diff options
author | Gustavo A. R. Silva | 2018-03-13 01:21:38 +0100 |
---|---|---|
committer | Pablo Neira Ayuso | 2018-03-20 13:41:38 +0100 |
commit | 1446385904add0e89f990ee0518434365e50ce86 (patch) | |
tree | 109422533e9bed9f96aff480f543745ddd51f180 /net/netfilter/nf_tables_api.c | |
parent | netfilter: cttimeout: remove VLA usage (diff) | |
download | kernel-qcow2-linux-1446385904add0e89f990ee0518434365e50ce86.tar.gz kernel-qcow2-linux-1446385904add0e89f990ee0518434365e50ce86.tar.xz kernel-qcow2-linux-1446385904add0e89f990ee0518434365e50ce86.zip |
netfilter: nfnetlink_cthelper: Remove VLA usage
In preparation to enabling -Wvla, remove VLA and replace it
with dynamic memory allocation.
>From a security viewpoint, the use of Variable Length Arrays can be
a vector for stack overflow attacks. Also, in general, as the code
evolves it is easy to lose track of how big a VLA can get. Thus, we
can end up having segfaults that are hard to debug.
Also, fixed as part of the directive to remove all VLAs from
the kernel: https://lkml.org/lkml/2018/3/7/621
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
0 files changed, 0 insertions, 0 deletions