Re: [PATCH] netfilter: nfnetlink_cthelper: Remove VLA usage
On 03/20/2018 07:36 AM, Pablo Neira Ayuso wrote: On Mon, Mar 12, 2018 at 07:21:38PM -0500, Gustavo A. R. Silva wrote: In preparation to enabling -Wvla, remove VLA and replace it with dynamic memory allocation. From a security viewpoint, the use of Variable Length Arrays can be a vector for stack overflow attacks. Also, in general, as the code evolves it is easy to lose track of how big a VLA can get. Thus, we can end up having segfaults that are hard to debug. Also, fixed as part of the directive to remove all VLAs from the kernel: https://lkml.org/lkml/2018/3/7/621 also applied, thanks. Awesome. Thanks, Pablo. -- Gustavo
Re: [PATCH] netfilter: nfnetlink_cthelper: Remove VLA usage
On Mon, Mar 12, 2018 at 07:21:38PM -0500, Gustavo A. R. Silva wrote: > In preparation to enabling -Wvla, remove VLA and replace it > with dynamic memory allocation. > > From a security viewpoint, the use of Variable Length Arrays can be > a vector for stack overflow attacks. Also, in general, as the code > evolves it is easy to lose track of how big a VLA can get. Thus, we > can end up having segfaults that are hard to debug. > > Also, fixed as part of the directive to remove all VLAs from > the kernel: https://lkml.org/lkml/2018/3/7/621 also applied, thanks.
