From 4c2a45a1db6656f3b8f14a36cd7012db357dbec7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20F=C3=A4rnstrand?= <faern@faern.net>
Date: Wed, 2 Dec 2020 22:56:21 +0100
Subject: [PATCH] Add advisory on net2 making invalid memory assumptions

---
 crates/net2/RUSTSEC-0000-0000.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 crates/net2/RUSTSEC-0000-0000.md

diff --git a/crates/net2/RUSTSEC-0000-0000.md b/crates/net2/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..04bbf74
--- /dev/null
+++ b/crates/net2/RUSTSEC-0000-0000.md
@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "net2"
+date = "2020-11-07"
+url = "https://github.com/deprecrated/net2-rs/issues/105"
+keywords = ["memory", "layout", "cast"]
+
+[versions]
+patched = [">= 0.2.36"]
+```
+
+# `net2` invalidly assumes the memory layout of std::net::SocketAddr
+
+The [`net2`](https://crates.io/crates/net2) crate has converted `std::net::SocketAddr`
+instances into C `sockaddr` pointers simply by casting the pointer. This will cause
+invalid memory access if/when the standard library ever changes the implementation.
+No warnings or errors will be emitted once the change happens.
+
+Please stop using `net2` completely (it's deprecated, use `socket2`) or at least
+upgrade to version `0.2.36` where the socket address conversion is done safely.
\ No newline at end of file