Thanks, (corrected) patch applied

	* hst_realm.c (krb5_try_realm_txt_rr): Apply patch from Nalin
	Dahyabhai to bounds-check return value from res_search().

	* locate_kdc.c (krb5_locate_srv_dns_1): Apply patch from Nalin
	Dahyabhai to bounds-check return value from res_search().

ticket: 1216

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14928 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 10 insertions, 2 deletions

diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog
index 7e80873..6c994b1 100644
--- a/src/lib/krb5/os/ChangeLog
+++ b/src/lib/krb5/os/ChangeLog
@@ -1,3 +1,11 @@
+2002-10-15  Tom Yu  <tlyu@mit.edu>
+
+	* hst_realm.c (krb5_try_realm_txt_rr): Apply patch from Nalin
+	Dahyabhai to bounds-check return value from res_search().
+
+	* locate_kdc.c (krb5_locate_srv_dns_1): Apply patch from Nalin
+	Dahyabhai to bounds-check return value from res_search().
+
 2002-10-11  Tom Yu  <tlyu@mit.edu>
 
 	* read_pwd.c (krb5_read_password): Restore name of size_return.
diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index 5c89c31..a72fb84 100644
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -145,7 +145,7 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
     }
     size = res_search(host, C_IN, T_TXT, answer.bytes, sizeof(answer.bytes));
 
-    if (size < 0)
+    if ((size < sizeof(HEADER)) || (size > sizeof(answer.bytes)))
 	return KRB5_ERR_HOST_REALM_UNKNOWN;
 
     p = answer.bytes;
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index ea42bbc..451d3e9 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -570,7 +570,7 @@ krb5_locate_srv_dns_1 (const krb5_data *realm,
 
     size = res_search(host, C_IN, T_SRV, answer.bytes, sizeof(answer.bytes));
 
-    if (size < hdrsize)
+    if ((size < hdrsize) || (size > sizeof(answer.bytes)))
 	goto out;
 
     /*