RUSTSEC-2022-0052

os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr

Reported

August 26, 2022

Issued

August 27, 2022 (last modified: June 13, 2023)

Package

os_socketaddr (crates.io)

Type

INFO Unsound

Categories

memory-corruption

Keywords

#memory #layout #cast

Aliases

GHSA-c439-chv8-8g2j

References

https://github.com/a-ba/os_socketaddr/issues/3

Patched

>=0.2.2

Description

The os_socketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation.

These layout were changed into idiomatic rust types in nightly std. Starting from rustc 1.64 the affected versions of this crate will have undefined behaviour.

Advisory available under CC0-1.0 license.