compression buffer was not cleared properly

clear the compression buffer before use. this eliminates the
possibility of a latent bug that, when combined with other changes,
allowed an overread in a later version of BIND.

diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c
index eb103885d676faaa8520283e762904a844774b15..74416755e32eb6b9effb4180ca164bd49e665f34 100644 (file)
--- a/lib/isc/httpd.c
+++ b/lib/isc/httpd.c
@@ -248,6 +248,8 @@ free_buffer(isc_mem_t *mctx, isc_buffer_t *buffer) {
        if (r.length > 0) {
                isc_mem_put(mctx, r.base, r.length);
        }
+
+       isc_buffer_initnull(buffer);
 }
 
 static void
@@ -912,6 +914,7 @@ isc_httpd_compress(isc_httpd_t *httpd) {
        if (result != ISC_R_SUCCESS) {
                return (result);
        }
+       isc_buffer_clear(&httpd->compbuffer);
        isc_buffer_region(&httpd->compbuffer, &r);
 
        /*