Warning implies possible kerberos bug in krb5int_dns_nextans() in dnsglue.c

Philip Guenther guenther at gmail.com
Tue Mar 18 01:45:58 EDT 2008

On Mon, Mar 17, 2008 at 6:36 PM, Jeffrey Hutzelman <jhutz at cmu.edu> wrote:
>  I think both concerns are valid.  Harmless warnings should be eliminated,
>  as possible, because doing so makes it easier to find real problem.  In
>  this case, I would suggest replacing the offending line with the following:
>         /* NB: sizeof(unsigned short) <= sizeof(unsigned int) */
>         if ((unsigned int)rdlen > INT_MAX)
>  This eliminates the harmless warning, but should still generate one if
>  rdlen ever gets retyped to something bigger than an unsigned int.

As Russ observed, the test is there to protect systems where short and
int are both 16bit types.  If an EDNS0 extension let the field in the
packet grow to 32bits and rdlen was changed to a unsigned long as a
result, then your 'fixed' code would make the test return false
negatives when rdlen was > UINT_MAX but less than UINT_MAX+INT_MAX
(and similarly in higher ranges) and it would *not* generate a warning
when compiled.

IMHO, the Right Thing would be to fix the API and make lenp point to
an unsigned int instead of a signed int.  If I'm reading the callers
correctly, matching them match would be trivial.

Alternatively, just change the code to test against SHORT_MAX.  Yeah,
that limits it to 32kB RDATA fields, but the current code already
imposes that limitation on systems where int is 16bits.

Philip Guenther

More information about the krbdev mailing list