OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reword advisory description

Browse Source
This commit is contained in:
Linus Färnstrand
2020-12-02 23:25:25 +01:00
parent 4c2a45a1db
commit 8e4861d90c
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
crates/net2/RUSTSEC-0000-0000.md
View File

@@ -12,10 +12,13 @@ patched = [">= 0.2.36"]
# `net2` invalidly assumes the memory layout of std::net::SocketAddr # `net2` invalidly assumes the memory layout of std::net::SocketAddr
The [`net2`](https://crates.io/crates/net2) crate has converted `std::net::SocketAddr` The [`net2`](https://crates.io/crates/net2) crate has assumed `std::net::SocketAddrV4`
instances into C `sockaddr` pointers simply by casting the pointer. This will cause and `std::net::SocketAddrV6` have the same memory layout as the system C representation
invalid memory access if/when the standard library ever changes the implementation. `sockaddr`. It has simply casted the pointers to convert the socket addresess to the
No warnings or errors will be emitted once the change happens. system representation. The standard library does not say anything about the memory
layout, and this will cause invalid memory access if the standard library
changes the implementation. No warnings or errors will be emitted once the
change happens.
Please stop using `net2` completely (it's deprecated, use `socket2`) or at least Please stop using `net2` completely (it is deprecated, use `socket2`) or at least
upgrade to version `0.2.36` where the socket address conversion is done safely. upgrade to version `0.2.36` where the socket address conversion is done safely.