[9.20] fix: usr: Fix zone verification of NSEC3 signed zones
Previously, when computing the compressed bitmap during verification of an NSEC3-signed zone, an undersized buffer was used that resulted in an out-of-bounds write if there were too many active windows in the bitmap. This impacted mirror zones which are NSEC3-signed, `dnssec-signzone` and `dnssec-verifyzone`. This has been fixed.
Closes #5834
Backport of MR !11804
Merge branch 'backport-5834-fix-cbm-size-9.20' into 'bind-9.20'
projects / thirdparty / bind9.git / commit
