krb5: Check for signed overflow

This avoids a compiler error:

../../third_party/heimdal/lib/krb5/krbhst.c: In function ‘srv_find_realm.constprop’:
../../third_party/heimdal/lib/krb5/krbhst.c:113:8: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
     if (num_srv == 0) {
        ^

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/lib/krb5/krbhst.c b/lib/krb5/krbhst.c
index 0b77b4a9ce5afb5d38ea7ee402383be811fa8768..6ce7b53c5b6736bb75f16f7617d4a2af6ccc13a4 100644 (file)
--- a/lib/krb5/krbhst.c
+++ b/lib/krb5/krbhst.c
@@ -107,8 +107,17 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
     }
 
     for(num_srv = 0, rr = r->head; rr; rr = rr->next)
-       if(rr->type == rk_ns_t_srv)
+       if(rr->type == rk_ns_t_srv) {
+           if (num_srv >= INT_MAX) {
+               rk_dns_free_data(r);
+               return KRB5_KDC_UNREACH;
+           }
+           if (num_srv >= SIZE_MAX / sizeof(**res)) {
+               rk_dns_free_data(r);
+               return KRB5_KDC_UNREACH;
+           }
            num_srv++;
+       }
 
     if (num_srv == 0) {
        _krb5_debug(context, 0,