Index: etc/mtree/BSD.include.dist =================================================================== --- etc/mtree/BSD.include.dist +++ etc/mtree/BSD.include.dist @@ -321,6 +321,8 @@ mac_partition .. .. + secure + .. ssp .. sys Index: include/Makefile =================================================================== --- include/Makefile +++ include/Makefile @@ -6,7 +6,7 @@ .include CLEANFILES= osreldate.h version vers.c -SUBDIR= arpa protocols rpcsvc rpc xlocale +SUBDIR= arpa protocols rpcsvc rpc secure xlocale INCS= a.out.h ar.h assert.h bitstring.h complex.h cpio.h _ctype.h ctype.h \ db.h \ dirent.h dlfcn.h elf.h elf-hints.h err.h fmtmsg.h fnmatch.h fstab.h \ Index: include/secure/Makefile =================================================================== --- /dev/null +++ include/secure/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +INCS= security.h _poll.h _select.h _socket.h _stat.h _stdio.h _string.h _strings.h _unistd.h +INCSDIR= ${INCLUDEDIR}/secure + +.include Index: include/secure/_poll.h =================================================================== --- /dev/null +++ include/secure/_poll.h @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#ifndef _SYS_POLL_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_POLL_H_ +#define _SECURE_POLL_H_ + +#include + +__BEGIN_DECLS + +int __poll_chk(struct pollfd *, nfds_t, int, size_t); +int __poll_real(struct pollfd *, nfds_t, int) __RENAME(poll); +__errordecl(__poll_too_small_error, "poll: pollfd array smaller than fd count"); + +int __ppoll_chk(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *, size_t); +int __ppoll_real(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *) __RENAME(ppoll); +__errordecl(__ppoll_too_small_error, "ppoll: pollfd array smaller than fd count"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE int +poll(struct pollfd *fds, nfds_t fd_count, int timeout) +{ + +#if defined(__clang__) + return (__poll_chk(fds, fd_count, timeout, __bos(fds))); +#else + if (__bos(fds) != __FORTIFY_UNKNOWN_SIZE) { + if (!__builtin_constant_p(fd_count)) + return (__poll_chk(fds, fd_count, timeout, __bos(fds))); + else if (__bos(fds) / sizeof(*fds) < fd_count) + __poll_too_small_error(); + } + return (__poll_real(fds, fd_count, timeout)); +#endif +} + +#if __BSD_VISIBLE +__FORTIFY_INLINE int +ppoll(struct pollfd *fds, nfds_t fd_count, const struct timespec *timeout, const sigset_t *mask) +{ + +#if defined(__clang__) + return (__ppoll_chk(fds, fd_count, timeout, mask, __bos(fds))); +#else + if (__bos(fds) != __FORTIFY_UNKNOWN_SIZE) { + if (!__builtin_constant_p(fd_count)) + return (__ppoll_chk(fds, fd_count, timeout, mask, __bos(fds))); + else if (__bos(fds) / sizeof(*fds) < fd_count) + __ppoll_too_small_error(); + } + return (__ppoll_real(fds, fd_count, timeout, mask)); +#endif +} +#endif + +#endif + +__END_DECLS + +#endif /* !_SECURE_POLL_H_ */ Index: include/secure/_select.h =================================================================== --- /dev/null +++ include/secure/_select.h @@ -0,0 +1,59 @@ +/*- + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#ifndef _SYS_SELECT_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_SELECT_H_ +#define _SECURE_SELECT_H_ + +#include + +__BEGIN_DECLS + +extern void __FD_CLR_chk(int, fd_set *, size_t); +extern void __FD_SET_chk(int, fd_set *, size_t); +extern int __FD_ISSET_chk(int, fd_set *, size_t); + +#if defined(__BSD_FORTIFY) +#undef FD_CLR +#define FD_CLR(fd, set) __FD_CLR_chk(fd, set, __bos(set)) +#undef FD_SET +#define FD_SET(fd, set) __FD_SET_chk(fd, set, __bos(set)) +#undef FD_ISSET +#define FD_ISSET(fd, set) __FD_ISSET_chk(fd, set, __bos(set)) +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_SELECT_H_ */ Index: include/secure/_socket.h =================================================================== --- /dev/null +++ include/secure/_socket.