[krbdev.mit.edu #1216]
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Oct 10 19:27:21 EDT 2002
Thanks for the patch...
>>>>> "nalin" == The RT System itself via RT <rt-comment at krbdev.mit.edu> writes:
nalin> --- src/lib/krb5/os/locate_kdc.c 2002-10-09 14:15:57.000000000 -0400
nalin> +++ src/lib/krb5/os/locate_kdc.c 2002-10-09 14:59:26.000000000 -0400
nalin> @@ -391,7 +391,7 @@
nalin> size = res_search(host, C_IN, T_SRV, answer.bytes, sizeof(answer.bytes));
nalin> - if (size < hdrsize)
nalin> + if ((size < hdrsize) || (size > sizeof(answer.bytes))
nalin> goto out;
nalin> /*
nalin> @@ -463,6 +463,8 @@
nalin> CHECK(p,2);
nalin> rdlen = NTOHSP(p,2);
nalin> + CHECK(p,rdlen);
nalin> +
Could you please explain why this check for rdlen was added? It seems
redundant.
---Tom
More information about the krb5-bugs
mailing list