Date: Wed, 21 Mar 2018 08:51:26 -0500 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: Pablo Neira Ayuso <pablo@...filter.org> Cc: Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, Florian Westphal <fw@...len.de>, "David S. Miller" <davem@...emloft.net>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Kernel Hardening <kernel-hardening@...ts.openwall.com>, Kees Cook <keescook@...omium.org>, "Gustavo A. R. Silva" <garsilva@...eddedor.com> Subject: Re: [PATCH] netfilter: nfnetlink_cthelper: Remove VLA usage On 03/20/2018 07:36 AM, Pablo Neira Ayuso wrote: > On Mon, Mar 12, 2018 at 07:21:38PM -0500, Gustavo A. R. Silva wrote: >> In preparation to enabling -Wvla, remove VLA and replace it >> with dynamic memory allocation. >> >> From a security viewpoint, the use of Variable Length Arrays can be >> a vector for stack overflow attacks. Also, in general, as the code >> evolves it is easy to lose track of how big a VLA can get. Thus, we >> can end up having segfaults that are hard to debug. >> >> Also, fixed as part of the directive to remove all VLAs from >> the kernel: https://lkml.org/lkml/2018/3/7/621 > > also applied, thanks. > Awesome. Thanks, Pablo. -- Gustavo
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.