git: 5299d64b2b9f - main - libc: fix buffer overrun in getrpcport(3)
Edward Tomasz Napierala
trasz at freebsd.org
Mon Feb 1 17:27:55 UTC 2021
On 0201T1726, Edward Tomasz Napierala wrote:
> On 0131T1655, Shawn Webb wrote:
> > On Sun, Jan 31, 2021 at 09:43:41PM +0000, Edward Tomasz Napierala wrote:
[..]
> > Does a fix like this need to get a security advisory report? Also, any
> > plans to MFC?
>
> Sorry, I should have used a better commit message... I don't think
> this is exploitable, or even triggerable - from my understanding, the
> gethostbyname(3) function cannot return non-AF_INET address, unless
> some internal resolver option has been set, which none of the programs
> using getrpcport(3) seems to do.
Oh, and yes, MFC is planned; I'm not sure what's the current way to mark
commits to get an MFC reminder.
More information about the dev-commits-src-all
mailing list