nextincr in krb5int_dns_init too small

Greg Hudson ghudson at
Mon Feb 22 16:29:44 EST 2016

On 02/18/2016 07:46 AM, Daniel Colascione wrote:
> krb5int_dns_init has a conventional malloc-and-realloc-until-it-fits
> loop, but inside the loop body, we're calling res_nsearch, which can do
> non-trivial work. It'd be better to increase the initial guess from 2048
> to something bigger; even 4k is a trivial amount of memory these days,
> and I'm getting 2786-byte responses.

I am preparing a pull request to update the buffer size to 4K.  Am I
correct to asssume that these 2786-byte responses include DNSSEC signatures?

More information about the krbdev mailing list