OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 07:46:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reword advisory description

Browse Source
This commit is contained in:
Linus Färnstrand
2020-12-02 23:25:25 +01:00
parent 4c2a45a1db
commit 8e4861d90c
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
crates/net2/RUSTSEC-0000-0000.md
View File

@@ -12,10 +12,13 @@ patched = [">= 0.2.36"]
# `net2` invalidly assumes the memory layout of std::net::SocketAddr
The [`net2`](https://crates.io/crates/net2) crate has converted `std::net::SocketAddr`
instances into C `sockaddr` pointers simply by casting the pointer. This will cause
invalid memory access if/when the standard library ever changes the implementation.
No warnings or errors will be emitted once the change happens.
The [`net2`](https://crates.io/crates/net2) crate has assumed `std::net::SocketAddrV4`
and `std::net::SocketAddrV6` have the same memory layout as the system C representation
`sockaddr`. It has simply casted the pointers to convert the socket addresess to the
system representation. The standard library does not say anything about the memory
layout, and this will cause invalid memory access if the standard library
changes the implementation. No warnings or errors will be emitted once the
change happens.
Please stop using `net2` completely (it's deprecated, use `socket2`) or at least
Please stop using `net2` completely (it is deprecated, use `socket2`) or at least
upgrade to version `0.2.36` where the socket address conversion is done safely.