Subject: Re: does dns overrun apply to getaddrinfo.c?
To: None <firstname.lastname@example.org>
From: Jeremy C. Reed <email@example.com>
Date: 07/16/2002 16:37:56
On Wed, 17 Jul 2002 firstname.lastname@example.org wrote:
> >Anyways, should lib/libc/net/getaddrinfo.c be improved to clean up for
> >potential buffer overflow? (Or is it not needed?)
> getaddrinfo.c was not vulnerable to the issue found last month,
> and the cleanup (removal of "buflen" management) is already done.
I see for MAIN and netbsd-1-6. Since was not vulnerable I guess it doesn't
need to be pulled up for netbsd-1-5 then (if 126.96.36.199 is latest netbsd-1-5
version). (But it may be a good idea anyways.)
Jeremy C. Reed