From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 19 Oct 2017 09:13:24 +0000 (+0200)
Subject: auth: Handle addKey() returning false in apiZoneCryptokeysPOST
X-Git-Tag: rec-4.1.0-rc2~28^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b727e19b8219411ace8dff6140c98d6474c005dc;p=pdns

auth: Handle addKey() returning false in apiZoneCryptokeysPOST

Reported by Coverity.
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 473599783..c600356ea 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -970,7 +970,7 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon
     throw ApiException("Invalid keytype " + stringFromJson(document, "keytype"));
   }
 
-  int64_t insertedId;
+  int64_t insertedId = -1;
 
   if (content.is_null()) {
     int bits = keyOrZone ? ::arg().asNum("default-ksk-size") : ::arg().asNum("default-zsk-size");
@@ -995,7 +995,9 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon
     }
 
     try {
-      dk->addKey(zonename, keyOrZone, algorithm, insertedId, bits, active);
+      if (!dk->addKey(zonename, keyOrZone, algorithm, insertedId, bits, active)) {
+        throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
+      }
     } catch (std::runtime_error& error) {
       throw ApiException(error.what());
     }
@@ -1021,7 +1023,9 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon
     catch (std::runtime_error& error) {
       throw ApiException("Key could not be parsed. Make sure your key format is correct.");
     } try {
-      dk->addKey(zonename, dpk,insertedId, active);
+      if (!dk->addKey(zonename, dpk,insertedId, active)) {
+        throw ApiException("Adding key failed, perhaps DNSSEC not enabled in configuration?");
+      }
     } catch (std::runtime_error& error) {
       throw ApiException(error.what());
     }