Received: by 10.213.65.68 with SMTP id h4csp1269770imn; Wed, 21 Mar 2018 06:52:48 -0700 (PDT) X-Google-Smtp-Source: AG47ELt79mNcKO40SkDZkuZlTx8TThMeNyWEMBAZP5hlVOcE0gY2wQpjA/8362qREQtKivuU6wz5 X-Received: by 10.98.12.140 with SMTP id 12mr10854125pfm.123.1521640368292; Wed, 21 Mar 2018 06:52:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521640368; cv=none; d=google.com; s=arc-20160816; b=rSEAjiuM6qk9oNlsLCPfnjJrsqUalHdoJotUcCoaRVzbTTe4rhnO0gU10wzfPkucg/ CwPzSfDMMaVXggsn2hB+uPRq/Zh8jiRewjRIi+NoV+22qXGEtPp3C4UNjp2tf1Kf8pwT /34bG46zPd/uNcaUzcIVZPMqf1lc7a0RGegDBw+w0ahLGyh2lmLVBr2YUIFDIiyfOuNK pHHb9Wpm53r28JOzuoE2Ttfe+7yKJx2c41BqCLsWgazSds/3/KI8Maqatqj6nDc4t9pC zypbqBwfGfHteCBwbsw2axfjwueNBMxExIyE152YYQGP6BuI0HIpuQYJpjZOOeqDDdP8 HEaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=ys9Y09a6tFmtx0pQyesSCcObB2n/rzLSDob/qyomNKc=; b=CtP9nXTEwUCvAniwqT3NvH0dshLmmmXWe+RhZpOgfr4DoLCPioyqAjX5JC1+GqE/a4 2gik19eTnIvzpgiio1lDqL4JR0KWBMSJew8V7UGNd26w7N1nGSfL8Mtaflczceb+V2MU CWRxwiiXcJIp5xyiGjLmuxIQd/5rk2zasVgJaNYS6bVnaN2ubAJy1NPBpkgOwY8hzAY+ P4WWjWpT8oMipKH7+xN4q+oPAcdjYYuOytpePLpOO8Df0hRMFVsCb728ac+ihdxr6eU9 h2UKc0Kyx/4/mSYnayaKPqXSGi3qzO9J4JGQ4/PDqIpcR/oVhah8jRxpaWL1OQLIpHjX cL8g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bj5-v6si3767142plb.712.2018.03.21.06.52.33; Wed, 21 Mar 2018 06:52:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752213AbeCUNvc (ORCPT + 99 others); Wed, 21 Mar 2018 09:51:32 -0400 Received: from gateway31.websitewelcome.com ([192.185.144.219]:25675 "EHLO gateway31.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752130AbeCUNv3 (ORCPT ); Wed, 21 Mar 2018 09:51:29 -0400 Received: from cm15.websitewelcome.com (cm15.websitewelcome.com [100.42.49.9]) by gateway31.websitewelcome.com (Postfix) with ESMTP id E4991E4A9 for ; Wed, 21 Mar 2018 08:51:28 -0500 (CDT) Received: from gator4166.hostgator.com ([108.167.133.22]) by cmsmtp with SMTP id ye9IeXaDVntAoye9IeC87v; Wed, 21 Mar 2018 08:51:28 -0500 Received: from [189.145.54.187] (port=45316 helo=[192.168.1.67]) by gator4166.hostgator.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from ) id 1eye9I-000Qiz-AP; Wed, 21 Mar 2018 08:51:28 -0500 Subject: Re: [PATCH] netfilter: nfnetlink_cthelper: Remove VLA usage To: Pablo Neira Ayuso Cc: Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Kernel Hardening , Kees Cook , "Gustavo A. R. Silva" References: <20180313002138.GA27280@embeddedgus> <20180320123655.kugtpftt7nhzvqc5@salvia> From: "Gustavo A. R. Silva" Message-ID: <1794f439-684a-b2ca-2b89-a15c6b6dcd30@embeddedor.com> Date: Wed, 21 Mar 2018 08:51:26 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180320123655.kugtpftt7nhzvqc5@salvia> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator4166.hostgator.com X-AntiAbuse: Original Domain - vger.kernel.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - embeddedor.com X-BWhitelist: no X-Source-IP: 189.145.54.187 X-Source-L: No X-Exim-ID: 1eye9I-000Qiz-AP X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: ([192.168.1.67]) [189.145.54.187]:45316 X-Source-Auth: gustavo@embeddedor.com X-Email-Count: 19 X-Source-Cap: Z3V6aWRpbmU7Z3V6aWRpbmU7Z2F0b3I0MTY2Lmhvc3RnYXRvci5jb20= X-Local-Domain: yes Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/20/2018 07:36 AM, Pablo Neira Ayuso wrote: > On Mon, Mar 12, 2018 at 07:21:38PM -0500, Gustavo A. R. Silva wrote: >> In preparation to enabling -Wvla, remove VLA and replace it >> with dynamic memory allocation. >> >> From a security viewpoint, the use of Variable Length Arrays can be >> a vector for stack overflow attacks. Also, in general, as the code >> evolves it is easy to lose track of how big a VLA can get. Thus, we >> can end up having segfaults that are hard to debug. >> >> Also, fixed as part of the directive to remove all VLAs from >> the kernel: https://lkml.org/lkml/2018/3/7/621 > > also applied, thanks. > Awesome. Thanks, Pablo. -- Gustavo