This file contains the source code patch to BIND v8 for the problem
described in CA-98.05, "Multiple Vulnerabilities in BIND", Topic 1.

*** ns_req.c    1997/06/09 17:46:59     8.39
--- ns_req.c    1998/03/23 23:27:41
***************
*** 1011,1017 ****
         */
        switch (type) {
        case T_A:
!               if (!ns_option_p(OPTION_FAKE_IQUERY))
                        return (Refuse);
                break;
        default:
--- 1011,1017 ----
         */
        switch (type) {
        case T_A:
!               if (!ns_option_p(OPTION_FAKE_IQUERY) || dlen != INT32SZ)
                        return (Refuse);
                break;
        default:
***************
*** 1022,1027 ****
--- 1022,1029 ----
  
        fname = (char *)msg + HFIXEDSZ;
        alen = (char *)*cpp - fname;
+       if ((size_t)alen > sizeof anbuf)
+               return (Refuse);
        memcpy(anbuf, fname, alen);
        data = anbuf + alen - dlen;
        *cpp = (u_char *)fname;