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + + +#ifndef _SYS_SOCKET_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_SOCKET_H_ +#define _SECURE_SOCKET_H_ + +#include +#include + +__BEGIN_DECLS + +extern ssize_t __recvfrom_chk(int, void *, size_t, size_t, int, struct sockaddr * __restrict, socklen_t * __restrict); +extern ssize_t __recvfrom_real(int, void *, size_t, int, const struct sockaddr *, socklen_t *)__RENAME(recvfrom); +__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE ssize_t +recvfrom(int fd, void *buf, size_t len, int flags, + struct sockaddr * __restrict src_addr, socklen_t * __restrict addr_len) +{ + size_t bos = __bos0(buf); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__recvfrom_real(fd, buf, len, flags, src_addr, addr_len)); +#if !defined(__clang__) + if (__builtin_constant_p(len) && (len <= bos)) + return (__recvfrom_real(fd, buf, len, flags, src_addr, addr_len)); + if (__builtin_constant_p(len) && (len > bos)) + __recvfrom_error(); +#endif + + return (__recvfrom_chk(fd, buf, len, bos, flags, src_addr, addr_len)); +} + + +__FORTIFY_INLINE ssize_t +recv(int socket, void *buf, size_t len, int flags) +{ + + return recvfrom(socket, buf, len, flags, NULL, 0); +} + +#endif /* !__BSD_FORTIFY */ + +__END_DECLS + +#endif /* !_SECURE_SOCKET_H */ Index: include/secure/_stat.h =================================================================== --- /dev/null +++ include/secure/_stat.h @@ -0,0 +1,67 @@ +/*- + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#ifndef _SYS_STAT_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STAT_H_ +#define _SECURE_STAT_H_ + +#include + +__BEGIN_DECLS + +extern mode_t __umask_chk(mode_t); +extern mode_t __umask_real(mode_t) __RENAME(umask); +__errordecl(__umask_invalid_mode, "umask called with invalid mode"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE mode_t +umask(mode_t mode) +{ +#if !defined(__clang__) + if (__builtin_constant_p(mode)) { + if ((mode & 0777) != mode) + __umask_invalid_mode(); + + return (__umask_real(mode)); + } +#endif + return (__umask_chk(mode)); +} +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STAT_H_ */ Index: include/secure/_stdio.h =================================================================== --- /dev/null +++ include/secure/_stdio.h @@ -0,0 +1,195 @@ +/* $FreeBSD$ */ +/* $OpenBSD: stdio.h,v 1.35 2006/01/13 18:10:09 miod Exp $ */ +/* $NetBSD: stdio.h,v 1.18 1996/04/25 18:29:21 jtc Exp $ */ +/* bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)stdio.h 5.17 (Berkeley) 6/3/91 + */ + +#ifndef _STDIO_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STDIO_H_ +#define _SECURE_STDIO_H_ + +#include +#include + +__BEGIN_DECLS + +extern char *__fgets_chk(char *, int, FILE *, size_t); +extern char *__fgets_real(char *, int, FILE *) __RENAME(fgets); +extern char *__gets_chk(char *, size_t); +extern char *__gets_real(char *) __RENAME(gets); +__errordecl(__fgets_too_big_error, "fgets called with size bigger than buffer"); +__errordecl(__fgets_too_small_error, "fgets called with size less than zero"); +extern int __sprintf_chk(char * __restrict, int, size_t, const char * __restrict, ...); +extern int __sprintf_real(char * __restrict, const char * __restrict, ...) __RENAME(sprintf); +extern int __vsprintf_chk(char * __restrict, int, size_t, const char * __restrict, __va_list); +extern int __vsprintf_real(char * __restrict, const char * __restrict, __va_list) __RENAME(vsprintf); + +#if __ISO_C_VISIBLE >= 1999 +extern int __snprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, ...); +extern int __snprintf_real(char * __restrict, size_t, const char * __restrict, ...) __RENAME(snprintf) __printflike(3, 4); +extern int __vsnprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, __va_list); +extern int __vsnprintf_real(char * __restrict, size_t, const