| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Mar 2018 12:14:04 +0100
From: Krzysztof Kozlowski <krzk@...nel.org>
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc: Sangbeom Kim <sbkim73@...sung.com>,
Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com>,
Alessandro Zummo <a.zummo@...ertech.it>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
linux-samsung-soc@...r.kernel.org, linux-rtc@...r.kernel.org,
linux-kernel@...r.kernel.org,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Kees Cook <keescook@...omium.org>,
"Gustavo A. R. Silva" <garsilva@...eddedor.com>
Subject: Re: [PATCH 2/2] rtc: s5m: Remove VLA usage
On Sat, Mar 10, 2018 at 7:27 AM, Gustavo A. R. Silva
<gustavo@...eddedor.com> wrote:
> In preparation to enabling -Wvla, remove VLAs and replace them
> with fixed-length arrays instead.
>
> From a security viewpoint, the use of Variable Length Arrays can be
> a vector for stack overflow attacks. Also, in general, as the code
> evolves it is easy to lose track of how big a VLA can get. Thus, we
> can end up having segfaults that are hard to debug.
>
> Also, fixed as part of the directive to remove all VLAs from
> the kernel: https://lkml.org/lkml/2018/3/7/621
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
> ---
> drivers/rtc/rtc-s5m.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
Reviewed-by: Krzysztof Kozlowski <krzk@...nel.org>
Best regards,
Krzysztof
Powered by blists - more mailing lists