diff --git a/CHANGES b/CHANGES
index fb99f6a762..a0bcca38d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2884.	[bug]		Insufficient valadation in dns_name_getlabelsequence().
+			[RT #21283]
+
 2883.	[bug]		'dig +short' failed to handle really large datasets.
 			[RT #21113]
 
diff --git a/lib/dns/name.c b/lib/dns/name.c
index fc7d5be34a..f54d182517 100644
--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: name.c,v 1.169 2009/09/01 17:36:51 jinmei Exp $ */
+/* $Id: name.c,v 1.170 2010/05/12 05:40:32 marka Exp $ */
 
 /*! \file */
 
@@ -902,7 +902,7 @@ dns_name_getlabelsequence(const dns_name_t *source,
 	REQUIRE(VALID_NAME(source));
 	REQUIRE(VALID_NAME(target));
 	REQUIRE(first <= source->labels);
-	REQUIRE(first + n <= source->labels);
+	REQUIRE(n <= source->labels - first); /* note first+n could overflow */
 	REQUIRE(BINDABLE(target));
 
 	SETUP_OFFSETS(source, offsets, odata);