while (!has_nsec); -failure: +cleanup: if (dbit != NULL) { dns_dbiterator_destroy(&dbit); } @@ -1027,7 +916,7 @@ add_nsec(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, CHECK(do_one_tuple(&tuple, db, ver, diff)); INSIST(tuple == NULL); -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -1052,7 +941,7 @@ add_placeholder_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name, 0, &rdata, &tuple)); CHECK(do_one_tuple(&tuple, db, ver, diff)); -failure: +cleanup: return result; } @@ -1074,7 +963,7 @@ find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, nkeys); dns_zone_unlock_keyfiles(zone); -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -1275,7 +1164,7 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, result = ISC_R_NOTFOUND; } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -1306,9 +1195,8 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result == ISC_R_NOTFOUND) { return ISC_R_SUCCESS; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); + result = dns_db_findrdataset(db, node, ver, dns_rdatatype_rrsig, dns_rdatatype_dnskey, (isc_stdtime_t)0, &rdataset, NULL); @@ -1317,9 +1205,7 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result == ISC_R_NOTFOUND) { return ISC_R_SUCCESS; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) @@ -1363,7 +1249,8 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result == ISC_R_NOMORE) { result = ISC_R_SUCCESS; } -failure: + +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -1568,7 +1455,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, update_log(log, zone, ISC_LOG_ERROR, "could not get zone keys for secure " "dynamic update"); - goto failure; + goto cleanup; } isc_stdtime_get(&state->now); @@ -2012,7 +1899,7 @@ next_state: if (!state->build_nsec3) { update_log(log, zone, ISC_LOG_DEBUG(3), "no NSEC3 chains to rebuild"); - goto failure; + goto cleanup; } update_log(log, zone, ISC_LOG_DEBUG(3), @@ -2186,7 +2073,7 @@ next_state: UNREACHABLE(); } -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } diff --git a/lib/dns/view.c b/lib/dns/view.c index 14effbee60..62bf21978d 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -64,13 +64,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - #define RESSHUTDOWN(v) \ ((atomic_load(&(v)->attributes) & DNS_VIEWATTR_RESSHUTDOWN) != 0) #define ADBSHUTDOWN(v) \ diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 3a4f7616f4..6a46ea3cdd 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -51,25 +51,6 @@ * Incoming AXFR and IXFR. */ -/*% - * It would be non-sensical (or at least obtuse) to use FAIL() with an - * ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define FAIL(code) \ - do { \ - result = (code); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - /*% * The states of the *XFR state machine. We handle both IXFR and AXFR * with a single integrated state machine because they cannot be distinguished @@ -294,7 +275,7 @@ axfr_init(dns_xfrin_ctx_t *xfr) { dns_rdatacallbacks_init(&xfr->axfr); CHECK(dns_db_beginload(xfr->db, &xfr->axfr)); result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -317,7 +298,7 @@ axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, dns_name_t *name, CHECK(axfr_apply(xfr)); } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -335,12 +316,11 @@ axfr_apply(dns_xfrin_ctx_t *xfr) { if (xfr->maxrecords != 0U) { result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { - result = DNS_R_TOOMANYRECORDS; - goto failure; + CHECK(DNS_R_TOOMANYRECORDS); } } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -353,7 +333,7 @@ axfr_commit(dns_xfrin_ctx_t *xfr) { CHECK(dns_zone_verifydb(xfr->zone, xfr->db, NULL)); result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -364,7 +344,7 @@ axfr_finalize(dns_xfrin_ctx_t *xfr) { CHECK(dns_zone_replacedb(xfr->zone, xfr->db, true)); result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -395,7 +375,7 @@ ixfr_init(dns_xfrin_ctx_t *xfr) { } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -419,7 +399,7 @@ ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, dns_name_t *name, CHECK(ixfr_apply(xfr)); } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -441,20 +421,16 @@ ixfr_apply(dns_xfrin_ctx_t *xfr) { if (xfr->maxrecords != 0U) { result = dns_db_getsize(xfr->db, xfr->ver, &records, NULL); if (result == ISC_R_SUCCESS && records > xfr->maxrecords) { - result = DNS_R_TOOMANYRECORDS; - goto failure; + CHECK(DNS_R_TOOMANYRECORDS); } } if (xfr->ixfr.journal != NULL) { - result = dns_journal_writediff(xfr->ixfr.journal, &xfr->diff); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_journal_writediff(xfr->ixfr.journal, &xfr->diff)); } dns_diff_clear(&xfr->diff); xfr->difflen = 0; result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -473,7 +449,7 @@ ixfr_commit(dns_xfrin_ctx_t *xfr) { dns_zone_markdirty(xfr->zone); } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -500,7 +476,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, uint32_t ttl, dns_rdatatype_format(rdata->type, buf, sizeof(buf)); xfrin_log(xfr, ISC_LOG_NOTICE, "Unexpected %s record in zone transfer", buf); - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } /* @@ -515,7 +491,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, uint32_t ttl, dns_name_format(name, namebuf, sizeof(namebuf)); xfrin_log(xfr, ISC_LOG_DEBUG(3), "SOA name mismatch: '%s'", namebuf); - FAIL(DNS_R_NOTZONETOP); + CHECK(DNS_R_NOTZONETOP); } redo: @@ -524,7 +500,7 @@ redo: if (rdata->type != dns_rdatatype_soa) { xfrin_log(xfr, ISC_LOG_NOTICE, "non-SOA response to SOA query"); - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } xfr->end_serial = dns_soa_getserial(rdata); if (!DNS_SERIAL_GT(xfr->end_serial, xfr->ixfr.request_serial) && @@ -534,7 +510,7 @@ redo: "requested serial %u, " "primary has %u, not updating", xfr->ixfr.request_serial, xfr->end_serial); - FAIL(DNS_R_UPTODATE); + CHECK(DNS_R_UPTODATE); } xfr->state = XFRST_GOTSOA; break; @@ -549,7 +525,7 @@ redo: if (rdata->type != dns_rdatatype_soa) { xfrin_log(xfr, ISC_LOG_NOTICE, "first RR in zone transfer must be SOA"); - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } /* * Remember the serial number in the initial SOA. @@ -569,7 +545,7 @@ redo: "requested serial %u, " "primary has %u, not updating", xfr->ixfr.request_serial, xfr->end_serial); - FAIL(DNS_R_UPTODATE); + CHECK(DNS_R_UPTODATE); } xfr->firstsoa = *rdata; if (xfr->firstsoa_data != NULL) { @@ -636,7 +612,7 @@ redo: "IXFR out of sync: " "expected serial %u, got %u", xfr->ixfr.current_serial, soa_serial); - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } else { CHECK(ixfr_commit(xfr)); xfr->state = XFRST_IXFR_DELSOA; @@ -646,7 +622,7 @@ redo: if (rdata->type == dns_rdatatype_ns && dns_name_iswildcard(name)) { - FAIL(DNS_R_INVALIDNS); + CHECK(DNS_R_INVALIDNS); } CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); break; @@ -671,7 +647,7 @@ redo: xfrin_log(xfr, ISC_LOG_NOTICE, "start and ending SOA records " "mismatch"); - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } CHECK(axfr_commit(xfr)); xfr->state = XFRST_AXFR_END; @@ -680,13 +656,13 @@ redo: break; case XFRST_AXFR_END: case XFRST_IXFR_END: - FAIL(DNS_R_EXTRADATA); + CHECK(DNS_R_EXTRADATA); FALLTHROUGH; default: UNREACHABLE(); } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -1010,10 +986,7 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx, * parameters from the configuration file and try to * store it for further reuse. */ - result = isc_tlsctx_createclient(&tlsctx); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(isc_tlsctx_createclient(&tlsctx)); tls_versions = dns_transport_get_tls_versions(xfr->transport); if (tls_versions != 0) { isc_tlsctx_set_protocols(tlsctx, tls_versions); @@ -1045,12 +1018,8 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx, * CA certificates will be created, just * as planned. */ - result = isc_tls_cert_store_create(ca_file, - &store); - - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(isc_tls_cert_store_create(ca_file, + &store)); } else { store = found_store; } @@ -1077,12 +1046,9 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx, * Only SubjectAltName must be checked. */ hostname_ignore_subject = true; - result = isc_tlsctx_enable_peer_verification( + CHECK(isc_tlsctx_enable_peer_verification( tlsctx, false, store, hostname, - hostname_ignore_subject); - if (result != ISC_R_SUCCESS) { - goto failure; - } + hostname_ignore_subject)); /* * Let's load client certificate and enable @@ -1093,11 +1059,8 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx, if (cert_file != NULL) { INSIST(key_file != NULL); - result = isc_tlsctx_load_certificate( - tlsctx, key_file, cert_file); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(isc_tlsctx_load_certificate( + tlsctx, key_file, cert_file)); } } @@ -1171,7 +1134,7 @@ get_create_tlsctx(const dns_xfrin_ctx_t *xfr, isc_tlsctx_t **pctx, return ISC_R_SUCCESS; -failure: +cleanup: if (tlsctx != NULL) { isc_tlsctx_free(&tlsctx); } @@ -1232,10 +1195,7 @@ xfrin_start(dns_xfrin_ctx_t *xfr) { connect_xfr, 30000, 0); break; case DNS_TRANSPORT_TLS: { - result = get_create_tlsctx(xfr, &tlsctx, &sess_cache); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(get_create_tlsctx(xfr, &tlsctx, &sess_cache)); INSIST(tlsctx != NULL); isc_nm_tlsdnsconnect(xfr->netmgr, &xfr->sourceaddr, &xfr->primaryaddr, xfrin_connect_done, @@ -1247,7 +1207,7 @@ xfrin_start(dns_xfrin_ctx_t *xfr) { return ISC_R_SUCCESS; -failure: +cleanup: isc_refcount_decrement0(&xfr->connects); dns_xfrin_detach(&connect_xfr); return result; @@ -1270,7 +1230,7 @@ render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf) { CHECK(dns_message_rendersection(msg, DNS_SECTION_ADDITIONAL, 0)); CHECK(dns_message_renderend(msg)); result = ISC_R_SUCCESS; -failure: +cleanup: if (cleanup_cctx) { dns_compress_invalidate(&cctx); } @@ -1299,13 +1259,13 @@ xfrin_connect_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { if (result != ISC_R_SUCCESS) { xfrin_fail(xfr, result, "failed to connect"); - goto failure; + goto cleanup; } result = isc_nm_xfr_checkperm(handle); if (result != ISC_R_SUCCESS) { xfrin_fail(xfr, result, "connected but unable to transfer"); - goto failure; + goto cleanup; } zmgr = dns_zone_getmgr(xfr->zone); @@ -1333,7 +1293,7 @@ xfrin_connect_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { xfrin_fail(xfr, result, "connected but unable to send"); } -failure: +cleanup: switch (result) { case ISC_R_SUCCESS: break; @@ -1401,8 +1361,7 @@ tuple2msgname(dns_difftuple_t *tuple, dns_message_t *msg, dns_name_t **target) { *target = name; return ISC_R_SUCCESS; -failure: - +cleanup: if (rds != NULL) { dns_rdataset_disassociate(rds); dns_message_puttemprdataset(msg, &rds); @@ -1501,7 +1460,7 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) { isc_refcount_increment0(&send_xfr->sends); isc_nm_send(xfr->handle, ®ion, xfrin_send_done, send_xfr); -failure: +cleanup: if (qname != NULL) { dns_message_puttempname(msg, &qname); } @@ -1542,7 +1501,7 @@ xfrin_send_done(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) { isc_refcount_increment0(&recv_xfr->recvs); isc_nm_read(recv_xfr->handle, xfrin_recv_done, recv_xfr); -failure: +cleanup: if (result != ISC_R_SUCCESS) { xfrin_fail(xfr, result, "failed sending request data"); } @@ -1629,7 +1588,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result, if (xfr->reqtype == dns_rdatatype_axfr || xfr->reqtype == dns_rdatatype_soa) { - goto failure; + goto cleanup; } xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR", @@ -1658,16 +1617,14 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result, if (msg->counts[DNS_SECTION_QUESTION] > 1) { xfrin_log(xfr, ISC_LOG_NOTICE, "too many questions (%u)", msg->counts[DNS_SECTION_QUESTION]); - result = DNS_R_FORMERR; - goto failure; + CHECK(DNS_R_FORMERR); } if ((xfr->state == XFRST_SOAQUERY || xfr->state == XFRST_INITIALSOA) && msg->counts[DNS_SECTION_QUESTION] != 1) { xfrin_log(xfr, ISC_LOG_NOTICE, "missing question section"); - result = DNS_R_FORMERR; - goto failure; + CHECK(DNS_R_FORMERR); } for (result = dns_message_firstname(msg, DNS_SECTION_QUESTION); @@ -1679,28 +1636,25 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result, name = NULL; dns_message_currentname(msg, DNS_SECTION_QUESTION, &name); if (!dns_name_equal(name, &xfr->name)) { - result = DNS_R_FORMERR; xfrin_log(xfr, ISC_LOG_NOTICE, "question name mismatch"); - goto failure; + CHECK(DNS_R_FORMERR); } rds = ISC_LIST_HEAD(name->list); INSIST(rds != NULL); if (rds->type != xfr->reqtype) { - result = DNS_R_FORMERR; xfrin_log(xfr, ISC_LOG_NOTICE, "question type mismatch"); - goto failure; + CHECK(DNS_R_FORMERR); } if (rds->rdclass != xfr->rdclass) { - result = DNS_R_FORMERR; xfrin_log(xfr, ISC_LOG_NOTICE, "question class mismatch"); - goto failure; + CHECK(DNS_R_FORMERR); } } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } /* @@ -1721,14 +1675,14 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result, if (xfr->reqtype == dns_rdatatype_soa && (msg->flags & DNS_MESSAGEFLAG_AA) == 0) { - FAIL(DNS_R_NOTAUTHORITATIVE); + CHECK(DNS_R_NOTAUTHORITATIVE); } result = dns_message_checksig(msg, dns_zone_getview(xfr->zone)); if (result != ISC_R_SUCCESS) { xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s", isc_result_totext(result)); - goto failure; + goto cleanup; } for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER); @@ -1753,7 +1707,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result, } } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } if (dns_message_gettsig(msg, &tsigowner) != NULL) { @@ -1779,8 +1733,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result, xfr->state == XFRST_AXFR_END || xfr->state == XFRST_IXFR_END) { - result = DNS_R_EXPECTEDTSIG; - goto failure; + CHECK(DNS_R_EXPECTEDTSIG); } } @@ -1850,7 +1803,7 @@ xfrin_recv_done(isc_nmhandle_t *handle, isc_result_t result, return; } -failure: +cleanup: if (result != ISC_R_SUCCESS) { xfrin_fail(xfr, result, "failed while receiving responses"); } diff --git a/lib/dns/zone.c b/lib/dns/zone.c index ad8d9ac24d..e7cd32a6c7 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -593,13 +593,6 @@ typedef enum { #define UNREACH_CACHE_SIZE 10U #define UNREACH_HOLD_TIME 600 /* 10 minutes */ -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - struct dns_unreachable { isc_sockaddr_t remote; isc_sockaddr_t local; @@ -4350,7 +4343,7 @@ create_keydata(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, set_refreshkeytimer(zone, &kd, now, true); return ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -4451,7 +4444,7 @@ trust_key(dns_zone_t *zone, dns_name_t *keyname, dns_rdata_dnskey_t *dnskey, dns_keytable_detach(&sr); -failure: +cleanup: if (sr != NULL) { dns_keytable_detach(&sr); } @@ -4624,7 +4617,7 @@ update_soa_serial(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, CHECK(do_one_tuple(&addtuple, db, ver, diff)); result = ISC_R_SUCCESS; -failure: +cleanup: if (addtuple != NULL) { dns_difftuple_free(&addtuple); } @@ -4693,7 +4686,7 @@ add_soa(dns_zone_t *zone, dns_db_t *db) { dns_zone_log(zone, ISC_LOG_ERROR, "add_soa:dns_db_newversion -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* Build SOA record */ @@ -4703,13 +4696,13 @@ add_soa(dns_zone_t *zone, dns_db_t *db) { dns_zone_log(zone, ISC_LOG_ERROR, "add_soa:dns_soa_buildrdata -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } result = update_one_rr(db, ver, &diff, DNS_DIFFOP_ADD, &zone->origin, 0, &rdata); -failure: +cleanup: dns_diff_clear(&diff); if (ver != NULL) { dns_db_closeversion(db, &ver, result == ISC_R_SUCCESS); @@ -4813,7 +4806,7 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { dnssec_log(zone, ISC_LOG_ERROR, "sync_keyzone:dns_db_newversion -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -4840,7 +4833,7 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { dns_rriterator_current(&rrit, &rrname, &ttl, &rdataset, NULL); if (!dns_rdataset_isassociated(rdataset)) { dns_rriterator_destroy(&rrit); - goto failure; + goto cleanup; } if (rdataset->type != dns_rdatatype_keydata) { @@ -4915,7 +4908,7 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { commit = true; } -failure: +cleanup: if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "unable to synchronize managed keys: %s", @@ -4953,7 +4946,7 @@ dns_zone_synckeyzone(dns_zone_t *zone) { result = sync_keyzone(zone, db); UNLOCK_ZONE(zone); -failure: +cleanup: if (db != NULL) { dns_db_detach(&db); } @@ -6680,7 +6673,7 @@ dns__zone_findkeys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, result = ISC_R_SUCCESS; } -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); @@ -6719,8 +6712,8 @@ dns_zone_getdnsseckeys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_zone_getmctx(zone), keys); dns_zone_unlock_keyfiles(zone); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } /* Get public keys (dnskeys). */ @@ -6756,7 +6749,7 @@ dns_zone_getdnsseckeys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, } } -failure: +cleanup: if (dns_rdataset_isassociated(&keyset)) { dns_rdataset_disassociate(&keyset); } @@ -6942,9 +6935,8 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result == ISC_R_NOTFOUND) { return ISC_R_SUCCESS; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); + result = dns_db_findrdataset(db, node, ver, dns_rdatatype_rrsig, type, (isc_stdtime_t)0, &rdataset, NULL); dns_db_detachnode(db, &node); @@ -6955,7 +6947,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, } if (result != ISC_R_SUCCESS) { INSIST(!dns_rdataset_isassociated(&rdataset)); - goto failure; + goto cleanup; } for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; @@ -7105,7 +7097,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, "key expiry warning time out of range"); } } -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -7145,9 +7137,8 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone, if (result == ISC_R_NOTFOUND) { return ISC_R_SUCCESS; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); + result = dns_db_findrdataset(db, node, ver, type, 0, (isc_stdtime_t)0, &rdataset, NULL); dns_db_detachnode(db, &node); @@ -7157,7 +7148,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone, } if (result != ISC_R_SUCCESS) { INSIST(!dns_rdataset_isassociated(&rdataset)); - goto failure; + goto cleanup; } for (i = 0; i < nkeys; i++) { @@ -7364,7 +7355,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_zone_t *zone, } } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -7460,8 +7451,7 @@ zone_resigninc(dns_zone_t *zone) { if (zone->update_disabled || DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_NORESIGN)) { - result = ISC_R_FAILURE; - goto failure; + CHECK(ISC_R_FAILURE); } ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); @@ -7470,8 +7460,7 @@ zone_resigninc(dns_zone_t *zone) { } ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); if (db == NULL) { - result = ISC_R_FAILURE; - goto failure; + CHECK(ISC_R_FAILURE); } result = dns_db_newversion(db, &version); @@ -7479,7 +7468,7 @@ zone_resigninc(dns_zone_t *zone) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_resigninc:dns_db_newversion -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } isc_stdtime_get(&now); @@ -7490,7 +7479,7 @@ zone_resigninc(dns_zone_t *zone) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_resigninc:dns__zone_findkeys -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } calculate_rrsig_validity(zone, now, &inception, &soaexpire, &expire, @@ -7568,8 +7557,8 @@ zone_resigninc(dns_zone_t *zone) { } } - if (result != ISC_R_NOMORE && result != ISC_R_SUCCESS) { - goto failure; + if (result != ISC_R_NOMORE) { + CHECK(result); } result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa, @@ -7578,7 +7567,7 @@ zone_resigninc(dns_zone_t *zone) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_resigninc:del_sigs -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -7591,7 +7580,7 @@ zone_resigninc(dns_zone_t *zone) { if (zonediff.offline) { dns_db_closeversion(db, &version, true); } - goto failure; + goto cleanup; } /* Increment SOA serial if we have made changes */ @@ -7601,7 +7590,7 @@ zone_resigninc(dns_zone_t *zone) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_resigninc:update_soa_serial -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -7615,7 +7604,7 @@ zone_resigninc(dns_zone_t *zone) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_resigninc:add_sigs -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* Write changes to journal file. */ @@ -7624,7 +7613,7 @@ zone_resigninc(dns_zone_t *zone) { /* Everything has succeeded. Commit the changes. */ dns_db_closeversion(db, &version, true); -failure: +cleanup: dns_diff_clear(&_sig_diff); for (i = 0; i < nkeys; i++) { dst_key_free(&zone_keys[i]); @@ -7687,7 +7676,7 @@ next_active(dns_db_t *db, dns_dbversion_t *version, dns_name_t *oldname, break; } } while (1); -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -7786,7 +7775,7 @@ add_nsec(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, CHECK(dns_nsec_buildrdata(db, version, node, next, nsecbuffer, &rdata)); CHECK(update_one_rr(db, version, diff, DNS_DIFFOP_ADD, name, ttl, &rdata)); -failure: +cleanup: return result; } @@ -7827,14 +7816,14 @@ check_if_bottom_of_zone(dns_db_t *db, dns_dbnode_t *node, dns_rdataset_disassociate(&rdataset); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } if ((seen_ns && !seen_soa) || seen_dname) { *is_bottom_of_zone = true; } result = ISC_R_SUCCESS; -failure: +cleanup: dns_rdatasetiter_destroy(&iterator); return result; @@ -7890,7 +7879,7 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name, dns_rdataset_disassociate(&rdataset); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } /* * Going from insecure to NSEC3. @@ -7990,7 +7979,8 @@ sign_a_node(dns_db_t *db, dns_zone_t *zone, dns_name_t *name, if (result == ISC_R_NOMORE) { result = ISC_R_SUCCESS; } -failure: + +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -8022,15 +8012,13 @@ updatesecure(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, if (result == ISC_R_NOTFOUND) { goto success; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); } CHECK(delete_nsec(db, version, node, name, diff)); CHECK(add_nsec(db, version, name, node, nsecttl, false, diff)); success: result = ISC_R_SUCCESS; -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -8050,10 +8038,7 @@ updatesignwithkey(dns_zone_t *zone, dns_signing_t *signing, bool have_rr = false; dns_rdataset_init(&rdataset); - result = dns_db_getoriginnode(signing->db, &node); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_db_getoriginnode(signing->db, &node)); result = dns_db_findrdataset(signing->db, node, version, zone->privatetype, dns_rdatatype_none, 0, @@ -8061,11 +8046,11 @@ updatesignwithkey(dns_zone_t *zone, dns_signing_t *signing, if (result == ISC_R_NOTFOUND) { INSIST(!dns_rdataset_isassociated(&rdataset)); result = ISC_R_SUCCESS; - goto failure; + goto cleanup; } if (result != ISC_R_SUCCESS) { INSIST(!dns_rdataset_isassociated(&rdataset)); - goto failure; + goto cleanup; } for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) @@ -8137,7 +8122,7 @@ updatesignwithkey(dns_zone_t *zone, dns_signing_t *signing, diff)); } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -8195,7 +8180,7 @@ fixup_nsec3param(dns_db_t *db, dns_dbversion_t *ver, dns_nsec3chain_t *chain, goto try_private; } if (result != ISC_R_SUCCESS) { - goto failure; + goto cleanup; } /* @@ -8228,7 +8213,7 @@ fixup_nsec3param(dns_db_t *db, dns_dbversion_t *ver, dns_nsec3chain_t *chain, dns_rdata_reset(&rdata); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } dns_rdataset_disassociate(&rdataset); @@ -8250,9 +8235,7 @@ try_private: if (result == ISC_R_NOTFOUND) { goto add; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) @@ -8285,13 +8268,13 @@ try_private: dns_rdata_reset(&rdata); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } add: if ((chain->nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0) { result = ISC_R_SUCCESS; - goto failure; + goto cleanup; } /* @@ -8308,7 +8291,7 @@ add: rdata.data[1] = 0; /* Clear flag bits. */ CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADD, name, ttl, &rdata)); -failure: +cleanup: dns_db_detachnode(db, &node); if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); @@ -8344,7 +8327,8 @@ delete_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, if (result == ISC_R_NOMORE) { result = ISC_R_SUCCESS; } -failure: + +cleanup: dns_rdataset_disassociate(&rdataset); return result; } @@ -8387,7 +8371,8 @@ deletematchingnsec3(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, if (result == ISC_R_NOMORE) { result = ISC_R_SUCCESS; } -failure: + +cleanup: dns_rdataset_disassociate(&rdataset); return result; } @@ -8464,7 +8449,7 @@ need_nsec_chain(dns_db_t *db, dns_dbversion_t *ver, result = ISC_R_SUCCESS; } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -8617,8 +8602,7 @@ zone_nsec3chain(dns_zone_t *zone) { * Updates are disabled. Pause for 5 minutes. */ if (zone->update_disabled) { - result = ISC_R_FAILURE; - goto failure; + CHECK(ISC_R_FAILURE); } ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); @@ -8644,7 +8628,7 @@ zone_nsec3chain(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:dns_db_newversion -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } isc_stdtime_get(&now); @@ -8655,7 +8639,7 @@ zone_nsec3chain(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:dns__zone_findkeys -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } calculate_rrsig_validity(zone, now, &inception, &soaexpire, NULL, @@ -8773,9 +8757,7 @@ zone_nsec3chain(dns_zone_t *zone) { /* Empty node? */ goto next_addnode; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); seen_soa = seen_ns = seen_dname = seen_ds = seen_nsec = false; for (result = dns_rdatasetiter_first(iterator); @@ -8823,7 +8805,7 @@ zone_nsec3chain(dns_zone_t *zone) { "zone_nsec3chain:" "dns_nsec3_addnsec3 -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -8880,7 +8862,7 @@ zone_nsec3chain(dns_zone_t *zone) { "zone_nsec3chain:" "dns_dbiterator_next -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } else if (delegation) { dns_dbiterator_current(nsec3chain->dbiterator, &node, nextname); @@ -8960,7 +8942,7 @@ zone_nsec3chain(dns_zone_t *zone) { "zone_nsec3chain:" "need_nsec_chain -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } } @@ -8987,7 +8969,7 @@ zone_nsec3chain(dns_zone_t *zone) { "zone_nsec3chain:" "fixup_nsec3param -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } } @@ -9002,7 +8984,7 @@ zone_nsec3chain(dns_zone_t *zone) { "zone_nsec3chain:" "deletematchingnsec3 -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } goto next_removenode; } @@ -9037,9 +9019,7 @@ zone_nsec3chain(dns_zone_t *zone) { /* Empty node? */ goto next_removenode; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); seen_soa = seen_ns = seen_dname = seen_nsec3 = seen_nsec = seen_rr = false; @@ -9111,7 +9091,7 @@ zone_nsec3chain(dns_zone_t *zone) { "zone_nsec3chain:" "fixup_nsec3param -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } goto next_removechain; } else if (result != ISC_R_SUCCESS) { @@ -9119,7 +9099,7 @@ zone_nsec3chain(dns_zone_t *zone) { "zone_nsec3chain:" "dns_dbiterator_next -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } else if (delegation) { dns_dbiterator_current(nsec3chain->dbiterator, &node, nextname); @@ -9159,7 +9139,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:dns_db_allrdatasets -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } for (result = dns_rdatasetiter_first(iterator); result == ISC_R_SUCCESS; @@ -9188,7 +9168,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:updatesecure -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } } @@ -9205,7 +9185,7 @@ skip_removals: "zone_nsec3chain:" "dns_nsec3_addnsec3s -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } } } @@ -9223,7 +9203,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:dns__zone_updatesigs -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -9237,7 +9217,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:dns__zone_updatesigs -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } if (updatensec) { @@ -9247,7 +9227,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:updatesecure -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } } @@ -9258,7 +9238,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:dns__zone_updatesigs -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -9270,7 +9250,7 @@ skip_removals: * No need to call dns_db_closeversion() here as it is * called with commit = true below. */ - goto done; + goto closeversion; } result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa, @@ -9279,7 +9259,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:del_sigs -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } result = update_soa_serial(zone, db, version, zonediff.diff, zone->mctx, @@ -9288,7 +9268,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:update_soa_serial -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } result = add_sigs(db, version, &zone->origin, zone, dns_rdatatype_soa, @@ -9298,7 +9278,7 @@ skip_removals: dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:add_sigs -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* Write changes to journal file. */ @@ -9309,7 +9289,7 @@ skip_removals: DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY); UNLOCK_ZONE(zone); -done: +closeversion: /* * Pause all iterators so that dns_db_closeversion() can succeed. */ @@ -9343,7 +9323,7 @@ done: set_resigntime(zone); UNLOCK_ZONE(zone); -failure: +cleanup: if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "zone_nsec3chain: %s", isc_result_totext(result)); @@ -9481,7 +9461,7 @@ del_sig(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, rdataset.ttl, &rdata)); } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } dns_rdataset_disassociate(&rdataset); continue; @@ -9533,7 +9513,7 @@ del_sig(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, * i.e., found in at least one, and not missing from any. */ *has_algp = (alg_found && !alg_missed); -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -9631,12 +9611,12 @@ dns_zone_check_dnskey_nsec3(dns_zone_t *zone, dns_db_t *db, /* Refuse to allow NSEC3 with NSEC-only keys */ if (nseconly && nsec3) { - goto failure; + goto cleanup; } return true; -failure: +cleanup: return false; } @@ -9691,7 +9671,7 @@ zone_sign(dns_zone_t *zone) { */ if (zone->update_disabled) { result = ISC_R_FAILURE; - goto cleanup; + goto done; } ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); @@ -9701,7 +9681,7 @@ zone_sign(dns_zone_t *zone) { ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); if (db == NULL) { result = ISC_R_FAILURE; - goto cleanup; + goto done; } result = dns_db_newversion(db, &version); @@ -9709,7 +9689,7 @@ zone_sign(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:dns_db_newversion -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } isc_stdtime_get(&now); @@ -9720,7 +9700,7 @@ zone_sign(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:dns__zone_findkeys -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } calculate_rrsig_validity(zone, now, &inception, &soaexpire, NULL, @@ -10037,7 +10017,7 @@ zone_sign(dns_zone_t *zone) { "updatesecure -> %s", isc_result_totext( result)); - goto cleanup; + goto done; } } result = updatesignwithkey( @@ -10047,7 +10027,7 @@ zone_sign(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "updatesignwithkey -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } build_nsec = false; goto next_signing; @@ -10056,7 +10036,7 @@ zone_sign(dns_zone_t *zone) { "zone_sign:" "dns_dbiterator_next -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } else if (is_bottom_of_zone) { dns_dbiterator_current(signing->dbiterator, &node, nextname); @@ -10085,7 +10065,7 @@ zone_sign(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:dns__zone_updatesigs -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } } @@ -10107,7 +10087,7 @@ zone_sign(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:del_sigs -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } result = update_soa_serial(zone, db, version, zonediff.diff, zone->mctx, @@ -10116,7 +10096,7 @@ zone_sign(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:update_soa_serial -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } /* @@ -10129,7 +10109,7 @@ zone_sign(dns_zone_t *zone) { if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "zone_sign:add_sigs -> %s", isc_result_totext(result)); - goto cleanup; + goto done; } /* @@ -10178,13 +10158,13 @@ pauseall: } UNLOCK_ZONE(zone); -failure: +cleanup: if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "zone_sign: failed: %s", isc_result_totext(result)); } -cleanup: +done: /* * Pause all dbiterators. */ @@ -10430,9 +10410,8 @@ minimal_update(dns_keyfetch_t *kfetch, dns_dbversion_t *ver, dns_diff_t *diff) { if (result == ISC_R_UNEXPECTEDEND) { continue; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); + keydata.refresh = refresh_time(kfetch, true); set_refreshkeytimer(zone, &keydata, now, false); @@ -10447,7 +10426,7 @@ minimal_update(dns_keyfetch_t *kfetch, dns_dbversion_t *ver, dns_diff_t *diff) { 0, &rdata)); } result = ISC_R_SUCCESS; -failure: +cleanup: return result; } @@ -10583,7 +10562,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { LOCK_ZONE(zone); if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || zone->view == NULL) { - goto cleanup; + goto out; } isc_stdtime_get(&now); @@ -11142,7 +11121,7 @@ done: result = ISC_R_SUCCESS; } -failure: +cleanup: if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "error during managed-keys processing (%s): " @@ -11154,7 +11133,7 @@ failure: dns_db_closeversion(kfetch->db, &ver, commit); } -cleanup: +out: dns_db_detach(&kfetch->db); /* The zone must be managed */ @@ -11418,7 +11397,7 @@ zone_refreshkeys(dns_zone_t *zone) { zone_needdump(zone, 30); } -failure: +cleanup: if (!timerset) { isc_time_settoepoch(&zone->refreshkeytime); } @@ -11762,7 +11741,7 @@ zone_expire(dns_zone_t *zone) { "policies unloaded"); } -failure: +cleanup: if (db != NULL) { dns_db_detach(&db); } @@ -16794,7 +16773,7 @@ sync_secure_journal(dns_zone_t *zone, dns_zone_t *raw, dns_journal_t *journal, result = ISC_R_SUCCESS; } -failure: +cleanup: return result; } @@ -17182,8 +17161,8 @@ nextevent: result = dns_journal_open(zone->mctx, zone->journal, DNS_JOURNAL_READ, &sjournal); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } if (!dns_journal_get_sourceserial(rjournal, &start)) { @@ -17217,7 +17196,7 @@ nextevent: start, end, &soatuple, &zone->rss_diff); if (result == DNS_R_UNCHANGED) { - goto failure; + goto cleanup; } else if (result != ISC_R_SUCCESS) { CHECK(sync_secure_db(zone, zone->rss_raw, zone->rss_db, zone->rss_oldver, &soatuple, @@ -17273,7 +17252,7 @@ nextevent: * that contents of the raw zone and the secure zone are kept in sync. */ if (result != ISC_R_SUCCESS && dns_db_issecure(zone->rss_db)) { - goto failure; + goto cleanup; } if (rjournal == NULL) { @@ -17311,7 +17290,7 @@ nextevent: newserial, desired); } -failure: +cleanup: isc_event_free(&zone->rss_event); event = ISC_LIST_HEAD(zone->rss_events); @@ -17589,7 +17568,7 @@ done: result = ISC_R_SUCCESS; } -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -17744,8 +17723,7 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { LOCK_ZONE(zone); if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || !inline_secure(zone)) { - result = ISC_R_SHUTTINGDOWN; - goto failure; + CHECK(ISC_R_SHUTTINGDOWN); } TIME_NOW(&loadtime); @@ -17763,45 +17741,32 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { result = save_nsec3param(zone, &nsec3list); if (result != ISC_R_SUCCESS) { ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); - goto failure; + goto cleanup; } } ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); - result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin, - dns_dbtype_zone, zone->rdclass, - zone->db_argc - 1, zone->db_argv + 1, &db); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin, + dns_dbtype_zone, zone->rdclass, zone->db_argc - 1, + zone->db_argv + 1, &db)); result = dns_db_setgluecachestats(db, zone->gluecachestats); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) { - goto failure; + if (result != ISC_R_NOTIMPLEMENTED) { + CHECK(result); } - result = dns_db_newversion(db, &version); - if (result != ISC_R_SUCCESS) { - goto failure; - } - - result = dns_db_createiterator(rawdb, 0, &dbiterator); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_db_newversion(db, &version)); + CHECK(dns_db_createiterator(rawdb, 0, &dbiterator)); for (result = dns_dbiterator_first(dbiterator); result == ISC_R_SUCCESS; result = dns_dbiterator_next(dbiterator)) { - result = copy_non_dnssec_records(db, version, rawdb, dbiterator, - oldserialp); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(copy_non_dnssec_records(db, version, rawdb, dbiterator, + oldserialp)); } dns_dbiterator_destroy(&dbiterator); if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } /* @@ -17809,10 +17774,7 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { * the old nsec3 parameters and insert them into db */ if (!ISC_LIST_EMPTY(nsec3list)) { - result = restore_nsec3param(zone, db, version, &nsec3list); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(restore_nsec3param(zone, db, version, &nsec3list)); } dns_db_closeversion(db, &version, true); @@ -17839,7 +17801,7 @@ receive_secure_db(isc_task_t *task, isc_event_t *event) { isc_task_send(zone->task, &setnsec3param_event); } -failure: +cleanup: UNLOCK_ZONE(zone); if (dbiterator != NULL) { dns_dbiterator_destroy(&dbiterator); @@ -20939,7 +20901,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result == ISC_R_NOTFOUND) { *flag = false; result = ISC_R_SUCCESS; - goto failure; + goto cleanup; } for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; @@ -20959,7 +20921,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, result = ISC_R_SUCCESS; } -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -21102,7 +21064,7 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype, } } -failure: +cleanup: /* * Put the DNSKEY changes we cared about back on diff->tuples. */ @@ -21198,37 +21160,26 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, * signature and if not cause them to sign so that newly activated * keys are used. */ - result = tickle_apex_rrset(dns_rdatatype_dnskey, zone, db, ver, now, - diff, zonediff, zone_keys, nkeys, inception, - keyexpire, check_ksk, keyset_kskonly); - if (result != ISC_R_SUCCESS) { - goto failure; - } - result = tickle_apex_rrset(dns_rdatatype_cds, zone, db, ver, now, diff, - zonediff, zone_keys, nkeys, inception, - keyexpire, check_ksk, keyset_kskonly); - if (result != ISC_R_SUCCESS) { - goto failure; - } - result = tickle_apex_rrset(dns_rdatatype_cdnskey, zone, db, ver, now, - diff, zonediff, zone_keys, nkeys, inception, - keyexpire, check_ksk, keyset_kskonly); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(tickle_apex_rrset(dns_rdatatype_dnskey, zone, db, ver, now, diff, + zonediff, zone_keys, nkeys, inception, + keyexpire, check_ksk, keyset_kskonly)); + CHECK(tickle_apex_rrset(dns_rdatatype_cds, zone, db, ver, now, diff, + zonediff, zone_keys, nkeys, inception, + keyexpire, check_ksk, keyset_kskonly)); + CHECK(tickle_apex_rrset(dns_rdatatype_cdnskey, zone, db, ver, now, diff, + zonediff, zone_keys, nkeys, inception, + keyexpire, check_ksk, keyset_kskonly)); result = dns__zone_updatesigs(diff, db, ver, zone_keys, nkeys, zone, inception, soaexpire, keyexpire, now, check_ksk, keyset_kskonly, zonediff); - if (result != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "sign_apex:dns__zone_updatesigs -> %s", isc_result_totext(result)); - goto failure; } -failure: +cleanup: for (i = 0; i < nkeys; i++) { dst_key_free(&zone_keys[i]); } @@ -21251,12 +21202,12 @@ clean_nsec3param(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_rdataset_disassociate(&rdataset); } if (result != ISC_R_NOTFOUND) { - goto failure; + goto cleanup; } result = dns_nsec3param_deletechains(db, ver, zone, true, diff); -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -21309,7 +21260,7 @@ add_chains(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, } CHECK(updatesecure(db, ver, origin, zone_nsecttl(zone), true, diff)); -failure: +cleanup: return result; } @@ -21516,7 +21467,7 @@ checkds_done(isc_task_t *task, isc_event_t *event) { dns_zone_log(zone, ISC_LOG_NOTICE, "checkds: bad DS response from %s: %.*s", addrbuf, (int)buf.used, rcode); - goto failure; + goto cleanup; } /* Make sure that either AA or RA bit is set. */ @@ -21527,7 +21478,7 @@ checkds_done(isc_task_t *task, isc_event_t *event) { "checkds: bad DS response from %s: expected AA or " "RA bit set", addrbuf); - goto failure; + goto cleanup; } /* Lookup DS RRset. */ @@ -21672,7 +21623,7 @@ checkds_done(isc_task_t *task, isc_event_t *event) { dns_zone_rekey(zone, false); } -failure: +cleanup: if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_DEBUG(3), "checkds: DS request failed: %s", @@ -22293,7 +22244,7 @@ zone_rekey(dns_zone_t *zone) { "failed: %s", keyset.ttl, ttl, isc_result_totext(result)); - goto failure; + goto cleanup; } dnssec_log(zone, ISC_LOG_INFO, "Updating DNSKEY TTL from %u to %u", @@ -22309,11 +22260,9 @@ zone_rekey(dns_zone_t *zone) { dns_zone_unlock_keyfiles(zone); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); } else if (result != ISC_R_NOTFOUND) { - goto failure; + goto cleanup; } /* Get the CDS rdataset */ @@ -22328,7 +22277,7 @@ zone_rekey(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "Updating CDS TTL from %u to %u failed: %s", cdsset.ttl, ttl, isc_result_totext(result)); - goto failure; + goto cleanup; } dnssec_log(zone, ISC_LOG_INFO, "Updating CDS TTL from %u to %u", cdsset.ttl, ttl); @@ -22349,7 +22298,7 @@ zone_rekey(dns_zone_t *zone) { zone, ISC_LOG_ERROR, "Updating CDNSKEY TTL from %u to %u failed: %s", cdnskeyset.ttl, ttl, isc_result_totext(result)); - goto failure; + goto cleanup; } dnssec_log(zone, ISC_LOG_INFO, "Updating CDNSKEY TTL from %u to %u", cdnskeyset.ttl, @@ -22385,7 +22334,7 @@ zone_rekey(dns_zone_t *zone) { "zone_rekey:zone_verifykeys failed: " "some key files are missing"); KASP_UNLOCK(kasp); - goto failure; + goto cleanup; } /* @@ -22424,7 +22373,7 @@ zone_rekey(dns_zone_t *zone) { "failed: %s", isc_result_totext(result)); KASP_UNLOCK(kasp); - goto failure; + goto cleanup; } } } @@ -22515,7 +22464,7 @@ zone_rekey(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_rekey:couldn't update zone keys: %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -22528,7 +22477,7 @@ zone_rekey(dns_zone_t *zone) { dnssec_log(zone, ISC_LOG_ERROR, "zone_rekey:couldn't update CDS/CDNSKEY: %s", isc_result_totext(result)); - goto failure; + goto cleanup; } if (cdsdel || cdnskeydel) { @@ -22567,7 +22516,7 @@ zone_rekey(dns_zone_t *zone) { "zone_rekey:couldn't update CDS/CDNSKEY " "DELETE records: %s", isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -22875,7 +22824,7 @@ zone_rekey(dns_zone_t *zone) { result = ISC_R_SUCCESS; -failure: +cleanup: LOCK_ZONE(zone); if (result != ISC_R_SUCCESS) { /* @@ -22992,29 +22941,29 @@ dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version) { result = dns_db_findrdataset(db, node, version, dns_rdatatype_cds, dns_rdatatype_none, 0, &cds, NULL); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } result = dns_db_findrdataset(db, node, version, dns_rdatatype_cdnskey, dns_rdatatype_none, 0, &cdnskey, NULL); - if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } if (!dns_rdataset_isassociated(&cds) && !dns_rdataset_isassociated(&cdnskey)) { result = ISC_R_SUCCESS; - goto failure; + goto cleanup; } result = dns_db_findrdataset(db, node, version, dns_rdatatype_dnskey, dns_rdatatype_none, 0, &dnskey, NULL); if (result == ISC_R_NOTFOUND) { empty = true; - } else if (result != ISC_R_SUCCESS) { - goto failure; + } else { + CHECK(result); } /* @@ -23046,8 +22995,7 @@ dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version) { } if (empty) { - result = DNS_R_BADCDS; - goto failure; + CHECK(DNS_R_BADCDS); } CHECK(dns_rdata_tostruct(&crdata, &structcds, NULL)); @@ -23096,18 +23044,16 @@ dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version) { } } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } } for (i = 0; i < sizeof(algorithms); i++) { if (delete) { if (algorithms[i] != notexpected) { - result = DNS_R_BADCDS; - goto failure; + CHECK(DNS_R_BADCDS); } } else if (algorithms[i] == expected) { - result = DNS_R_BADCDS; - goto failure; + CHECK(DNS_R_BADCDS); } } } @@ -23142,8 +23088,7 @@ dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version) { } if (empty) { - result = DNS_R_BADCDNSKEY; - goto failure; + CHECK(DNS_R_BADCDNSKEY); } CHECK(dns_rdata_tostruct(&crdata, &structcdnskey, @@ -23170,24 +23115,22 @@ dns_zone_cdscheck(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version) { } } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } } for (i = 0; i < sizeof(algorithms); i++) { if (delete) { if (algorithms[i] != notexpected) { - result = DNS_R_BADCDNSKEY; - goto failure; + CHECK(DNS_R_BADCDNSKEY); } } else if (algorithms[i] == expected) { - result = DNS_R_BADCDNSKEY; - goto failure; + CHECK(DNS_R_BADCDNSKEY); } } } result = ISC_R_SUCCESS; -failure: +cleanup: if (dns_rdataset_isassociated(&cds)) { dns_rdataset_disassociate(&cds); } @@ -23446,7 +23389,7 @@ keydone(isc_task_t *task, isc_event_t *event) { } ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); if (db == NULL) { - goto failure; + goto cleanup; } dns_db_currentversion(db, &oldver); @@ -23455,23 +23398,16 @@ keydone(isc_task_t *task, isc_event_t *event) { dnssec_log(zone, ISC_LOG_ERROR, "keydone:dns_db_newversion -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } - result = dns_db_getoriginnode(db, &node); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_db_getoriginnode(db, &node)); result = dns_db_findrdataset(db, node, newver, zone->privatetype, dns_rdatatype_none, 0, &rdataset, NULL); - if (result == ISC_R_NOTFOUND) { - INSIST(!dns_rdataset_isassociated(&rdataset)); - goto failure; - } if (result != ISC_R_SUCCESS) { INSIST(!dns_rdataset_isassociated(&rdataset)); - goto failure; + goto cleanup; } for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; @@ -23528,7 +23464,7 @@ keydone(isc_task_t *task, isc_event_t *event) { UNLOCK_ZONE(zone); } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -23610,7 +23546,7 @@ dns_zone_keydone(dns_zone_t *zone, const char *keystr) { zone_iattach(zone, &dummy); isc_task_send(zone->task, &e); -failure: +cleanup: if (e != NULL) { isc_event_free(&e); } @@ -23725,7 +23661,7 @@ rss_post(dns_zone_t *zone, isc_event_t *event) { } ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); if (db == NULL) { - goto failure; + goto cleanup; } dns_db_currentversion(db, &oldver); @@ -23734,7 +23670,7 @@ rss_post(dns_zone_t *zone, isc_event_t *event) { dnssec_log(zone, ISC_LOG_ERROR, "setnsec3param:dns_db_newversion -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } CHECK(dns_db_getoriginnode(db, &node)); @@ -23756,15 +23692,15 @@ rss_post(dns_zone_t *zone, isc_event_t *event) { if (result == ISC_R_SUCCESS) { /* * Success because the NSEC3PARAM already exists, but - * function returns void, so goto failure to clean up. + * function returns void, so goto cleanup. */ - goto failure; + goto cleanup; } if (result != DNS_R_NSEC3RESALT && result != ISC_R_NOTFOUND) { dnssec_log(zone, ISC_LOG_DEBUG(3), "setnsec3param:lookup nsec3param -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } INSIST(param.salt != NULL); @@ -23808,7 +23744,7 @@ rss_post(dns_zone_t *zone, isc_event_t *event) { } } else if (result != ISC_R_NOTFOUND) { INSIST(!dns_rdataset_isassociated(&prdataset)); - goto failure; + goto cleanup; } /* @@ -23834,7 +23770,7 @@ rss_post(dns_zone_t *zone, isc_event_t *event) { } } else if (result != ISC_R_NOTFOUND) { INSIST(!dns_rdataset_isassociated(&nrdataset)); - goto failure; + goto cleanup; } /* @@ -23898,7 +23834,7 @@ rss_post(dns_zone_t *zone, isc_event_t *event) { UNLOCK_ZONE(zone); } -failure: +cleanup: if (dns_rdataset_isassociated(&prdataset)) { dns_rdataset_disassociate(&prdataset); } @@ -24038,8 +23974,8 @@ setparam: param->salt = lookup->salt; } - if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) { - goto failure; + if (result != ISC_R_NOTFOUND) { + CHECK(result); } if (param->salt_length == 0) { @@ -24074,7 +24010,7 @@ setparam: INSIST(result != ISC_R_SUCCESS); } -failure: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -24224,7 +24160,7 @@ dns_zone_setnsec3param(dns_zone_t *zone, uint8_t hash, uint8_t flags, result = ISC_R_SUCCESS; -failure: +cleanup: if (e != NULL) { isc_event_free(&e); } @@ -24354,7 +24290,7 @@ setserial(isc_task_t *task, isc_event_t *event) { } ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); if (db == NULL) { - goto failure; + goto cleanup; } dns_db_currentversion(db, &oldver); @@ -24363,7 +24299,7 @@ setserial(isc_task_t *task, isc_event_t *event) { dns_zone_log(zone, ISC_LOG_ERROR, "setserial:dns_db_newversion -> %s", isc_result_totext(result)); - goto failure; + goto cleanup; } CHECK(dns_db_createsoatuple(db, oldver, diff.mctx, DNS_DIFFOP_DEL, @@ -24383,7 +24319,7 @@ setserial(isc_task_t *task, isc_event_t *event) { desired, oldserial + 1, oldserial + 0x7fffffff); } - goto failure; + goto cleanup; } dns_soa_setserial(desired, &newtuple->rdata); @@ -24403,7 +24339,7 @@ setserial(isc_task_t *task, isc_event_t *event) { zone_needdump(zone, 30); UNLOCK_ZONE(zone); -failure: +cleanup: if (oldtuple != NULL) { dns_difftuple_free(&oldtuple); } @@ -24442,14 +24378,12 @@ dns_zone_setserial(dns_zone_t *zone, uint32_t serial) { if (!inline_secure(zone)) { if (!dns_zone_isdynamic(zone, true)) { - result = DNS_R_NOTDYNAMIC; - goto failure; + CHECK(DNS_R_NOTDYNAMIC); } } if (zone->update_disabled) { - result = DNS_R_FROZEN; - goto failure; + CHECK(DNS_R_FROZEN); } e = isc_event_allocate(zone->mctx, zone, DNS_EVENT_SETSERIAL, setserial, @@ -24461,7 +24395,7 @@ dns_zone_setserial(dns_zone_t *zone, uint32_t serial) { zone_iattach(zone, &dummy); isc_task_send(zone->task, &e); -failure: +cleanup: if (e != NULL) { isc_event_free(&e); } @@ -24509,16 +24443,14 @@ dns_zone_verifydb(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver) { if (zone->view != NULL) { result = dns_view_getsecroots(zone->view, &secroots); - if (result != ISC_R_SUCCESS) { - goto done; - } + CHECK(result); } origin = dns_db_origin(db); result = dns_zoneverify_dnssec(zone, db, version, origin, secroots, zone->mctx, true, false, dnssec_report); -done: +cleanup: if (secroots != NULL) { dns_keytable_detach(&secroots); } diff --git a/lib/irs/resconf.c b/lib/irs/resconf.c index cc9fb826d9..3f8fade0bd 100644 --- a/lib/irs/resconf.c +++ b/lib/irs/resconf.c @@ -76,13 +76,6 @@ #define RESCONFMAXLINELEN 256U /*%< max size of a line */ #define RESCONFMAXSORTLIST 10U /*%< max 10 */ -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - /*! * configuration data structure */ diff --git a/lib/isc/base32.c b/lib/isc/base32.c index 582b818e28..5650c8a8e0 100644 --- a/lib/isc/base32.c +++ b/lib/isc/base32.c @@ -22,13 +22,6 @@ #include #include -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - /*@{*/ /*! * These static functions are also present in lib/dns/rdata.c. I'm not diff --git a/lib/isc/base64.c b/lib/isc/base64.c index a51aa0d163..ba4ee7148f 100644 --- a/lib/isc/base64.c +++ b/lib/isc/base64.c @@ -21,13 +21,6 @@ #include #include -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - /*@{*/ /*! * These static functions are also present in lib/dns/rdata.c. I'm not diff --git a/lib/isc/hex.c b/lib/isc/hex.c index b06b790b73..13f0ba31b9 100644 --- a/lib/isc/hex.c +++ b/lib/isc/hex.c @@ -22,13 +22,6 @@ #include #include -#define RETERR(x) \ - do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return ((_r)); \ - } while (0) - /* * BEW: These static functions are copied from lib/dns/rdata.c. */ diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c index 1064da64c9..72f595589c 100644 --- a/lib/isc/httpd.c +++ b/lib/isc/httpd.c @@ -37,14 +37,6 @@ #include #endif /* ifdef HAVE_ZLIB */ -#define CHECK(m) \ - do { \ - result = (m); \ - if (result != ISC_R_SUCCESS) { \ - goto cleanup; \ - } \ - } while (0) - /* * Size the recv buffer to hold at maximum two full buffers from isc_nm_read(), * so we don't have to handle the truncation. diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h index af197d24cf..2d507c3f7e 100644 --- a/lib/isc/include/isc/util.h +++ b/lib/isc/include/isc/util.h @@ -345,6 +345,29 @@ mock_assert(const int result, const char *const expression, #endif /* UNIT_TESTING */ +/* + * Check for ISC_R_SUCCESS. On any other result, jump to a cleanup + * label. (This