Date: Mon, 1 Feb 2021 17:27:50 +0000 From: Edward Tomasz Napierala <trasz@freebsd.org> To: Shawn Webb <shawn.webb@hardenedbsd.org>, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 5299d64b2b9f - main - libc: fix buffer overrun in getrpcport(3) Message-ID: <YBg6FtmmikNgCLJA@brick> In-Reply-To: <YBg5r3eKF1KWSPJ/@brick> References: <202101312143.10VLhfV5025431@gitrepo.freebsd.org> <20210131215556.eautrr6esynyic6f@mutt-hbsd> <YBg5r3eKF1KWSPJ/@brick>
next in thread | previous in thread | raw e-mail | index | archive | help
On 0201T1726, Edward Tomasz Napierala wrote: > On 0131T1655, Shawn Webb wrote: > > On Sun, Jan 31, 2021 at 09:43:41PM +0000, Edward Tomasz Napierala wrote: [..] > > Does a fix like this need to get a security advisory report? Also, any > > plans to MFC? > > Sorry, I should have used a better commit message... I don't think > this is exploitable, or even triggerable - from my understanding, the > gethostbyname(3) function cannot return non-AF_INET address, unless > some internal resolver option has been set, which none of the programs > using getrpcport(3) seems to do. Oh, and yes, MFC is planned; I'm not sure what's the current way to mark commits to get an MFC reminder.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YBg6FtmmikNgCLJA>