[Pkg-net-snmp-devel] Bug#963713: Bug#963713: net-snmp: CVE-2019-20892
Craig Small
csmall at debian.org
Sun Jun 28 23:20:55 BST 2020
On Fri, 26 Jun 2020 at 07:33, Andreas Hasenack <andreas at canonical.com>
wrote:
> we are not happy yet with those commits because they change a struct
> without bumping the soname. We are investigating how impactful that is.
>
Hi,
Did you see how bad these patches are with the API change? Generally if
the API is doing things like mystruct_new() and mystruct_free() its
probably ok but malloc(struct mystruct) will be a problem because the
binary will have one idea of the size and the library another. It also
depends if they are using accessor functions to get values or directly
pulling them out of the struct.
I'm concerned that if the binary has one idea of the struct and the library
has another we are going to get some very bad corruption going on between
them.
- Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-net-snmp-devel/attachments/20200629/db3583f3/attachment.html>
More information about the Pkg-net-snmp-devel
mailing list