From 2c001eb60c4929ddc280da091582f37fb5e82072 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 23 Mar 2018 12:21:51 +0100
Subject: [PATCH] auth: Remove VLAs

---
 modules/pipebackend/coprocess.cc       | 4 ++--
 modules/remotebackend/pipeconnector.cc | 4 ++--
 pdns/common_startup.cc                 | 4 +++-
 pdns/dnstcpbench.cc                    | 2 +-
 pdns/nameserver.cc                     | 7 +++----
 pdns/nameserver.hh                     | 2 +-
 pdns/pkcs11signers.cc                  | 4 ++--
 pdns/rfc2136handler.cc                 | 6 +++---
 8 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/modules/pipebackend/coprocess.cc b/modules/pipebackend/coprocess.cc
index ecc7e1089..029a8b8da 100644
--- a/modules/pipebackend/coprocess.cc
+++ b/modules/pipebackend/coprocess.cc
@@ -45,13 +45,13 @@ CoProcess::CoProcess(const string &command,int timeout, int infd, int outfd)
   vector <string> v;
   split(v, command, is_any_of(" "));
 
-  const char *argv[v.size()+1];
+  std::vector<const char *>argv(v.size()+1);
   argv[v.size()]=0;
 
   for (size_t n = 0; n < v.size(); n++)
     argv[n]=v[n].c_str();
   // we get away with not copying since nobody resizes v 
-  launch(argv, timeout, infd, outfd);
+  launch(&argv.at(0), timeout, infd, outfd);
 }
 
 void CoProcess::launch(const char **argv, int timeout, int infd, int outfd)
diff --git a/modules/remotebackend/pipeconnector.cc b/modules/remotebackend/pipeconnector.cc
index 54cdb0319..ba3aaba9a 100644
--- a/modules/remotebackend/pipeconnector.cc
+++ b/modules/remotebackend/pipeconnector.cc
@@ -64,7 +64,7 @@ void PipeConnector::launch() {
   std::vector <std::string> v;
   split(v, command, is_any_of(" "));
 
-  const char *argv[v.size()+1];
+  std::vector<const char *>argv(v.size()+1);
   argv[v.size()]=0;
 
   for (size_t n = 0; n < v.size(); n++)
@@ -107,7 +107,7 @@ void PipeConnector::launch() {
 
     // stdin & stdout are now connected, fire up our coprocess!
 
-    if(execv(argv[0], const_cast<char * const *>(argv))<0) // now what
+    if(execv(argv[0], const_cast<char * const *>(&argv[0]))<0) // now what
       exit(123);
 
     /* not a lot we can do here. We shouldn't return because that will leave a forked process around.
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 4c74222c9..6c7a7ec49 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -366,6 +366,8 @@ try
   int diff;
   bool logDNSQueries = ::arg().mustDo("log-dns-queries");
   shared_ptr<UDPNameserver> NS;
+  std::string buffer;
+  buffer.resize(DNSPacket::s_udpTruncationThreshold);
 
   // If we have SO_REUSEPORT then create a new port for all receiver threads
   // other than the first one.
@@ -379,7 +381,7 @@ try
   }
 
   for(;;) {
-    if(!(P=NS->receive(&question))) { // receive a packet         inline
+    if(!(P=NS->receive(&question, buffer))) { // receive a packet         inline
       continue;                    // packet was broken, try again
     }
 
diff --git a/pdns/dnstcpbench.cc b/pdns/dnstcpbench.cc
index fbeba1ba5..2c6e7fb42 100644
--- a/pdns/dnstcpbench.cc
+++ b/pdns/dnstcpbench.cc
@@ -250,7 +250,7 @@ try
   }
 
 
-  pthread_t workers[numworkers];
+  std::vector<pthread_t> workers(numworkers);
 
   FILE* fp;
   if(!g_vm.count("file"))
diff --git a/pdns/nameserver.cc b/pdns/nameserver.cc
index a37720ccb..2c0501de3 100644
--- a/pdns/nameserver.cc
+++ b/pdns/nameserver.cc
@@ -303,12 +303,11 @@ void UDPNameserver::send(DNSPacket *p)
     L<<Logger::Error<<"Error sending reply with sendmsg (socket="<<p->getSocket()<<", dest="<<p->d_remote.toStringWithPort()<<"): "<<strerror(errno)<<endl;
 }
 
