]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 67507f0 e9a58de)
fix: usr: Fix zone verification of NSEC3 signed zones 318791
authorMark Andrews <marka@isc.org>
Fri, 10 Apr 2026 06:23:27 +0000 (16:23 +1000)
committerMark Andrews <marka@isc.org>
Fri, 10 Apr 2026 06:23:27 +0000 (16:23 +1000)
commit0633effb5be121c71b72973fc0e1c53ca81781bf
treec300d51a1996a2bac18dbd22795326f6e16b9f96tree | snapshot
parent67507f01b0d33b6ffdce9e06d362b1c3c3620d05commit | diff
parente9a58de251e87227d573937d7838544a89c3091ecommit | diff
fix: usr: Fix zone verification of NSEC3 signed zones

Previously, when computing the compressed bitmap during verification of an NSEC3-signed zone, an undersized buffer was used that resulted in an out-of-bounds write if there were too many active windows in the bitmap. This impacted mirror zones which are NSEC3-signed, `dnssec-signzone` and `dnssec-verifyzone`. This has been fixed.

Closes #5834

Merge branch '5834-fix-cbm-size' into 'main'

See merge request isc-projects/bind9!11804
Mirror of https://gitlab.isc.org/isc-projects/bind9.git