| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221116170526.752c304b@kernel.org>
Date: Wed, 16 Nov 2022 17:05:26 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc: Kees Cook <keescook@...omium.org>,
David Ahern <dsahern@...nel.org>, davem@...emloft.net,
netdev@...r.kernel.org, edumazet@...gle.com, pabeni@...hat.com,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH net-next v2] netlink: split up copies in the ack
construction
On Wed, 16 Nov 2022 18:55:36 -0600 Gustavo A. R. Silva wrote:
> > @@ -56,7 +55,6 @@ struct nlmsghdr {
> > __u16 nlmsg_flags;
> > __u32 nlmsg_seq;
> > __u32 nlmsg_pid;
> > - __u8 nlmsg_data[];
> > };
>
> This seems to be a sensible change. In general, it's not a good idea
> to have variable length objects (flex-array members) in structures used
> as headers, and that we know will ultimately be followed by more objects
> when embedded inside other structures.
Meaning we should go back to zero-length arrays instead?
Will this not bring back out-of-bound warnings that Kees
has been fixing?
Is there something in the standard that makes flexible array
at the end of an embedded struct a problem?
Or it's just unlikely compiler people will budge?
AFAICT this is just one of 3 such structs which iproute2 build hits.
Powered by blists - more mailing lists