tech-security: Re: does dns overrun apply to getaddrinfo.c?

Subject: Re: does dns overrun apply to getaddrinfo.c?
To: None <itojun@iijlab.net>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 07/16/2002 16:37:56

On Wed, 17 Jul 2002 itojun@iijlab.net wrote:

> >Anyways, should lib/libc/net/getaddrinfo.c be improved to clean up for
> >potential buffer overflow? (Or is it not needed?)
>
> 	getaddrinfo.c was not vulnerable to the issue found last month,

Okay.

> 	and the cleanup (removal of "buflen" management) is already done.

I see for MAIN and netbsd-1-6. Since was not vulnerable I guess it doesn't
need to be pulled up for netbsd-1-5 then (if 1.42.4.4 is latest netbsd-1-5
version).  (But it may be a good idea anyways.)

Thanks,

   Jeremy C. Reed
   http://www.reedmedia.net/