char * __restrict, __va_list) __RENAME(vsnprintf) __printflike(3, 0); +#endif + +#if defined(__BSD_FORTIFY) + +#if __ISO_C_VISIBLE >= 1999 +__FORTIFY_INLINE __printflike(3, 0) int +vsnprintf(char *dest, size_t size, const char *format, __va_list ap) +{ + size_t bos = __bos(dest); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__vsnprintf_real(dest, size, format, ap)); + + return (__vsnprintf_chk(dest, size, 0, bos, format, ap)); +} +#endif /* __ISO_C_VISIBLE */ + +__FORTIFY_INLINE __printflike(2, 0) int +vsprintf(char *dest, const char *format, __va_list ap) +{ + size_t bos = __bos(dest); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__vsprintf_real(dest, format, ap)); + + return (__vsprintf_chk(dest, 0, bos, format, ap)); +} + + +#if __ISO_C_VISIBLE >= 1999 +#if !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ +#if !defined(snprintf) && !defined(__cplusplus) +#define __wrap_snprintf(dest, size, ...) __snprintf_chk(dest, size, 0, __bos(dest), __VA_ARGS__) +#define snprintf(...) __wrap_snprintf(__VA_ARGS__) +#endif /* !snprintf */ +#else /* __GNUC_PREREQ__(4, 3) */ +__FORTIFY_INLINE __printflike(3, 4) int +snprintf(char *dest, size_t size, const char *format, ...) +{ + size_t bos = __bos(dest); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__snprintf_real(dest, size, format, + __builtin_va_arg_pack())); + + return (__snprintf_chk(dest, size, 0, bos, format, + __builtin_va_arg_pack())); +} +#endif /* !__GNUC_PREREQ__(4, 3) */ +#endif /* __ISO_C_VISIBLE */ + +#if !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ +#if !defined(sprintf) && !defined(__cplusplus) +#define __wrap_sprintf(dest, ...) __sprintf_chk(dest, 0, __bos(dest), __VA_ARGS__) +#define sprintf(...) __wrap_sprintf(__VA_ARGS__) +#endif /* !sprintf */ +#else /* __GNUC_PREREQ__(4, 3) */ +__FORTIFY_INLINE __printflike(2, 3) int +sprintf(char *dest, const char *format, ...) +{ + size_t bos = __bos(dest); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__sprintf_real(dest, format, + __builtin_va_arg_pack())); + + return (__sprintf_chk(dest, 0, __bos, format, + __builtin_va_arg_pack())); +} + +#endif /* !__GNUC_PREREQ__(4, 3) */ + +__FORTIFY_INLINE char * +fgets(char *dest, int size, FILE *stream) +{ + size_t bos = __bos(dest); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always negative. + * Force a compiler error. + */ + if (__builtin_constant_p(size) && (size < 0)) + __fgets_too_small_error(); +#endif + /* + * Compiler doesn 't know destination size. + * Don' t call __fgets_chk. + */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__fgets_real(dest, size, stream)); +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. + * Don 't call __fgets_chk. + */ + if (__builtin_constant_p(size) && (size <= (int)bos)) + return (__fgets_real(dest, size, stream)); + /* + * Compiler can prove, at compile time, that the passed in size + * is always > the actual object size. + * Force a compiler error. + */ + if (__builtin_constant_p(size) && (size > (int)bos)) + __fgets_too_big_error(); +#endif + return (__fgets_chk(dest, size, stream, bos)); +} + + +__FORTIFY_INLINE char * +gets(char *dest) +{ + size_t bos = __bos(dest); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__gets_real(dest)); + + return (__gets_chk(dest, bos)); +} + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STDIO_H_ */ Index: include/secure/_string.h =================================================================== --- /dev/null +++ include/secure/_string.h @@ -0,0 +1,450 @@ +/*- + * Copyright (c) 2015 Oliver Pinter + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 + * + * $FreeBSD$ + */ + +#ifndef _STRING_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STRING_H_ +#define _SECURE_STRING_H_ + +#include + +__BEGIN_DECLS + +extern void *__memccpy_chk(void *, const void *, int, size_t, size_t); +extern