OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add unsoundness in os_socketaddr (#1384)

Browse Source
This commit is contained in:
a-ba
2022-08-27 08:01:53 +02:00
committed by GitHub
parent e0f55ed7b5
commit 2b84c61925
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
crates/os_socketaddr/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,25 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "os_socketaddr"
date = "2022-08-26"
url = "https://github.com/a-ba/os_socketaddr/issues/3"
categories = ["memory-corruption"]
keywords = ["memory", "layout", "cast"]
informational = "unsound"
[versions]
patched = [">= 0.2.2"]
```
# `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
The [`os_socketaddr`](https://crates.io/crates/os_socketaddr) crate has assumed
`std::net::SocketAddrV4` and `std::net::SocketAddrV6` have the same memory layout as the system C
representation `sockaddr`. It has simply casted the pointers to convert the socket addresses to the
system representation.
These layout were [changed into idiomatic rust types](https://github.com/rust-lang/rust/pull/78802)
in nightly `std`. Starting from rustc 1.64 the affected versions of this crate will have undefined
behaviour.