auth: Handle addKey() returning false in apiZoneCryptokeysPOST

Reported by Coverity.

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 473599783896b6a754a3f092c9a8b51ab71481fa..c600356ea9acfa4d7c15624a2ca99bb69ae4e2d3 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -970,7 +970,7 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon
     throw ApiException("Invalid keytype " + stringFromJson(document, "keytype"));
   }
 
-  int64_t insertedId;
+  int64_t insertedId = -1;
 
   if (content.is_null()) {
     int bits = keyOrZone ? ::arg().asNum("default-ksk-size") : ::arg().asNum("default-zsk-size");
@@ -995,7 +995,9 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon
     }
 
     try {
-      dk->addKey(zonename, keyOrZone, algorithm, insertedId, bits, active);
+      if (!dk->addKey(zonename, keyOrZone, algorithm, insertedId, bits, active)) {
+        throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
+      }
     } catch (std::runtime_error& error) {
       throw ApiException(error.what());
     }
@@ -1021,7 +1023,9 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon
     catch (std::runtime_error& error) {
       throw ApiException("Key could not be parsed. Make sure your key format is correct.");
     } try {
-      dk->addKey(zonename, dpk,insertedId, active);
+      if (!dk->addKey(zonename, dpk,insertedId, active)) {
+        throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
+      }
     } catch (std::runtime_error& error) {
       throw ApiException(error.what());
     }