Check return of getTSIGKey and B64Decode in the Slave Communicator

diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index 2ba523240caabb52f160d45ffcbaa4993450954a..4b6da4dbfdd1dc0901624da36fa629e899ee2707 100644 (file)
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -788,8 +788,14 @@ void CommunicatorClass::slaveRefresh(PacketHandler *P)
 
       if(dk.getTSIGForAccess(di.zone, sr.master, &dni.tsigkeyname)) {
         string secret64;
-        B->getTSIGKey(dni.tsigkeyname, &dni.tsigalgname, &secret64);
-        B64Decode(secret64, dni.tsigsecret);
+        if(!B->getTSIGKey(dni.tsigkeyname, &dni.tsigalgname, &secret64)) {
+          L<<Logger::Error<<"TSIG key '"<<dni.tsigkeyname<<"' for domain '"<<di.zone<<"' not found, can not AXFR."<<endl;
+          continue;
+        }
+        if (B64Decode(secret64, dni.tsigsecret) == -1) {
+          L<<Logger::Error<<"Unable to Base-64 decode TSIG key '"<<dni.tsigkeyname<<"' for domain '"<<di.zone<<"', can not AXFR."<<endl;
+          continue;
+        }
       }
 
       localaddr.clear();