Vendor import of 9.4.1-P1, which has fixes for the following:

1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925

2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.

All users are encouraged to upgrade.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

Approved by:	re (kensmith, implicit)

1 files changed, 9 insertions, 1 deletions

diff --git a/contrib/bind9/bin/named/client.c b/contrib/bind9/bin/named/client.c
index d69e44b869be..4f1caa8b1579 100644
--- a/contrib/bind9/bin/named/client.c
+++ b/contrib/bind9/bin/named/client.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.219.18.20 2006/07/22 01:02:36 marka Exp $ */
+/* $Id: client.c,v 1.219.18.20.14.1 2007/06/26 02:58:54 marka Exp $ */
 
 #include <config.h>
 
@@ -1440,6 +1440,14 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	}
 
 	/*
+	 * Hash the incoming request here as it is after
+	 * dns_dispatch_importrecv().
+	 */
+	dns_dispatch_hash(&client->now, sizeof(client->now));
+	dns_dispatch_hash(isc_buffer_base(buffer),
+			  isc_buffer_usedlength(buffer));
+
+	/*
 	 * It's a request.  Parse it.
 	 */
 	result = dns_message_parse(client->message, buffer, 0);