mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-06 19:49:45 +01:00
23 lines
837 B
Markdown
23 lines
837 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0079"
|
|
package = "socket2"
|
|
date = "2020-11-06"
|
|
url = "https://github.com/rust-lang/socket2-rs/issues/119"
|
|
keywords = ["memory", "layout", "cast"]
|
|
informational = "unsound"
|
|
|
|
[versions]
|
|
patched = [">= 0.3.16"]
|
|
```
|
|
|
|
# `socket2` invalidly assumes the memory layout of std::net::SocketAddr
|
|
|
|
The [`socket2`](https://crates.io/crates/socket2) crate has assumed `std::net::SocketAddrV4`
|
|
and `std::net::SocketAddrV6` have the same memory layout as the system C representation
|
|
`sockaddr`. It has simply casted the pointers to convert the socket addresses to the
|
|
system representation. The standard library does not say anything about the memory
|
|
layout, and this will cause invalid memory access if the standard library
|
|
changes the implementation. No warnings or errors will be emitted once the
|
|
change happens.
|