Commit 6daf1414 authored by Gustavo A. R. Silva's avatar Gustavo A. R. Silva Committed by Pablo Neira Ayuso
Browse files

netfilter: Replace zero-length array with flexible-array member 

The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:

struct foo {
        int stuff;
        struct boo array[];
};

By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.

Also, notice that, dynamic memory allocations won't be affected by
this change:

"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]

Lastly, fix checkpatch.pl warning
WARNING: __aligned(size) is preferred over __attribute__((aligned(size)))
in net/bridge/netfilter/ebtables.c

This issue was found with the help of Coccinelle.

[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21


[3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour")

Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent eb9d7af3

include/linux/netfilter/ipset/ip_set.h

+1 −1
Original line number Diff line number Diff line
@@ -98,7 +98,7 @@ struct ip_set_counter { 


struct ip_set_comment_rcu {

	struct rcu_head rcu;

	char str[0];

	char str[];

};



struct ip_set_comment {

include/linux/netfilter/x_tables.h

+4 −4
Original line number Diff line number Diff line
@@ -264,7 +264,7 @@ struct xt_table_info { 
	unsigned int stacksize;

	void ***jumpstack;



	unsigned char entries[0] __aligned(8);

	unsigned char entries[] __aligned(8);

};



int xt_register_target(struct xt_target *target);
@@ -464,7 +464,7 @@ struct compat_xt_entry_match { 
		} kernel;

		u_int16_t match_size;

	} u;

	unsigned char data[0];

	unsigned char data[];

};



struct compat_xt_entry_target {
@@ -480,7 +480,7 @@ struct compat_xt_entry_target { 
		} kernel;

		u_int16_t target_size;

	} u;

	unsigned char data[0];

	unsigned char data[];

};



/* FIXME: this works only on 32 bit tasks
@@ -494,7 +494,7 @@ struct compat_xt_counters { 
struct compat_xt_counters_info {

	char name[XT_TABLE_MAXNAMELEN];

	compat_uint_t num_counters;

	struct compat_xt_counters counters[0];

	struct compat_xt_counters counters[];

};



struct _compat_xt_align {

include/linux/netfilter_arp/arp_tables.h

+1 −1
Original line number Diff line number Diff line
@@ -67,7 +67,7 @@ struct compat_arpt_entry { 
	__u16 next_offset;

	compat_uint_t comefrom;

	struct compat_xt_counters counters;

	unsigned char elems[0];

	unsigned char elems[];

};



static inline struct xt_entry_target *

include/linux/netfilter_bridge/ebtables.h

+1 −1
Original line number Diff line number Diff line
@@ -85,7 +85,7 @@ struct ebt_table_info { 
	/* room to maintain the stack used for jumping from and into udc */

	struct ebt_chainstack **chainstack;

	char *entries;

	struct ebt_counter counters[0] ____cacheline_aligned;

	struct ebt_counter counters[] ____cacheline_aligned;

};



struct ebt_table {

include/linux/netfilter_ipv4/ip_tables.h

+1 −1
Original line number Diff line number Diff line
@@ -76,7 +76,7 @@ struct compat_ipt_entry { 
	__u16 next_offset;

	compat_uint_t comefrom;

	struct compat_xt_counters counters;

	unsigned char elems[0];

	unsigned char elems[];

};



/* Helper functions */

CRA Git | Maintained and supported by SUSTech CRA and CCSE