Use the correct maximal compressed bit map buffer size

author Mark Andrews <marka@isc.org>

Thu, 26 Mar 2026 02:10:45 +0000 (13:10 +1100)

committer Mark Andrews <marka@isc.org>

Fri, 10 Apr 2026 05:45:01 +0000 (15:45 +1000)
author Mark Andrews <marka@isc.org>
Thu, 26 Mar 2026 02:10:45 +0000 (13:10 +1100)
committer Mark Andrews <marka@isc.org>
Fri, 10 Apr 2026 05:45:01 +0000 (15:45 +1000)
diff --git a/lib/dns/include/dns/nsec.h b/lib/dns/include/dns/nsec.h

index eda6214bb1659d0657d08d967592b5a92bd6afc9..ebb1c65a43853153f89ca804d9aa95d6bebcf221 100644 (file)
--- a/lib/dns/include/dns/nsec.h
+++ b/lib/dns/include/dns/nsec.h
@@ -21,7 +21,12 @@
  #include <dns/name.h>
  #include <dns/types.h>
  
-#define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + 8192 + 512)
+/*
+ * max compressed bitmap size:
+ * 256 windows * (window number + window length + bitmap (max 256 bits))
+ */
+#define DNS_NSEC_MAXCBMSIZE (256 * ((256 / 8) + 2))
+#define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + DNS_NSEC_MAXCBMSIZE)
  
  isc_result_t
  dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c

index 70209432a2c53072e5dbcea5f896a3b786cf3b9d..70e21b4270d31038d6df1b3c67e8a4d062e518f6 100644 (file)
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -447,7 +447,7 @@ match_nsec3(const vctx_t *vctx, const dns_name_t *name,
             const unsigned char types[8192], unsigned int maxtype,
             const unsigned char *rawhash, size_t rhsize,
             isc_result_t *vresult) {
-       unsigned char cbm[8244];
+       unsigned char cbm[DNS_NSEC_MAXCBMSIZE];
         char namebuf[DNS_NAME_FORMATSIZE];
         dns_rdata_nsec3_t nsec3;
         isc_result_t result;
author	Mark Andrews <marka@isc.org>
	Thu, 26 Mar 2026 02:10:45 +0000 (13:10 +1100)
committer	Mark Andrews <marka@isc.org>
	Fri, 10 Apr 2026 05:45:01 +0000 (15:45 +1000)
lib/dns/include/dns/nsec.h		patch \| blob \| blame \| history
lib/dns/zoneverify.c		patch \| blob \| blame \| history