From 172f5496ba9f1e890bfda25b85b92f079de68f37 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Fri, 20 Feb 2026 11:18:52 +0000
Subject: [PATCH] Fix a bug in dns_tkey_processquery()

The 'keyname' variable could be used in the add_rdata_to_list()
call without being initialized. Make sure that 'keyname' is non-NULL
for all the cases that do not jump to the 'cleanup:' label.
---
 lib/dns/tkey.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 9f71c4e41c..f09edc2a9c 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -401,7 +401,8 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
 		/*
 		 * A delete operation uses the fully specified qname.
 		 */
-		CHECK(process_deletetkey(signer, qname, &tkeyin, &tkeyout,
+		keyname = qname;
+		CHECK(process_deletetkey(signer, keyname, &tkeyin, &tkeyout,
 					 ring));
 		break;
 	case DNS_TKEYMODE_GSSAPI:
@@ -443,6 +444,10 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
 		result = DNS_R_NOTIMP;
 		goto cleanup;
 	default:
+		/*
+		 * For unrecognized modes also use the fully specified qname.
+		 */
+		keyname = qname;
 		tkeyout.error = dns_tsigerror_badmode;
 	}