On Thu, Aug 02, 2012 at 09:37:10PM +0200, Jan Engelhardt wrote: > > On Monday 2012-07-30 03:37, Pablo Neira Ayuso wrote: > >> > // here param_buffer[1024] is lost, so any var pointing > >> > // to it can mess stack > >> > > >> > previous gcc were probably not so aggressive. > >> > >> Oh well, add_argv() does a strdup(), so iptables code seems fine. > > > >I thought the same, but one contributor has put some on light on this. > > > >I'm going to revert the patch that I applied to fix this and apply > >the one that comes with this email instead. > > > >It contains a simple description of the problem, I think it's good for > >the record (distro maintainers will likely google for this). > > Your code cleanup, by moving the code into a separate function, > is however still desired :) OK, it's back: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=23a98b56935c42ef460020e37a9ff8006eee58e2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
