Thanks for the patch...

>>>>> "nalin" == The RT System itself via RT <rt-comment@krbdev.mit.edu> writes:
nalin> --- src/lib/krb5/os/locate_kdc.c	2002-10-09 14:15:57.000000000 -0400
nalin> +++ src/lib/krb5/os/locate_kdc.c	2002-10-09 14:59:26.000000000 -0400
nalin> @@ -391,7 +391,7 @@
 
nalin>      size = res_search(host, C_IN, T_SRV, answer.bytes, sizeof(answer.bytes));
 
nalin> -    if (size < hdrsize)
nalin> +    if ((size < hdrsize) || (size > sizeof(answer.bytes))
nalin>  	goto out;
 
nalin>      /*
nalin> @@ -463,6 +463,8 @@
nalin>          CHECK(p,2);
nalin>  	rdlen = NTOHSP(p,2);
 
nalin> +	CHECK(p,rdlen);
nalin> +

Could you please explain why this check for rdlen was added?  It seems
redundant.

---Tom