diff --git a/configure.ac b/configure.ac index ce7985ff..1d614d31 100644 --- a/configure.ac +++ b/configure.ac @@ -190,7 +190,7 @@ AS_IF([test AS_VAR_GET(x_cv_linux_so_peercred) = yes], if test "x$GCC" = "xyes"; then : - AC_SUBST(WARNINGOPTS, ['-Wall -Werror -Wpointer-arith']) + AC_SUBST(WARNINGOPTS, ['-Wall -Werror -Wpointer-arith -Wvla']) else : AC_SUBST(WARNINGOPTS, []) diff --git a/mkfiles.pl b/mkfiles.pl index 9427db65..a7f16cee 100755 --- a/mkfiles.pl +++ b/mkfiles.pl @@ -543,7 +543,7 @@ if (defined $makefiles{'clangcl'}) { "LD = lld-link\n". "\n". "# C compilation flags\n". - &splitline("CFLAGS = --target=\$(CCTARGET) /nologo /W3 /O1 " . + &splitline("CFLAGS = --target=\$(CCTARGET) /nologo /W3 /O1 -Wvla " . (join " ", map {"-I$dirpfx$_"} @srcdirs) . " /D_WINDOWS /D_WIN32_WINDOWS=0x500 /DWINVER=0x500 ". "/D_CRT_SECURE_NO_WARNINGS /D_WINSOCK_DEPRECATED_NO_WARNINGS"). @@ -627,7 +627,7 @@ if (defined $makefiles{'cygwin'}) { "# You may also need to tell windres where to find include files:\n". "# RCINC = --include-dir c:\\cygwin\\include\\\n". "\n". - &splitline("CFLAGS = -Wall -O2 -std=gnu99 -D_WINDOWS -DDEBUG". + &splitline("CFLAGS = -Wall -O2 -std=gnu99 -Wvla -D_WINDOWS -DDEBUG". " -DWIN32S_COMPAT -D_NO_OLDNAMES " . (join " ", map {"-I$dirpfx$_"} @srcdirs)) . "\n". @@ -1420,7 +1420,7 @@ if (defined $makefiles{'gtk'}) { "\n". "unexport CFLAGS # work around a weird issue with krb5-config\n". "\n". - &splitline("CFLAGS = -O2 -Wall -Werror -std=gnu99 -g " . + &splitline("CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g " . (join " ", map {"-I$dirpfx$_"} @srcdirs) . " \$(shell \$(GTK_CONFIG) --cflags)"). " -D _FILE_OFFSET_BITS=64\n". @@ -1501,7 +1501,7 @@ if (defined $makefiles{'unix'}) { "\n". "unexport CFLAGS # work around a weird issue with krb5-config\n". "\n". - &splitline("CFLAGS = -O2 -Wall -Werror -std=gnu99 -g " . + &splitline("CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g " . (join " ", map {"-I$dirpfx$_"} @srcdirs)). " -D _FILE_OFFSET_BITS=64\n". "ULDFLAGS = \$(LDFLAGS)\n". @@ -1743,7 +1743,7 @@ if (defined $makefiles{'osx'}) { print "CC = \$(TOOLPATH)gcc\n". "\n". - &splitline("CFLAGS = -O2 -Wall -Werror -std=gnu99 -g " . + &splitline("CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g " . (join " ", map {"-I$dirpfx$_"} @srcdirs))."\n". "MLDFLAGS = -framework Cocoa\n". "ULDFLAGS =\n". diff --git a/sshecc.c b/sshecc.c index 4f0b9217..1e1fcc6f 100644 --- a/sshecc.c +++ b/sshecc.c @@ -311,7 +311,7 @@ EdwardsPoint *eddsa_public(mp_int *private_key, const ssh_keyalg *alg) for (size_t i = 0; i < curve->fieldBytes; ++i) put_byte(h, mp_get_byte(private_key, i)); - unsigned char hash[extra->hash->hlen]; + unsigned char hash[MAX_HASH_LEN]; ssh_hash_final(h, hash); mp_int *exponent = eddsa_exponent_from_hash( @@ -826,7 +826,7 @@ static mp_int *ecdsa_signing_exponent_from_data( ptrlen data) { /* Hash the data being signed. */ - unsigned char hash[extra->hash->hlen]; + unsigned char hash[MAX_HASH_LEN]; ssh_hash *h = ssh_hash_new(extra->hash); put_data(h, data.ptr, data.len); ssh_hash_final(h, hash); @@ -919,7 +919,7 @@ static mp_int *eddsa_signing_exponent_from_data( ptrlen r_encoded, ptrlen data) { /* Hash (r || public key || message) */ - unsigned char hash[extra->hash->hlen]; + unsigned char hash[MAX_HASH_LEN]; ssh_hash *h = ssh_hash_new(extra->hash); put_data(h, r_encoded.ptr, r_encoded.len); put_epoint(h, ek->publicKey, ek->curve, true); /* omit string header */ @@ -1055,7 +1055,7 @@ static void eddsa_sign(ssh_key *key, const void *data, int datalen, * First, we hash the private key integer (bare, little-endian) * into a hash generating 2*fieldBytes of output. */ - unsigned char hash[extra->hash->hlen]; + unsigned char hash[MAX_HASH_LEN]; ssh_hash *h = ssh_hash_new(extra->hash); for (size_t i = 0; i < ek->curve->fieldBytes; ++i) put_byte(h, mp_get_byte(ek->privateKey, i));