Subject: Re: does dns overrun apply to getaddrinfo.c?
To: None <>
From: Jeremy C. Reed <>
List: tech-security
Date: 07/16/2002 16:37:56
On Wed, 17 Jul 2002 wrote:

> >Anyways, should lib/libc/net/getaddrinfo.c be improved to clean up for
> >potential buffer overflow? (Or is it not needed?)
> 	getaddrinfo.c was not vulnerable to the issue found last month,


> 	and the cleanup (removal of "buflen" management) is already done.

I see for MAIN and netbsd-1-6. Since was not vulnerable I guess it doesn't
need to be pulled up for netbsd-1-5 then (if is latest netbsd-1-5
version).  (But it may be a good idea anyways.)


   Jeremy C. Reed