From 58d01b821af93448714ccb22cea15c35088bd33a Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 23 Aug 2022 10:54:42 +0200
Subject: [PATCH] nsec3.c: Add a missing dns_db_detachnode() call

There is one case in 'dns_nsec3_activex()' where it returns but forgets
to detach the db node. Add the missing 'dns_db_detachnode()' call.

This case only triggers if 'sig-signing-type' (privatetype) is set to 0
(which by default is not), or if the function is called with 'complete'
is set to 'true' (which at this moment do not exist).

Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/58d01b821af93448714ccb22cea15c35088bd33a
(cherry picked from commit 0cf6c18ccb2205a1fc81431f908c8310f6136bbb)
---
 lib/dns/nsec3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index f4f7cdeb53..45240b2499 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1833,6 +1833,7 @@ dns_nsec3_activex(dns_db_t *db, dns_dbversion_t *version, bool complete,
 
 try_private:
 	if (privatetype == 0 || complete) {
+		dns_db_detachnode(db, &node);
 		*answer = false;
 		return (ISC_R_SUCCESS);
 	}
-- 
2.23.0