Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)

["alice" <alice () ayaya dev>]

On Wed Nov 2, 2022 at 3:56 AM CET, Demi Marie Obenour wrote:
> On Tue, Nov 01, 2022 at 04:57:25PM -0400, Jeffrey Walton wrote:
> > On Tue, Nov 1, 2022 at 3:55 PM Pavan Maddamsetti
> > <pavan.maddamsetti () gmail com> wrote:
> > > https://github.com/RustCrypto
> >
> > I hope this does not start a war.. The problem with Rust is, it's only
> > guaranteed to work on i686 and x86_64.
> >
> > Trying to compile Rust programs on armel, armhf, aarch64 and PowerPC
> > has been excruciatingly painful. The tool cannot compile its own
> > cargo's on those platforms. I gave up trying to use Rust on anything
> > but x86_64.
>
> Rust should certainly be able to compile its own Cargo, so this is an
> outright bug.  Please report it.  If the instructions are confusing
> enough that it is easy to make a mistake, that’s a bug in the
> documentation.
alpine linux successfully manages to build rust with itself for x86_64,
i586 (currently, might be pentium4 x86 in the future), armhf (v6+hf),
armv7, aarch64, ppc64le, s390x, and riscv64. s390x/riscv64 were the
hardest to get to work here, and the ecosystem has a few issues on those
architectures (old libc/nix crate versions, rustls crate not having asm
for s390x/riscv64 (+ ppc64le), to name two), but the same really goes
for a lot of software even in c/++ in general on those architectures
lacking support.

so yes, this seems like a bug that should be reported.

> -- 
> Sincerely,
> Demi Marie Obenour (she/her/hers)
> Invisible Things Lab