Yeah. The right way to eliminate fork() is to make the usual APIs that modify process state take an explicit process handle, so the same APIs can be used to set up an empty process. They can also be composed in other ways, eg for IPC or debugging.
Yes, attacker controlled size without limit is bad (and this is also true for heap allocations). For VLAs there is -Wvla-larger-than that can be used to ensure there is a hard limit. To understand the risks of VLAs one also has to compare it to the alternatives. A fixed-size array on the stack is basically always worse. alloca is substantially worse. heap allocation may be a bit better, but also much slower.
The first thing I look at in new DNS code is whether it’s vulnerable to DNS name compression loops. This code passes the test! However it’s vulnerable to dots embedded in labels: it doesn’t escape bytes properly when converting from wire format to text.
When CAMRA was new in the early 1970s, they started a campaign for oversize glasses holding a pint to the line instead of a pint to the rim, so that there would be space for a pint of liquid and a head in the glass. The big breweries hated this idea and mounted a reactionary campaign arguing things like it would be too expensive to replace all the glasses, or serve customers the full measure they had paid for. (My father was a new recruit at Guinness and sadly one of his early tasks was the pint-to-brim campaign.)
I no longer drink in pubs but in my neck of the woods, the pubs that specialised in cask ale often had lined glasses.
The problem was that many people insisted on the glass being filled to the brim, because they felt they were being short changed. So it solved one problem but created another.
reply