[riot-notifications] [RIOT-OS/RIOT] sock_dns: fix out-of-bound errors (#10740)
notifications at github.com
Thu Jan 10 18:32:59 CET 2019
Thanks everyone involved, and thanks @miri64 for dealing with the mess I created!
Lessons I learned:
- sure it's fun to quickly hack together something like a DNS client. But just because it is working doesn't mean that it is safe. *always* double check when sharing it .
- RIOT's review process needs a security tag. The buffer overflows in this code were so obvious...
- even community members don't know about security at riot-os.org. Maybe we should add a big(er) note in the issue template?
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the notifications