From: Ondřej Surý <ondrej@isc.org>
Date: Tue, 24 Feb 2026 16:11:00 +0000 (+0100)
Subject: [9.20] chg: dev: Invalid NSEC3 can cause OOB read of the isdelegation() stack
X-Git-Tag: v9.20.20~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6f234169e2fd35c5a5f4f3cce9f0eaca15915ae;p=thirdparty%2Fbind9.git

[9.20] chg: dev: Invalid NSEC3 can cause OOB read of the isdelegation() stack

When .next_length is longer than NSEC3_MAX_HASH_LENGTH, it causes a
harmless out-of-bound read of the isdelegation() stack.  This has been
fixed.

Closes #5749

Backport of MR !11553

Merge branch 'backport-5749-fix-OOB-read-in-isdelegation-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!11594
---

e6f234169e2fd35c5a5f4f3cce9f0eaca15915ae