From 5bb12f5c41c99db95d96c8260a920f7b818497e8 Mon Sep 17 00:00:00 2001
From: Aaron Beitch <aaronb@arista.com>
Date: Thu, 20 May 2021 23:56:27 +0100
Subject: [PATCH 1/2] fix: explicitly use uint64 for payload length

Tested with:
```
docker run --platform=linux/i386 --rm -v "$PWD":/usr/src -w /usr/src golang:1.16 go build -v
```

Fixes #1943
---
 gssapi_kerberos.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gssapi_kerberos.go b/gssapi_kerberos.go
index b2c199000..e7d5c635c 100644
--- a/gssapi_kerberos.go
+++ b/gssapi_kerberos.go
@@ -57,7 +57,7 @@ type KerberosClient interface {
 
 // writePackage appends length in big endian before the payload, and sends it to kafka
 func (krbAuth *GSSAPIKerberosAuth) writePackage(broker *Broker, payload []byte) (int, error) {
-	length := len(payload)
+	length := uint64(len(payload))
 	size := length + 4 // 4 byte length header + payload
 	if size > math.MaxUint32 {
 		return 0, errors.New("payload too large, will overflow uint32")

From a51d20aa5788d0930d43013e03d735a6869ad7c9 Mon Sep 17 00:00:00 2001
From: Dominic Evans <dominic.evans@uk.ibm.com>
Date: Tue, 1 Jun 2021 23:41:06 +0100
Subject: [PATCH 2/2] fix: cap kerberos payload at int32

---
 gssapi_kerberos.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gssapi_kerberos.go b/gssapi_kerberos.go
index e7d5c635c..ab8b70196 100644
--- a/gssapi_kerberos.go
+++ b/gssapi_kerberos.go
@@ -59,8 +59,8 @@ type KerberosClient interface {
 func (krbAuth *GSSAPIKerberosAuth) writePackage(broker *Broker, payload []byte) (int, error) {
 	length := uint64(len(payload))
 	size := length + 4 // 4 byte length header + payload
-	if size > math.MaxUint32 {
-		return 0, errors.New("payload too large, will overflow uint32")
+	if size > math.MaxInt32 {
+		return 0, errors.New("payload too large, will overflow int32")
 	}
 	finalPackage := make([]byte, size)
 	copy(finalPackage[4:], payload)