Silence tainted scalar in client.c

Coverity detected that 'optlen' was not being checked in 'process_opt'.
This is actually already done when the OPT record was initially
parsed.  Add an INSIST to silence Coverity as is done in message.c.

(cherry picked from commit 72cd6e85916e02fe7f51806eb25ee0c5a973398a)

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 0ad54f35d9614c8dce815d0cfbd56e7d904407b0..6e57713221d593701444476638113b9341e27d86 100644 (file)
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -1611,6 +1611,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
                while (isc_buffer_remaininglength(&optbuf) >= 4) {
                        optcode = isc_buffer_getuint16(&optbuf);
                        optlen = isc_buffer_getuint16(&optbuf);
+
+                       INSIST(isc_buffer_remaininglength(&optbuf) >= optlen);
+
                        switch (optcode) {
                        case DNS_OPT_NSID:
                                if (!WANTNSID(client)) {