From: Evan Hunt <each@isc.org>
Date: Wed, 6 May 2026 00:01:08 +0000 (+0000)
Subject: [9.20] fix: dev: Fix a stack use-after-free in qpzone
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ddea991c073bbcf15e38c547ad73a3b1491704c0;p=thirdparty%2Fbind9.git

[9.20] fix: dev: Fix a stack use-after-free in qpzone

In previous_closest_nsec(), a new qpreader was opened to search the NSEC
tree. It was possible for that to be used to update a QP iterator object
owned by the caller, and then be destroyed when the function returned.

This has been addressed by having the caller open the NSEC qpreader
instead.

Closes #5942

Merge branch '5942-qpiter-fix-bind-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11956
---

ddea991c073bbcf15e38c547ad73a3b1491704c0