$OpenBSD: patch-lib_dns_spnego_c,v 1.2 2021/02/27 20:56:03 sthen Exp $

https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch

Index: lib/dns/spnego.c
--- lib/dns/spnego.c.orig
+++ lib/dns/spnego.c
@@ -846,7 +846,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *d
 		return (ASN1_OVERRUN);
 	}
 
-	data->components = malloc(len * sizeof(*data->components));
+	data->components = malloc((len + 1) * sizeof(*data->components));
 	if (data->components == NULL) {
 		return (ENOMEM);
 	}