-DNSPacket *UDPNameserver::receive(DNSPacket *prefilled)
+DNSPacket *UDPNameserver::receive(DNSPacket *prefilled, std::string& buffer)
 {
   ComboAddress remote;
   extern StatBag S;
   ssize_t len=-1;
-  char mesg[DNSPacket::s_udpTruncationThreshold];
   Utility::sock_t sock=-1;
 
   struct msghdr msgh;
@@ -316,7 +315,7 @@ DNSPacket *UDPNameserver::receive(DNSPacket *prefilled)
   char cbuf[256];
 
   remote.sin6.sin6_family=AF_INET6; // make sure it is big enough
-  fillMSGHdr(&msgh, &iov, cbuf, sizeof(cbuf), mesg, sizeof(mesg), &remote);
+  fillMSGHdr(&msgh, &iov, cbuf, sizeof(cbuf), &buffer.at(0), buffer.size(), &remote);
   
   int err;
   vector<struct pollfd> rfds= d_rfds;
@@ -378,7 +377,7 @@ DNSPacket *UDPNameserver::receive(DNSPacket *prefilled)
   else
     packet->d_dt.set(); // timing    
 
-  if(packet->parse(mesg, (size_t) len)<0) {
+  if(packet->parse(&buffer.at(0), (size_t) len)<0) {
     S.inc("corrupt-packets");
     S.ringAccount("remotes-corrupt", packet->d_remote);
 
diff --git a/pdns/nameserver.hh b/pdns/nameserver.hh
index b5b855555..d9d04198f 100644
--- a/pdns/nameserver.hh
+++ b/pdns/nameserver.hh
@@ -81,7 +81,7 @@ class UDPNameserver
 {
 public:
   UDPNameserver( bool additional_socket = false );  //!< Opens the socket
-  DNSPacket *receive(DNSPacket *prefilled=0); //!< call this in a while or for(;;) loop to get packets
+  DNSPacket *receive(DNSPacket *prefilled, std::string& buffer); //!< call this in a while or for(;;) loop to get packets
   void send(DNSPacket *); //!< send a DNSPacket. Will call DNSPacket::truncate() if over 512 bytes
   inline bool canReusePort() {
 #ifdef SO_REUSEPORT
diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 26288e72a..4ad764c48 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -672,8 +672,8 @@ CK_RV Pkcs11Slot::HuntSlot(const string& tokenId, CK_SLOT_ID &slotId, _CK_SLOT_I
   }
 
   // get the actual slot ids
-  CK_SLOT_ID slotIds[slots];
-  err = functions->C_GetSlotList(CK_FALSE, slotIds, &slots);
+  std::vector<CK_SLOT_ID> slotIds(slots);
+  err = functions->C_GetSlotList(CK_FALSE, &slotIds.at(0), &slots);
   if (err) {
     L<<Logger::Warning<<"C_GetSlotList(CK_FALSE, slotIds, &slots) = " << err << std::endl;
     return err;
diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc
index bc881d498..9b61e8ae1 100644
--- a/pdns/rfc2136handler.cc
+++ b/pdns/rfc2136handler.cc
@@ -675,8 +675,8 @@ int PacketHandler::forwardPacket(const string &msgPrefix, DNSPacket *p, DomainIn
     }
     size_t packetLen = lenBuf[0]*256+lenBuf[1];
 
-    char buf[packetLen];
-    recvRes = recv(sock, &buf, packetLen, 0);
+    buffer.resize(packetLen);
+    recvRes = recv(sock, &buffer.at(0), packetLen, 0);
     if (recvRes < 0) {
       L<<Logger::Error<<msgPrefix<<"Could not receive data (dnspacket) from master at "<<remote.toStringWithPort()<<", error:"<<stringerror()<<endl;
       try {
@@ -695,7 +695,7 @@ int PacketHandler::forwardPacket(const string &msgPrefix, DNSPacket *p, DomainIn
     }
 
     try {
-      MOADNSParser mdp(false, buf, static_cast<unsigned int>(recvRes));
+      MOADNSParser mdp(false, buffer.data(), static_cast<unsigned int>(recvRes));
       L<<Logger::Info<<msgPrefix<<"Forward update message to "<<remote.toStringWithPort()<<", result was RCode "<<mdp.d_header.rcode<<endl;
       return mdp.d_header.rcode;
     }
-- 
2.40.0