Silence tainted scalar in client.c

Coverity detected that 'optlen' was not being checked in 'process_opt'.
This is actually already done when the OPT record was initially
parsed.  Add an INSIST to silence Coverity as is done in message.c.

diff --git a/lib/ns/client.c b/lib/ns/client.c
index cdc5a49e094783bc6fc914a206b7c59933969fe5..87e79e13330917060accab7ec3d99c18ec7f22b9 100644 (file)
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -1589,6 +1589,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
                while (isc_buffer_remaininglength(&optbuf) >= 4) {
                        optcode = isc_buffer_getuint16(&optbuf);
                        optlen = isc_buffer_getuint16(&optbuf);
+
+                       INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
+
                        /*
                         * When returning BADVERSION, only process
                         * DNS_OPT_NSID or DNS_OPT_COOKIE options.