macro requires the function to define `result` + * and `cleanup:`.) + */ +#define CHECK(r) \ + do { \ + result = (r); \ + if (result != ISC_R_SUCCESS) \ + goto cleanup; \ + } while (0) + +/* + * Check for ISC_R_SUCCESS and continue if found. For any other + * result, return the result. + */ +#define RETERR(x) \ + do { \ + isc_result_t _r = (x); \ + if (_r != ISC_R_SUCCESS) \ + return ((_r)); \ + } while (0) + /*% * Time */ diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 29699611f6..d66ba17695 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -34,14 +34,6 @@ #define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base) -/*% Check a return value. */ -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - /*% Clean up a configuration object if non-NULL. */ #define CLEANUP_OBJ(obj) \ do { \ diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 333b5af035..fa97009e42 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -78,14 +78,6 @@ #define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base) -/* Check a return value. */ -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - /* Clean up a configuration object if non-NULL. */ #define CLEANUP_OBJ(obj) \ do { \ diff --git a/lib/ns/hooks.c b/lib/ns/hooks.c index a266c19598..03f2a83c8a 100644 --- a/lib/ns/hooks.c +++ b/lib/ns/hooks.c @@ -34,14 +34,6 @@ #include #include -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) { \ - goto cleanup; \ - } \ - } while (0) - struct ns_plugin { isc_mem_t *mctx; uv_lib_t handle; diff --git a/lib/ns/update.c b/lib/ns/update.c index 7819d98bcc..c3e4eb115d 100644 --- a/lib/ns/update.c +++ b/lib/ns/update.c @@ -77,34 +77,6 @@ */ #define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8) -/*% - * Check an operation for failure. These macros all assume that - * the function using them has a 'result' variable and a 'failure' - * label. - */ -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -/*% - * Fail unconditionally with result 'code', which must not - * be ISC_R_SUCCESS. The reason for failure presumably has - * been logged already. - * - * The test against ISC_R_SUCCESS is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ - -#define FAIL(code) \ - do { \ - result = (code); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - /*% * Fail unconditionally and log as a client error. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler @@ -127,7 +99,7 @@ "update %s: %s (%s)", _what, msg, \ isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) \ - goto failure; \ + goto cleanup; \ } while (0) #define PREREQFAILC(code, msg) \ do { \ @@ -156,7 +128,7 @@ msg, isc_result_totext(result)); \ } \ if (result != ISC_R_SUCCESS) \ - goto failure; \ + goto cleanup; \ } while (0) #define PREREQFAILN(code, name, msg) \ do { \ @@ -187,7 +159,7 @@ _tbuf, msg, isc_result_totext(result)); \ } \ if (result != ISC_R_SUCCESS) \ - goto failure; \ + goto cleanup; \ } while (0) #define PREREQFAILNT(code, name, type, msg) \ do { \ @@ -206,7 +178,7 @@ update_log(client, zone, LOGLEVEL_PROTOCOL, "error: %s: %s", \ msg, isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) \ - goto failure; \ + goto cleanup; \ } while (0) /* @@ -493,7 +465,7 @@ do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver, } return ISC_R_SUCCESS; -failure: +cleanup: dns_diff_clear(diff); return result; } @@ -1063,7 +1035,7 @@ temp_append(dns_diff_t *diff, dns_name_t *name, dns_rdata_t *rdata) { CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_EXISTS, name, 0, rdata, &tuple)); ISC_LIST_APPEND(diff->tuples, tuple, link); -failure: +cleanup: return result; } @@ -1208,18 +1180,12 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, { dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); - result = temp_append(&d_rrs, name, &rdata); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(temp_append(&d_rrs, name, &rdata)); } if (result != ISC_R_NOMORE) { - goto failure; - } - result = dns_diff_sort(&d_rrs, temp_order); - if (result != ISC_R_SUCCESS) { - goto failure; + goto cleanup; } + CHECK(dns_diff_sort(&d_rrs, temp_order)); /* * Collect all update RRs for this name and type @@ -1236,11 +1202,8 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, } /* Compare the two sorted lists. */ - result = temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples), - ISC_LIST_HEAD(d_rrs.tuples)); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples), + ISC_LIST_HEAD(d_rrs.tuples))); /* * We are done with the tuples, but we can't free @@ -1253,7 +1216,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, continue; - failure: + cleanup: dns_diff_clear(&d_rrs); dns_diff_clear(&u_rrs); dns_diff_clear(&trash); @@ -1516,7 +1479,7 @@ add_rr_prepare_action(void *data, rr_t *rr) { dns_diff_append(&ctx->add_diff, &tuple); } } -failure: +cleanup: return result; } @@ -1584,7 +1547,7 @@ update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, CHECK(do_one_tuple(&addtuple, db, ver, diff)); result = ISC_R_SUCCESS; -failure: +cleanup: if (addtuple != NULL) { dns_difftuple_free(&addtuple); } @@ -1733,7 +1696,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) { } result = dns_zone_checknames(zone, name, &rdata); if (result != ISC_R_SUCCESS) { - FAIL(DNS_R_REFUSED); + CHECK(DNS_R_REFUSED); } } else if (update_class == dns_rdataclass_any) { if (ttl != 0 || rdata.length != 0 || @@ -1750,7 +1713,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) { update_log(client, zone, ISC_LOG_WARNING, "update RR has incorrect class %d", update_class); - FAIL(DNS_R_FORMERR); + CHECK(DNS_R_FORMERR); } /* @@ -1866,7 +1829,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) { } } if (result != ISC_R_NOMORE) { - FAIL(result); + CHECK(result); } update_log(client, zone, LOGLEVEL_DEBUG, "update section prescan OK"); @@ -1899,7 +1862,7 @@ send_update_event(ns_client_t *client, dns_zone_t *zone) { dns_zone_gettask(zone, &zonetask); isc_task_send(zonetask, ISC_EVENT_PTR(&event)); -failure: +cleanup: if (db != NULL) { dns_db_closeversion(db, &ver, false); dns_db_detach(&db); @@ -2012,9 +1975,7 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle, * We can now fail due to a bad signature as we now know * that we are the primary. */ - if (sigresult != ISC_R_SUCCESS) { - FAIL(sigresult); - } + CHECK(sigresult); dns_message_clonebuffer(client->message); CHECK(send_update_event(client, zone)); break; @@ -2028,7 +1989,7 @@ ns_update_start(ns_client_t *client, isc_nmhandle_t *handle, } return; -failure: +cleanup: if (result == DNS_R_REFUSED) { inc_stats(client, zone, ns_statscounter_updaterej); } @@ -2087,7 +2048,7 @@ remove_orphaned_ds(dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) { } result = ISC_R_SUCCESS; -failure: +cleanup: for (tuple = ISC_LIST_HEAD(temp_diff.tuples); tuple != NULL; tuple = ISC_LIST_HEAD(temp_diff.tuples)) { @@ -2225,7 +2186,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result == ISC_R_NOTFOUND) { *flag = false; result = ISC_R_SUCCESS; - goto failure; + goto cleanup; } else { CHECK(result); } @@ -2234,7 +2195,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result == ISC_R_NOTFOUND) { *flag = false; result = ISC_R_SUCCESS; - goto failure; + goto cleanup; } for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; @@ -2254,7 +2215,7 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, result = ISC_R_SUCCESS; } -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -2281,9 +2242,7 @@ get_iterations(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype, if (result == ISC_R_NOTFOUND) { goto try_private; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) @@ -2299,7 +2258,7 @@ get_iterations(dns_db_t *db, dns_dbversion_t *ver, dns_rdatatype_t privatetype, } } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } dns_rdataset_disassociate(&rdataset); @@ -2314,9 +2273,7 @@ try_private: if (result == ISC_R_NOTFOUND) { goto success; } - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(result); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) @@ -2340,14 +2297,14 @@ try_private: } } if (result != ISC_R_NOMORE) { - goto failure; + goto cleanup; } success: *iterationsp = iterations; result = ISC_R_SUCCESS; -failure: +cleanup: if (node != NULL) { dns_db_detachnode(db, &node); } @@ -2372,8 +2329,7 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, if (!dns_zone_check_dnskey_nsec3(zone, db, ver, diff, NULL, 0)) { update_log(client, zone, ISC_LOG_ERROR, "NSEC only DNSKEYs and NSEC3 chains not allowed"); - result = DNS_R_REFUSED; - goto failure; + CHECK(DNS_R_REFUSED); } /* Verify NSEC3 params */ @@ -2381,11 +2337,10 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, if (iterations > dns_nsec3_maxiterations()) { update_log(client, zone, ISC_LOG_ERROR, "too many NSEC3 iterations (%u)", iterations); - result = DNS_R_REFUSED; - goto failure; + CHECK(DNS_R_REFUSED); } -failure: +cleanup: return result; } @@ -2660,7 +2615,7 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, } result = ISC_R_SUCCESS; -failure: +cleanup: dns_diff_clear(&temp_diff); return result; } @@ -2719,7 +2674,7 @@ rollback_private(dns_db_t *db, dns_rdatatype_t privatetype, } result = ISC_R_SUCCESS; -failure: +cleanup: dns_diff_clear(&temp_diff); return result; } @@ -2860,7 +2815,7 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype, } } -failure: +cleanup: dns_diff_clear(&temp_diff); return result; } @@ -3013,14 +2968,14 @@ update_action(isc_task_t *task, isc_event_t *event) { UNEXPECTED_ERROR( "temp entry creation failed: %s", isc_result_totext(result)); - FAIL(ISC_R_UNEXPECTED); + CHECK(ISC_R_UNEXPECTED); } } else { PREREQFAILC(DNS_R_FORMERR, "malformed prerequisite"); } } if (result != ISC_R_NOMORE) { - FAIL(result); + CHECK(result); } /* @@ -3287,7 +3242,7 @@ update_action(isc_task_t *task, isc_event_t *event) { if (result != ISC_R_SUCCESS) { dns_diff_clear(&ctx.del_diff); dns_diff_clear(&ctx.add_diff); - goto failure; + goto cleanup; } result = update_one_rr( db, ver, &diff, DNS_DIFFOP_ADD, @@ -3299,7 +3254,7 @@ update_action(isc_task_t *task, isc_event_t *event) { "failed: %s", isc_result_totext( result)); - goto failure; + goto cleanup; } } } @@ -3390,13 +3345,9 @@ update_action(isc_task_t *task, isc_event_t *event) { * that are in use (under our control). */ if (dns_rdatatype_iskeymaterial(rdata.type)) { - isc_result_t r; bool inuse = false; - r = dns_zone_dnskey_inuse(zone, &rdata, - &inuse); - if (r != ISC_R_SUCCESS) { - FAIL(r); - } + CHECK(dns_zone_dnskey_inuse( + zone, &rdata, &inuse)); if (inuse) { char typebuf [DNS_RDATATYPE_FORMATSIZE]; @@ -3423,7 +3374,7 @@ update_action(isc_task_t *task, isc_event_t *event) { } } if (result != ISC_R_NOMORE) { - FAIL(result); + CHECK(result); } /* @@ -3442,8 +3393,7 @@ update_action(isc_task_t *task, isc_event_t *event) { update_log(client, zone, LOGLEVEL_PROTOCOL, "update rejected: post update name server " "sanity check failed"); - result = DNS_R_REFUSED; - goto failure; + CHECK(DNS_R_REFUSED); } } if (!ISC_LIST_EMPTY(diff.tuples)) { @@ -3452,12 +3402,9 @@ update_action(isc_task_t *task, isc_event_t *event) { update_log(client, zone, LOGLEVEL_PROTOCOL, "update rejected: bad %s RRset", result == DNS_R_BADCDS ? "CDS" : "CDNSKEY"); - result = DNS_R_REFUSED; - goto failure; - } - if (result != ISC_R_SUCCESS) { - goto failure; + CHECK(DNS_R_REFUSED); } + CHECK(result); } /* @@ -3499,8 +3446,7 @@ update_action(isc_task_t *task, isc_event_t *event) { "records removed and " "'dnssec-secure-to-insecure' " "not set"); - result = DNS_R_REFUSED; - goto failure; + CHECK(DNS_R_REFUSED); } } @@ -3533,7 +3479,7 @@ update_action(isc_task_t *task, isc_event_t *event) { update_log(client, zone, ISC_LOG_ERROR, "RRSIG/NSEC/NSEC3 update failed: %s", isc_result_totext(result)); - goto failure; + goto cleanup; } } @@ -3545,8 +3491,7 @@ update_action(isc_task_t *task, isc_event_t *event) { "records in zone (%" PRIu64 ") exceeds max-records (%u)", records, maxrecords); - result = DNS_R_TOOMANYRECORDS; - goto failure; + CHECK(DNS_R_TOOMANYRECORDS); } } @@ -3674,7 +3619,7 @@ update_action(isc_task_t *task, isc_event_t *event) { result = ISC_R_SUCCESS; goto common; -failure: +cleanup: /* * The reason for failure should have been logged at this point. */ diff --git a/lib/ns/xfrout.c b/lib/ns/xfrout.c index b1e8cca324..d022a68999 100644 --- a/lib/ns/xfrout.c +++ b/lib/ns/xfrout.c @@ -81,7 +81,7 @@ "bad zone transfer request: %s (%s)", msg, \ isc_result_totext(code)); \ if (result != ISC_R_SUCCESS) \ - goto failure; \ + goto cleanup; \ } while (0) #define FAILQ(code, msg, question, rdclass) \ @@ -96,14 +96,7 @@ "bad zone transfer request: '%s/%s': %s (%s)", \ _buf1, _buf2, msg, isc_result_totext(code)); \ if (result != ISC_R_SUCCESS) \ - goto failure; \ - } while (0) - -#define CHECK(op) \ - do { \ - result = (op); \ - if (result != ISC_R_SUCCESS) \ - goto failure; \ + goto cleanup; \ } while (0) /**************************************************************************/ @@ -250,7 +243,7 @@ ixfr_rrstream_create(isc_mem_t *mctx, const char *journal_filename, *sp = (rrstream_t *)s; return ISC_R_SUCCESS; -failure: +cleanup: ixfr_rrstream_destroy((rrstream_t **)(void *)&s); return result; } @@ -331,7 +324,7 @@ axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver, *sp = (rrstream_t *)s; return ISC_R_SUCCESS; -failure: +cleanup: axfr_rrstream_destroy((rrstream_t **)(void *)&s); return result; } @@ -451,7 +444,7 @@ soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver, *sp = (rrstream_t *)s; return ISC_R_SUCCESS; -failure: +cleanup: soa_rrstream_destroy((rrstream_t **)(void *)&s); return result; } @@ -772,7 +765,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { isc_log_write(XFROUT_COMMON_LOGARGS, ISC_LOG_WARNING, "%s request denied: %s", mnemonic, isc_result_totext(result)); - goto failure; + goto cleanup; } /* @@ -829,7 +822,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { ISC_LOG_ERROR, "zone transfer '%s/%s' denied", _buf1, _buf2); - goto failure; + goto cleanup; } if (result != ISC_R_SUCCESS) { FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", @@ -1171,7 +1164,7 @@ have_stream: result = ISC_R_SUCCESS; -failure: +cleanup: if (result == DNS_R_REFUSED) { inc_stats(client, zone, ns_statscounter_xfrrej); } @@ -1279,7 +1272,7 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id, xfr->txmemlen = len; /* - * These MUST be after the last "goto failure;" / CHECK to + * These MUST be after the last "goto cleanup;" / CHECK to * prevent a double free by the caller. */ xfr->quota = quota; @@ -1387,18 +1380,12 @@ sendstream(xfrout_ctx_t *xfr) { isc_buffer_add(&xfr->buf, 12 + 4); qrdataset = NULL; - result = dns_message_gettemprdataset(msg, &qrdataset); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_message_gettemprdataset(msg, &qrdataset)); dns_rdataset_makequestion(qrdataset, xfr->client->message->rdclass, xfr->qtype); - result = dns_message_gettempname(msg, &qname); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_message_gettempname(msg, &qname)); isc_buffer_availableregion(&xfr->buf, &r); INSIST(r.length >= xfr->qname->length); r.length = xfr->qname->length; @@ -1458,8 +1445,7 @@ sendstream(xfrout_ctx_t *xfr) { "(%d bytes)", size); /* XXX DNS_R_RRTOOLARGE? */ - result = ISC_R_NOSPACE; - goto failure; + CHECK(ISC_R_NOSPACE); } break; } @@ -1468,10 +1454,7 @@ sendstream(xfrout_ctx_t *xfr) { log_rr(name, rdata, ttl); /* XXX */ } - result = dns_message_gettempname(msg, &msgname); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_message_gettempname(msg, &msgname)); isc_buffer_availableregion(&xfr->buf, &r); INSIST(r.length >= name->length); r.length = name->length; @@ -1481,20 +1464,14 @@ sendstream(xfrout_ctx_t *xfr) { /* Reserve space for RR header. */ isc_buffer_add(&xfr->buf, 10); - result = dns_message_gettemprdata(msg, &msgrdata); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_message_gettemprdata(msg, &msgrdata)); isc_buffer_availableregion(&xfr->buf, &r); r.length = rdata->length; isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length); dns_rdata_init(msgrdata); dns_rdata_fromregion(msgrdata, rdata->rdclass, rdata->type, &r); - result = dns_message_gettemprdatalist(msg, &msgrdl); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_message_gettemprdatalist(msg, &msgrdl)); msgrdl->type = rdata->type; msgrdl->rdclass = rdata->rdclass; msgrdl->ttl = ttl; @@ -1507,10 +1484,7 @@ sendstream(xfrout_ctx_t *xfr) { } ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link); - result = dns_message_gettemprdataset(msg, &msgrds); - if (result != ISC_R_SUCCESS) { - goto failure; - } + CHECK(dns_message_gettemprdataset(msg, &msgrds)); result = dns_rdatalist_tordataset(msgrdl, msgrds); INSIST(result == ISC_R_SUCCESS); @@ -1616,7 +1590,7 @@ sendstream(xfrout_ctx_t *xfr) { /* Advance lasttsig to be the last TSIG generated */ CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig)); -failure: +cleanup: if (msgname != NULL) { if (msgrds != NULL) { if (dns_rdataset_isassociated(msgrds)) { diff --git a/tests/dns/rbtdb_test.c b/tests/dns/rbtdb_test.c index 2cd5213e87..a06e4a1ad0 100644 --- a/tests/dns/rbtdb_test.c +++ b/tests/dns/rbtdb_test.c @@ -35,11 +35,9 @@ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" -#undef CHECK #include "rbtdb.c" #pragma GCC diagnostic pop -#undef CHECK #include const char *ownercase_vectors[12][2] = { diff --git a/tests/dns/update_test.c b/tests/dns/update_test.c index 3661e21260..d260236415 100644 --- a/tests/dns/update_test.c +++ b/tests/dns/update_test.c @@ -38,11 +38,9 @@ */ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wshadow" -#undef CHECK #include "update.c" #pragma GCC diagnostic pop -#undef CHECK #include static int