From bcc611ee3c72097a974ef6e05c6c6eff165ca226 Mon Sep 17 00:00:00 2001
From: Dominic Evans <dominic.evans@uk.ibm.com>
Date: Wed, 28 Apr 2021 10:52:23 +0100
Subject: [PATCH] fix: correct initial CodeQL findings

- Incorrect conversion between integer types
- Size computation for allocation may overflow
---
 admin.go           | 12 ++++++++++--
 broker.go          |  2 +-
 gssapi_kerberos.go |  5 +++++
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/admin.go b/admin.go
index e0b102034b..4aa3cf1d55 100644
--- a/admin.go
+++ b/admin.go
@@ -619,7 +619,11 @@ func (ca *clusterAdmin) DescribeConfig(resource ConfigResource) ([]ConfigEntry,
 
 	// DescribeConfig of broker/broker logger must be sent to the broker in question
 	if dependsOnSpecificNode(resource) {
-		id, _ := strconv.Atoi(resource.Name)
+		var id int64
+		id, err = strconv.ParseInt(resource.Name, 10, 32)
+		if err != nil {
+			return nil, err
+		}
 		b, err = ca.findBroker(int32(id))
 	} else {
 		b, err = ca.findAnyBroker()
@@ -670,7 +674,11 @@ func (ca *clusterAdmin) AlterConfig(resourceType ConfigResourceType, name string
 
 	// AlterConfig of broker/broker logger must be sent to the broker in question
 	if dependsOnSpecificNode(ConfigResource{Name: name, Type: resourceType}) {
-		id, _ := strconv.Atoi(name)
+		var id int64
+		id, err = strconv.ParseInt(name, 10, 32)
+		if err != nil {
+			return err
+		}
 		b, err = ca.findBroker(int32(id))
 	} else {
 		b, err = ca.findAnyBroker()
diff --git a/broker.go b/broker.go
index 5858a23c07..a466689cda 100644
--- a/broker.go
+++ b/broker.go
@@ -816,7 +816,7 @@ func (b *Broker) encode(pe packetEncoder, version int16) (err error) {
 		return err
 	}
 
-	port, err := strconv.Atoi(portstr)
+	port, err := strconv.ParseInt(portstr, 10, 32)
 	if err != nil {
 		return err
 	}
diff --git a/gssapi_kerberos.go b/gssapi_kerberos.go
index 44fd44625c..8bf57c407b 100644
--- a/gssapi_kerberos.go
+++ b/gssapi_kerberos.go
@@ -3,8 +3,10 @@ package sarama
 import (
 	"encoding/asn1"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
+	"math"
 	"strings"
 	"time"
 
@@ -61,6 +63,9 @@ type KerberosClient interface {
 
 func (krbAuth *GSSAPIKerberosAuth) writePackage(broker *Broker, payload []byte) (int, error) {
 	length := len(payload)
+	if length+4 > math.MaxUint32 {
+		return 0, errors.New("payload too large, will overflow uint32")
+	}
 	finalPackage := make([]byte, length+4) //4 byte length header + payload
 	copy(finalPackage[4:], payload)
 	binary.BigEndian.PutUint32(finalPackage, uint32(length))