From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 18 Mar 2026 10:39:16 +0000 (+0100)
Subject: fix: dev: Fix isc_buffer_init capacity mismatch in DoH data chunk callback
X-Git-Tag: v9.21.21~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42f458d33f09fbe6f1277aa05752bfa143d87ca4;p=thirdparty%2Fbind9.git

fix: dev: Fix isc_buffer_init capacity mismatch in DoH data chunk callback

isc_buffer_init() is given MAX_DNS_MESSAGE_SIZE (65535) as capacity but
only h2->content_length bytes are allocated.  This makes the buffer
believe it has more space than actually allocated.  A secondary bounds
check (new_bufsize <= h2->content_length) prevents actual overflow, but
the buffer invariant is violated.

Pass h2->content_length as the capacity to match the allocation.

Merge branch 'ondrej/fix-isc_buffer_init-capacity-mismatch-in-DoH' into 'main'

See merge request isc-projects/bind9!11662
---

42f458d33f09fbe6f1277aa05752bfa143d87ca4