[riot-notifications] [RIOT-OS/RIOT] sock_dns: fix out-of-bound errors (#10740)

Kaspar Schleiser notifications at github.com
Thu Jan 10 18:32:59 CET 2019


Thanks everyone involved, and thanks @miri64 for dealing with the mess I created!

Lessons I learned:

- sure it's fun to quickly hack together something like a DNS client. But just because it is working doesn't mean that it is safe. *always* double check when sharing it .
- RIOT's review process needs a security tag. The buffer overflows in this code were so obvious...
- even community members don't know about security at riot-os.org. Maybe we should add a big(er) note in the issue template?


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/10740#issuecomment-453184053
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190110/55ac0144/attachment.html>


More information about the notifications mailing list