From: Mark Andrews <marka@isc.org>
Date: Thu, 26 Mar 2026 02:10:45 +0000 (+1100)
Subject: Use the correct maximal compressed bit map buffer size
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f485d3a63af6edd36d77f7687e0629508878af8;p=thirdparty%2Fbind9.git

Use the correct maximal compressed bit map buffer size

There are up to 256 windows in a NSEC/NSEC3 compressed bit
map of 32 + 2 octets each.

(cherry picked from commit e43e4bd20a99860e79294afbcc9b75f01ff28c26)
---

diff --git a/lib/dns/include/dns/nsec.h b/lib/dns/include/dns/nsec.h
index e68ea35ebfb..50df8e45f18 100644
--- a/lib/dns/include/dns/nsec.h
+++ b/lib/dns/include/dns/nsec.h
@@ -23,7 +23,12 @@
 #include <dns/name.h>
 #include <dns/types.h>
 
-#define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + 8192 + 512)
+/*
+ * max compressed bitmap size:
+ * 256 windows * (window number + window length + bitmap (max 256 bits))
+ */
+#define DNS_NSEC_MAXCBMSIZE (256 * ((256 / 8) + 2))
+#define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + DNS_NSEC_MAXCBMSIZE)
 
 ISC_LANG_BEGINDECLS
 
diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c
index 546f0d955c1..bad2e29b175 100644
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -459,7 +459,7 @@ match_nsec3(const vctx_t *vctx, const dns_name_t *name,
 	    const unsigned char types[8192], unsigned int maxtype,
 	    const unsigned char *rawhash, size_t rhsize,
 	    isc_result_t *vresult) {
-	unsigned char cbm[8244];
+	unsigned char cbm[DNS_NSEC_MAXCBMSIZE];
 	char namebuf[DNS_NAME_FORMATSIZE];
 	dns_rdata_nsec3_t nsec3;
 	isc_result_t result;