mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-23 20:05:15 +01:00
27 lines
912 B
Markdown
27 lines
912 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2022-0052"
|
|
package = "os_socketaddr"
|
|
date = "2022-08-26"
|
|
url = "https://github.com/a-ba/os_socketaddr/issues/3"
|
|
categories = ["memory-corruption"]
|
|
keywords = ["memory", "layout", "cast"]
|
|
informational = "unsound"
|
|
aliases = ["GHSA-c439-chv8-8g2j"]
|
|
|
|
[versions]
|
|
patched = [">= 0.2.2"]
|
|
```
|
|
|
|
# `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
|
|
|
|
The [`os_socketaddr`](https://crates.io/crates/os_socketaddr) crate has assumed
|
|
`std::net::SocketAddrV4` and `std::net::SocketAddrV6` have the same memory layout as the system C
|
|
representation `sockaddr`. It has simply casted the pointers to convert the socket addresses to the
|
|
system representation.
|
|
|
|
These layout were [changed into idiomatic rust types](https://github.com/rust-lang/rust/pull/78802)
|
|
in nightly `std`. Starting from rustc 1.64 the affected versions of this crate will have undefined
|
|
behaviour.
|
|
|