Hi, I am scanning this crate in the latest version using my own static analyzer tool.
Unsafe pointer conversion is found at:
pub fn set_opt<T: Copy>(sock: Socket, opt: c_int, val: c_int,
payload: T) -> io::Result<()> {
unsafe {
let payload = &payload as *const T as *const c_void;
try!(::cvt(setsockopt(sock, opt, val, payload as *const _,
mem::size_of::<T>() as socklen_t)));
}
Ok(())
}
This unsound implementation would create memory issues such as overflow, underflow, or misalignment. The attacker can manipulate the argument payload associated with the c_void pointer with an unexpected type or layout, which can lead to an out-of-bounds memory access bug. The c_void pointer and its associated size argument are passed through the FFI (setsockopt), which can further corrupt the C/C++ code.
This would cause undefined behaviors in Rust. Adversaries can manipulate the associated argument to cause memory safety bugs. I am reporting this issue for your attention.
Hi, I am scanning this crate in the latest version using my own static analyzer tool.
Unsafe pointer conversion is found at:
This unsound implementation would create memory issues such as overflow, underflow, or misalignment. The attacker can manipulate the argument
payloadassociated with thec_voidpointer with an unexpected type or layout, which can lead to an out-of-bounds memory access bug. Thec_voidpointer and its associated size argument are passed through the FFI (setsockopt), which can further corrupt the C/C++ code.This would cause undefined behaviors in Rust. Adversaries can manipulate the associated argument to cause memory safety bugs. I am reporting this issue for your attention.