Index: usr.sbin/nscd/query.c
===================================================================
--- usr.sbin/nscd/query.c
+++ usr.sbin/nscd/query.c
@@ -160,7 +160,7 @@
 	struct cmsgcred *cred;
 	int elem_type;
 
-	struct {
+	union {
 		struct cmsghdr	hdr;
 		char cred[CMSG_SPACE(sizeof(struct cmsgcred))];
 	} cmsg;
@@ -171,8 +171,8 @@
 	memset(&cred_hdr, 0, sizeof(struct msghdr));
 	cred_hdr.msg_iov = &iov;
 	cred_hdr.msg_iovlen = 1;
-	cred_hdr.msg_control = (caddr_t)&cmsg;
-	cred_hdr.msg_controllen = CMSG_LEN(sizeof(struct cmsgcred));
+	cred_hdr.msg_control = &cmsg;
+	cred_hdr.msg_controllen = sizeof(cmsg);
 
 	memset(&iov, 0, sizeof(struct iovec));
 	iov.iov_base = &elem_type;
@@ -183,9 +183,22 @@
 		return (-1);
 	}
 
-	if (cmsg.hdr.cmsg_len < CMSG_LEN(sizeof(struct cmsgcred))
-		|| cmsg.hdr.cmsg_level != SOL_SOCKET
-		|| cmsg.hdr.cmsg_type != SCM_CREDS) {
+	if (cred_hdr.msg_flags & (MSG_CTRUNC | MSG_TRUNC)) {
+		TRACE_OUT(on_query_startup);
+		return (-1);
+	}
+
+	if (cmsg.hdr.cmsg_len < CMSG_LEN(sizeof(struct cmsgcred))) {
+		TRACE_OUT(on_query_startup);
+		return (-1);
+	}
+
+	if (cmsg.hdr.cmsg_level != SOL_SOCKET) {
+		TRACE_OUT(on_query_startup);
+		return (-1);
+	}
+
+	if (cmsg.hdr.cmsg_type != SCM_CREDS) {
 		TRACE_OUT(on_query_startup);
 		return (-1);
 	}