IBM · dnwe · Apr 28, 2021 · Apr 28, 2021
diff --git a/admin.go b/admin.go
@@ -619,7 +619,11 @@ func (ca *clusterAdmin) DescribeConfig(resource ConfigResource) ([]ConfigEntry,
 
 	// DescribeConfig of broker/broker logger must be sent to the broker in question
 	if dependsOnSpecificNode(resource) {
-		id, _ := strconv.Atoi(resource.Name)
+		var id int64
+		id, err = strconv.ParseInt(resource.Name, 10, 32)
+		if err != nil {
+			return nil, err
+		}
 		b, err = ca.findBroker(int32(id))
 	} else {
 		b, err = ca.findAnyBroker()
@@ -670,7 +674,11 @@ func (ca *clusterAdmin) AlterConfig(resourceType ConfigResourceType, name string
 
 	// AlterConfig of broker/broker logger must be sent to the broker in question
 	if dependsOnSpecificNode(ConfigResource{Name: name, Type: resourceType}) {
-		id, _ := strconv.Atoi(name)
+		var id int64
+		id, err = strconv.ParseInt(name, 10, 32)
+		if err != nil {
+			return err
+		}
 		b, err = ca.findBroker(int32(id))
 	} else {
 		b, err = ca.findAnyBroker()

diff --git a/broker.go b/broker.go
@@ -816,7 +816,7 @@ func (b *Broker) encode(pe packetEncoder, version int16) (err error) {
 		return err
 	}
 
-	port, err := strconv.Atoi(portstr)
+	port, err := strconv.ParseInt(portstr, 10, 32)
 	if err != nil {
 		return err
 	}

diff --git a/gssapi_kerberos.go b/gssapi_kerberos.go
@@ -3,8 +3,10 @@ package sarama
 import (
 	"encoding/asn1"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
+	"math"
 	"strings"
 	"time"
 
@@ -53,15 +55,14 @@ type KerberosClient interface {
 	Destroy()
 }
 
-/*
-*
-* Appends length in big endian before payload, and send it to kafka
-*
- */
-
+// writePackage appends length in big endian before the payload, and sends it to kafka
 func (krbAuth *GSSAPIKerberosAuth) writePackage(broker *Broker, payload []byte) (int, error) {
 	length := len(payload)
-	finalPackage := make([]byte, length+4) //4 byte length header + payload
+	size := length + 4 // 4 byte length header + payload
+	if size > math.MaxUint32 {
+		return 0, errors.New("payload too large, will overflow uint32")
+	}
+	finalPackage := make([]byte, size)
 	copy(finalPackage[4:], payload)
 	binary.BigEndian.PutUint32(finalPackage, uint32(length))
 	bytes, err := broker.conn.Write(finalPackage)
@@ -71,12 +72,7 @@ func (krbAuth *GSSAPIKerberosAuth) writePackage(broker *Broker, payload []byte)
 	return bytes, nil
 }
 
-/*
-*
-* Read length (4 bytes) and then read the payload
-*
- */
-
+// readPackage reads payload length (4 bytes) and then reads the payload into []byte
 func (krbAuth *GSSAPIKerberosAuth) readPackage(broker *Broker) ([]byte, int, error) {
 	bytesRead := 0
 	lengthInBytes := make([]byte, 4)