This file contains the source code patch to BIND v4.9 for the problem
described in CA-98.05, "Multiple Vulnerabilities in BIND", Topic 1.

*** ns_req.c    1997/06/01 20:34:34     8.28
--- ns_req.c    1998/03/23 23:31:25
***************
*** 1007,1013 ****
        switch (type) {
        case T_A:
  #ifndef INVQ
!               if (!fake_iquery)
                        return (Refuse);
  #endif
  #ifdef INVQ
--- 1007,1013 ----
        switch (type) {
        case T_A:
  #ifndef INVQ
!               if (!fake_iquery || dlen != INT32SZ)
                        return (Refuse);
  #endif
  #ifdef INVQ
***************
*** 1021,1027 ****
        dprintf(1, (ddt, "req: IQuery class %d type %d\n", class, type));
  
        fname = (char *)msg + HFIXEDSZ;
!       bcopy(fname, anbuf, alen = (char *)*cpp - fname);
        data = anbuf + alen - dlen;
        *cpp = (u_char *)fname;
        *buflenp -= HFIXEDSZ;
--- 1021,1030 ----
        dprintf(1, (ddt, "req: IQuery class %d type %d\n", class, type));
  
        fname = (char *)msg + HFIXEDSZ;
!       alen = (char *)*cpp - fname;
!       if ((size_t)alen > sizeof anbuf)
!               return (Refuse);
!       bcopy(fname, anbuf, alen);
        data = anbuf + alen - dlen;
        *cpp = (u_char *)fname;
        *buflenp -= HFIXEDSZ;