tech-security: does dns overrun apply to getaddrinfo.c?

Subject: does dns overrun apply to getaddrinfo.c?
To: None <tech-security@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 07/16/2002 16:06:01

I see that libc/net/getaddrinfo.c says "we have a big amount of code
duplicate from gethnamaddr.c". And it appears to have basically the same
problem code as before-patched gethnamaddr.c. (It does have differences
though.)

Anyways, should lib/libc/net/getaddrinfo.c be improved to clean up for
potential buffer overflow? (Or is it not needed?)

   Jeremy C. Reed
   http://bsd.reedmedia.net/