From ca786cda2b20485261d6471619c356e4dabe1fa7 Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Tue, 7 Jul 2015 21:43:23 +0000
Subject: [PATCH] Fix BIND resolver remote denial of service when validating.

Security:	CVE-2015-4620
Security:	FreeBSD-SA-15:11.bind


git-svn-id: svn://svn.freebsd.org/base/stable/9@285257 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 contrib/bind9/lib/dns/validator.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/contrib/bind9/lib/dns/validator.c b/contrib/bind9/lib/dns/validator.c
index 565e7e1d6..1d0b70933 100644
--- a/contrib/bind9/lib/dns/validator.c
+++ b/contrib/bind9/lib/dns/validator.c
@@ -1420,7 +1420,6 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnskey_t *key) {
  */
 static isc_boolean_t
 isselfsigned(dns_validator_t *val) {
-	dns_fixedname_t fixed;
 	dns_rdataset_t *rdataset, *sigrdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	dns_rdata_t sigrdata = DNS_RDATA_INIT;
@@ -1476,8 +1475,7 @@ isselfsigned(dns_validator_t *val) {
 			result = dns_dnssec_verify3(name, rdataset, dstkey,
 						    ISC_TRUE,
 						    val->view->maxbits,
-						    mctx, &sigrdata,
-						    dns_fixedname_name(&fixed));
+						    mctx, &sigrdata, NULL);
 			dst_key_free(&dstkey);
 			if (result != ISC_R_SUCCESS)
 				continue;
-- 
2.45.0