tech-security: Re: does dns overrun apply to getaddrinfo.c?

Subject: Re: does dns overrun apply to getaddrinfo.c?
To: Jeremy C. Reed <reed@reedmedia.net>
From: None <itojun@iijlab.net>
List: tech-security
Date: 07/17/2002 08:23:22

>I see that libc/net/getaddrinfo.c says "we have a big amount of code
>duplicate from gethnamaddr.c". And it appears to have basically the same
>problem code as before-patched gethnamaddr.c. (It does have differences
>though.)

>Anyways, should lib/libc/net/getaddrinfo.c be improved to clean up for
>potential buffer overflow? (Or is it not needed?)

	getaddrinfo.c was not vulnerable to the issue found last month,
	and the cleanup (removal of "buflen" management) is already done.

itojun