similar to: [PATCH nbdkit] Ban use of stack Variable Length Arrays (VLAs).

On 9/5/19 6:28 AM, Richard W.M. Jones wrote: > I'm not someone who thinks VLAs are automatically bad and unlike Linux > kernel code they can sometimes be used safely in userspace. However > for an internet exposed server there is an argument that they might > cause some kind of exploitable situation especially if the code is > compiled without other stack hardening features.

Since we don't know much about the calling environment, which might have a limited stack, might be taking input from untrusted sources, or we might not have other stack protections enabled, it's best to be cautious about using unbounded stack allocations. We're not in fact using them in libnbd, but this change prevents them from being added in future. --- configure.ac | 2 +- 1 file

In preparation to enabling -Wvla, remove VLA. In this particular case directly use macro NVKM_MSGQUEUE_CMDLINE_SIZE instead of local variable cmdline_size. Also, remove cmdline_size as it is not actually useful anymore. The use of stack Variable Length Arrays needs to be avoided, as they can be a vector for stack exhaustion, which can be both a runtime bug or a security flaw. Also, in general, as

On 14 March 2018 at 21:08, Thierry Reding <thierry.reding at gmail.com> wrote: > On Tue, Mar 13, 2018 at 11:24:11AM -0500, Gustavo A. R. Silva wrote: >> In preparation to enabling -Wvla, remove VLA. In this particular >> case directly use macro NVKM_MSGQUEUE_CMDLINE_SIZE instead of local >> variable cmdline_size. Also, remove cmdline_size as it is not >> actually

On Thu, Apr 26, 2018 at 4:25 PM, Kees Cook <keescook at chromium.org> wrote: > On Thu, Mar 15, 2018 at 7:05 PM, Ben Skeggs <skeggsb at gmail.com> wrote: >> On 14 March 2018 at 21:08, Thierry Reding <thierry.reding at gmail.com> wrote: >>> On Tue, Mar 13, 2018 at 11:24:11AM -0500, Gustavo A. R. Silva wrote: >>>> In preparation to enabling -Wvla,

This fixes the long-standing crash on close when nbdkit exits. I did try first to fix threads so we're using a proper thread pool, but that's difficult to implement. So this does the minimal change needed to fix the crash instead. There are still two segfaults that happen during running the test suite. One is deliberately caused (tests/test-captive.sh). The other appears to be an

On Sun, Mar 3, 2024 at 4:46?AM Duoming Zhou <duoming at zju.edu.cn> wrote: > > The kcalloc() in nouveau_dmem_evict_chunk() will return null if > the physical memory has run out. As a result, if we dereference > src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs > will happen. > > This patch uses stack variables to replace the kcalloc(). Won't this

On 10/18/19 10:38 AM, Richard W.M. Jones wrote: > On platforms which support it (only Linux currently) nbdkit can act as > a vsock server. Guests running on the host see a raw NBD socket which > it can connect to by opening an AF_VSOCK connection. (Although only > libnbd supports this). > > The current limitations are: > > * nbdkit can only act as a host (cid ==

In preparation to enabling -Wvla, remove VLA. In this particular case directly use macro NVKM_MSGQUEUE_CMDLINE_SIZE instead of local variable cmdline_size. Also, remove cmdline_size as it is not actually useful anymore. The use of stack Variable Length Arrays needs to be avoided, as they can be a vector for stack exhaustion, which can be both a runtime bug or a security flaw. Also, in general, as

This is an incomplete port to Windows. Currently the server compiles and starts up successfully, but goes into an infinite loop when you connect to it. Nevertheless I think the approach is ready for feedback. This being Windows the changes go quite deep. Rich.

[Dropping devel, adding libguestfs] This can be reproduced on x86-64 so I can reproduce it locally. It only appears to happen when the tests are run under rpmbuild, not when I run them as ‘make check’, but I'm unclear why this is. As Eric described earlier, the test runs two copies of nbdkit and a client, connected like this: qemu-img info ===> nbdkit nbd ===> nbdkit example1

On platforms which support it (only Linux currently) nbdkit can act as a vsock server. Guests running on the host see a raw NBD socket which it can connect to by opening an AF_VSOCK connection. (Although only libnbd supports this). The current limitations are: * nbdkit can only act as a host (cid == VMADDR_CID_HOST == 2). * There is no access control. Any guest which has vsock enabled can

This is a series of patches to libnbd and nbdkit adding AF_VSOCK support. On the host side it allows you to start an nbdkit instance which listens on a virtio-vsock socket: $ ./nbdkit -fv --vsock memory 1G ... nbdkit: debug: bound to vsock 2:10809 On the guest side you can then use libnbd to connect to the server: $ ./run nbdsh -c 'h.connect_vsock(2, 10809)' -c

v1 was discussed here: https://www.redhat.com/archives/libguestfs/2019-October/thread.html#00100 v2: - Bind to VMADDR_CID_ANY (instead of HOST) and update the documentation accordingly. - Don't bother with SOCK_CLOEXEC fallback path that can never be used. Rich.

Socket activation (aka systemd socket activation) is a simple protocol that lets you pass in an opened, listening socket to a server. Supporting socket activation allows you to use a modern superserver to serve infrequent NBD requests without needing nbdkit to be running the whole time. Although the protocol was invented by systemd, it has been implemented in a few other places, and the protocol

This method can be used for plugins to get control after the server has forked and changed user but before it accepts a connection. This is very late and the only real use for this is for a plugin to create background threads for its own use. --- docs/nbdkit-filter.pod | 20 +++++++++++++++----- docs/nbdkit-plugin.pod | 27 ++++++++++++++++++++++++++- include/nbdkit-filter.h | 2 ++

Duncan Sands wrote: >> As noted in the GEP FAQ, GEPs don't support variable-length arrays; > > that's not quite right. The problem is only with arrays of variable length > arrays, and more generally with arrays where the element type has variable > size (this occurs with Ada, which has all kinds of funky variable sized types, > for example). You're right, though

Hi Preston, >>> As noted in the GEP FAQ, GEPs don't support variable-length arrays; >> >> that's not quite right. The problem is only with arrays of variable length >> arrays, and more generally with arrays where the element type has variable >> size (this occurs with Ada, which has all kinds of funky variable sized types, >> for example). > >

First-- thanks to Daniel Dunbar for reporting this issue from my earlier coarse report on IRC and to Devang Patel for fixing it. I'm writing to request that this fix (r81058) find its way into the 2.6 release. Code compiled with clang that uses VLAs is horribly broken without r81058 (at least on x86-64). I don't know if it has any other implications but it's definitely

Hello, Chris > 2010/3/20 Chris Lattner <clattner at apple.com> > > >> On Mar 19, 2010, at 2:40 PM, Louis Gerbarg wrote: >> >> >>> What do you mean by "variable sized pointers"? What does: >>> >>> struct S {void *X; }; >>> >>> return for sizeof(struct S); ? >>> >> >> It doesn't, at