[gnutls-devel] GnuTLS | Remove unbounded uses of alloca in the Guile bindings (!1022)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jun 7 14:13:53 CEST 2019




>  I now realize it's not what you had in mind for #684, but I think it's an improvement nonetheless.

It's definitely an improvement !

Please also realize that removing alloca() is not about portability regarding #684. It's about security concerns *in general*. The touched code might be perfectly save - but the goal is to have an automated check via CI that errors out when someone introduces uses of alloca() (potentially unsafe). To make that as simple-as-possible (no list of exceptions), we would like to get rid of alloca() everywhere. It's like the use of strncpy() - you can use it safely, but it's easy to overlook misuses - so better not use it.

Could you please remove the 'Closes #684' from the commit message (and just push --force to update the MR) !? Then I can approve/merge :-)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1022#note_178965591
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190607/e9f07038/attachment.html>


More information about the Gnutls-devel mailing list