lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Mar 2018 17:12:09 -0500 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: Pablo Neira Ayuso <pablo@...filter.org> Cc: Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, Florian Westphal <fw@...len.de>, "David S. Miller" <davem@...emloft.net>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, "Gustavo A. R. Silva" <garsilva@...eddedor.com> Subject: Re: [RFC] netfilter: cttimeout: remove VLA in ctnl_timeout_parse_policy Hi Pablo, On 03/11/2018 05:04 PM, Pablo Neira Ayuso wrote: > On Tue, Mar 06, 2018 at 12:47:55PM -0600, Gustavo A. R. Silva wrote: >> In preparation to enabling -Wvla, remove VLA and replace it >> with dynamic memory allocation. > > Looks good but... > >> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com> >> --- >> net/netfilter/nfnetlink_cttimeout.c | 12 ++++++++++-- >> 1 file changed, 10 insertions(+), 2 deletions(-) >> >> diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c >> index 95b0470..a2f7d92 100644 >> --- a/net/netfilter/nfnetlink_cttimeout.c >> +++ b/net/netfilter/nfnetlink_cttimeout.c >> @@ -52,18 +52,26 @@ ctnl_timeout_parse_policy(void *timeouts, >> struct net *net, const struct nlattr *attr) >> { >> int ret = 0; >> + struct nlattr **tb = NULL; > > I think we don't need to initialize this, right? > We actually do have to initialized it because in the unlikely case that the code block inside the 'if' below is not executed, then we will end up freeing an uninitialized pointer. Thanks -- Gustavo >> >> if (likely(l4proto->ctnl_timeout.nlattr_to_obj)) { >> - struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max+1]; >> + tb = kcalloc(l4proto->ctnl_timeout.nlattr_max + 1, sizeof(*tb), >> + GFP_KERNEL); >> + >> + if (!tb) >> + return -ENOMEM; >> >> ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max, >> attr, l4proto->ctnl_timeout.nla_policy, >> NULL); >> if (ret < 0) >> - return ret; >> + goto err; >> >> ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeouts); >> } >> + >> +err: >> + kfree(tb); >> return ret; >> } >> >> -- >> 2.7.4 >>
Powered by blists - more mailing lists