From 94be8e357c37c843027e899bb277a314ea828a4c Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 1 Oct 2003 04:10:26 +0000
Subject: [PATCH] 1519.   [bug]           dnssec-signzone:nsec_setbit()
 computed the wrong                         length of the new bitmap.

---
 CHANGES                      | 3 +++
 bin/dnssec/dnssec-signzone.c | 7 +++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index ed6a1e4107..4446e88a50 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1519.	[bug]		dnssec-signzone:nsec_setbit() computed the wrong
+			length of the new bitmap.
+
 1518.   [bug]           dns_nsec_buildrdata(), and hence dns_nsec_build(),
 			contained a off-by-one error when working out the
 			number of octets in the bitmap.
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index dc23114231..6e99e4e163 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.169 2003/09/30 05:56:00 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.170 2003/10/01 04:10:26 marka Exp $ */
 
 #include <config.h>
 
@@ -664,10 +664,9 @@ nsec_setbit(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdatatype_t type,
 	result = dns_rdata_tostruct(&rdata, &nsec, NULL);
 	check_result(result, "dns_rdata_tostruct");
 
-	newlen = type / 8 + 1;
+	INSIST(nsec.len <= sizeof(bitmap));
 
-	INSIST(nsec.len < sizeof(bitmap));
-	INSIST(newlen < sizeof(bitmap));
+	newlen = sizeof(bitmap);
 
 	memset(bitmap, 0, sizeof(bitmap));
 	memcpy(bitmap, nsec.typebits, nsec.len);