Source: pfqueue Version: 0.5.6-9 Severity: grave Dear pfqueue package maintainers,
I am writing to raise your awareness of a potential grave misuse of memcpy() in backends/pfq_socket.c. Looking at https://sources.debian.org/src/pfqueue/0.5.6-9/backends/pfq_socket.c/#L116-L118 : memcpy ( (struct sockaddr*)&svra.sin_addr.s_addr, (struct hostent*)svr->h_addr, (struct hostent*)svr->h_length ); It becomes obvious that the 3rd parameter of memcpy() is missing necessary brackets. It should be ((struct hostent*)svr)->h_length. It is a dangerous typo and could easily cause segfaults and/or program misbehaving. The second parameter is also having a wrong type conversion. As such, I believe the source code of pfqueue is not robust enough for releasing with Debian in its current shape. It is also dated with no maintenance either in Debian or upstream in the last 10 years. Probably it's time to drop it from Debian's archive. Thanks, Boyuan Yang
OpenPGP_signature.asc
Description: OpenPGP digital signature
