From 92df1a1aaede6f2bd007522b86fdce497810e2e6 Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Tue, 7 Jul 2015 21:43:23 +0000
Subject: [PATCH] Fix BIND resolver remote denial of service when validating.

Security:	CVE-2015-4620
Security:	FreeBSD-SA-15:11.bind


git-svn-id: svn://svn.freebsd.org/base/stable/8@285257 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 contrib/bind9/lib/dns/validator.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/contrib/bind9/lib/dns/validator.c b/contrib/bind9/lib/dns/validator.c
index d33a683c5..cb24be0e6 100644
--- a/contrib/bind9/lib/dns/validator.c
+++ b/contrib/bind9/lib/dns/validator.c
@@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnskey_t *key) {
  */
 static isc_boolean_t
 isselfsigned(dns_validator_t *val) {
-	dns_fixedname_t fixed;
 	dns_rdataset_t *rdataset, *sigrdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	dns_rdata_t sigrdata = DNS_RDATA_INIT;
@@ -1461,7 +1460,7 @@ isselfsigned(dns_validator_t *val) {
 
 			result = dns_dnssec_verify2(name, rdataset, dstkey,
 						    ISC_TRUE, mctx, &sigrdata,
-						    dns_fixedname_name(&fixed));
+						    NULL);
 			dst_key_free(&dstkey);
 			if (result != ISC_R_SUCCESS)
 				continue;
-- 
2.42.0