upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 08:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Use the correct maximal compressed bit map buffer size

Browse source 
There are up to 256 windows in a NSEC/NSEC3 compressed bit
map of 32 + 2 octets each.
This commit is contained in:
Mark Andrews 2026-03-26 13:10:45 +11:00
parent 67507f01b0
commit e43e4bd20a
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/dns/include/dns/nsec.h
View file

@ -21,7 +21,12 @@
#include <dns/name.h>
#include <dns/types.h>
#define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + 8192 + 512)
/*
* max compressed bitmap size:
* 256 windows * (window number + window length + bitmap (max 256 bits))
*/
#define DNS_NSEC_MAXCBMSIZE (256 * ((256 / 8) + 2))
#define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + DNS_NSEC_MAXCBMSIZE)
isc_result_t
dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,

2
lib/dns/zoneverify.c
View file

@ -447,7 +447,7 @@ match_nsec3(const vctx_t *vctx, const dns_name_t *name,
const unsigned char types[8192], unsigned int maxtype,
const unsigned char *rawhash, size_t rhsize,
isc_result_t *vresult) {
unsigned char cbm[8244];
unsigned char cbm[DNS_NSEC_MAXCBMSIZE];
char namebuf[DNS_NAME_FORMATSIZE];
dns_rdata_nsec3_t nsec3;
isc_result_t result;