void *__memccpy_real(void *, const void *, int, size_t) __RENAME(memccpy); +extern void *__memchr_chk(const void *, int, size_t, size_t); +extern void *__memchr_real(const void *, int, size_t) __RENAME(memchr); +extern void *__memcpy_chk(void *, const void *, size_t, size_t); +extern void *__memcpy_real(void *, const void *, size_t) __RENAME(memcpy); +__errordecl(__memchr_buf_size_error, "memchr called with size bigger than buffer"); +extern void * __memmove_chk(void *, const void *, size_t, size_t); +extern void * __memmove_real(void *, const void *, size_t) __RENAME(memmove); +extern void *__memrchr_chk(const void *, int, size_t, size_t); +extern void *__memrchr_real(const void *, int, size_t) __RENAME(memrchr); +__errordecl(__memrchr_buf_size_error, "memrchr called with size bigger than buffer"); +extern void *__memset_chk(void *, int, size_t, size_t); +extern void *__memset_real(void *, int, size_t) __RENAME(memset); +extern char *__strcat_chk(char *__restrict, const char *__restrict, size_t); +extern char *__strcat_real(char *__restrict, const char *__restrict) __RENAME(strcat); +extern char *__strncat_chk(char *__restrict, const char *__restrict, size_t, size_t); +extern char *__strncat_real(char *__restrict, const char *__restrict, size_t) __RENAME(strncat); +extern char * __stpcpy_chk(char *, const char *, size_t); +extern char * __stpcpy_real(char *, const char *) __RENAME(stpcpy); +extern char *__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t); +extern char *__stpncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); +extern char *__strncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); +extern char *__strcpy_chk(char *, const char *, size_t); +extern char *__strcpy_real(char *, const char *) __RENAME(strcpy); +extern char *__strncpy_chk(char *, const char *, size_t, size_t); +extern char *__strncpy_real(char *, const char *, size_t) __RENAME(strncpy); +extern size_t __strlcpy_chk(char *, const char *, size_t, size_t); +extern size_t __strlcpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcpy); +extern size_t __strlcat_chk(char * __restrict, const char * __restrict, size_t, size_t); +extern size_t __strlcat_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcat); +extern size_t __strlen_chk(const char *, size_t); +extern size_t __strlen_real(const char *) __RENAME(strlen); +extern char *__strchr_chk(const char *, int, size_t); +extern char *__strchr_real(const char *, int) __RENAME(strchr); +extern char *__strchrnul_chk(const char *, int, size_t); +extern char *__strchrnul_real(const char *, int) __RENAME(strchrnul); +extern char *__strrchr_chk(const char *, int, size_t); +extern char *__strrchr_real(const char *, int) __RENAME(strrchr); +extern char *__rindex_chk(const char *, int, size_t); +extern char *__rindex_real(const char *, int) __RENAME(rindex); + +#if defined(__BSD_FORTIFY) + +#if __XSI_VISIBLE >= 600 +__FORTIFY_INLINE void * +memccpy(void * __restrict d, const void * __restrict s, int c, size_t n) +{ + size_t bos = __bos0(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__memccpy_real(d, s, c, n)); + + return (__memccpy_chk(d, s, c, n, bos)); +} +#endif /* __XSI_VISIBLE */ + + +__FORTIFY_INLINE void * +memchr(const void *s, int c, size_t n) +{ + size_t bos = __bos(s); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__memchr_real(s, c, n)); + +#if !defined(__clang__) + if (__builtin_constant_p(n) && (n > bos)) + __memchr_buf_size_error(); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __memchr_chk. + */ + if (__builtin_constant_p(n) && (n <= bos)) + return (__memchr_real(s, c, n)); +#endif + + return (__memchr_chk(s, c, n, bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE void * +memrchr(const void *s, int c, size_t n) +{ + size_t bos = __bos(s); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__memrchr_real(s, c, n)); + +#if !defined(__clang__) + if (__builtin_constant_p(n) && (n > bos)) + (__memrchr_buf_size_error()); + + if (__builtin_constant_p(n) && (n <= bos)) + return __memrchr_real(s, c, n); +#endif + + return (__memrchr_chk(s, c, n, bos)); +} +#endif /* __BSD_VISIBLE */ + + +__FORTIFY_INLINE void * +memcpy(void * __restrict d, const void * __restrict s, size_t n) +{ + size_t bos = __bos0(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__memcpy_real(d, s, n)); + + return (__memcpy_chk(d, s, n, bos)); +} + + +__FORTIFY_INLINE void * +memmove(void *d, const void *s, size_t l) +{ + size_t bos = __bos0(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__memmove_real(d, s, l)); + + return (__memmove_chk(d, s, l, __bos0(d))); +} + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE char * +stpcpy(char * __restrict d, const char * __restrict s) +{ + size_t bos = __bos(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__stpcpy_real(d, s)); + + return (__stpcpy_chk(d, s, bos)); +} +#endif /* __POSIX_VISIBLE */ + + +__FORTIFY_INLINE char * +strcpy(char * __restrict d, const char * __restrict s) +{ + size_t bos = __bos(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strcpy_real(d, s)); + + return (__strcpy_chk(d, s, bos)); +} + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE char * +stpncpy(char * __restrict d, const char * __restrict s, size_t n) +{ + size_t bos_dest = __bos(d); + size_t bos_src = __bos(s); +#if !defined(__clang__) + size_t slen; +#endif + + if (bos_src == __FORTIFY_UNKNOWN_SIZE) + return (__stpncpy_chk(d, s, n, bos_dest)); + +#if !defined(__clang__) + if (__builtin_constant_p(n) && (n <= bos_src)) + return (__stpncpy_chk(d, s, n, bos_dest)); + + slen = __builtin_strlen(s); + if (__builtin_constant_p(slen)) + return (__stpncpy_chk(d, s, n, bos_dest)); +#endif + + return (__stpncpy_chk2(d, s, n, bos_dest, bos_src)); +} +#endif /* __POSIX_VISIBLE */ + + +__FORTIFY_INLINE char * +strncpy(char * __restrict d, const char * __restrict s, size_t n) +{ + size_t bos_dest = __bos(d); + size_t bos_src = __bos(s); +#if !defined(__clang__) + size_t slen; +#endif + + if (bos_src == __FORTIFY_UNKNOWN_SIZE) + return (__strncpy_chk(d, s, n, bos_dest)); + +#if !defined(__clang__) + if (__builtin_constant_p(n) && (n <= bos_src)) + return (__strncpy_chk(d, s, n, bos_dest)); + + slen = __builtin_strlen(s); + if (__builtin_constant_p(slen)) + return (__strncpy_chk(d, s, n, bos_dest)); +#endif + + return (__strncpy_chk2(d, s, n, bos_dest, bos_src)); +} + + +__FORTIFY_INLINE char * +strcat(char * __restrict d, const char * __restrict s) +{ + size_t bos = __bos(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strcat_real(d, s)); + + return (__strcat_chk(d, s, bos)); +} + + +__FORTIFY_INLINE char * +strncat(char * __restrict d, const char * __restrict s, size_t n) +{ + size_t bos = __bos(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strncat_real(d, s, n)); + + return (__strncat_chk(d, s, n, bos)); +} + + +__FORTIFY_INLINE void * +memset(void *s, int c, size_t n) +{ + size_t bos = __bos(s); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__memset_real(s, c, n)); + + return (__memset_chk(s, c, n, bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE size_t +strlcpy(char * __restrict d, const char * __restrict s, size_t n) +{ + size_t bos = __bos(d); + + /* Compiler doesn't know destination size. Don't call __strlcpy_chk. */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strlcpy_real(d, s, n)); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlcpy_chk. + */ + if (__builtin_constant_p(n) && (n <= bos)) + return (__strlcpy_real(d, s, n)); +#endif + + return (__strlcpy_chk(d, s, n, bos)); +} +#endif /* __BSD_VISIBLE */ + + +#if __BSD_VISIBLE +__FORTIFY_INLINE size_t +strlcat(char * __restrict d, const char * __restrict s, size_t n) +{ + size_t bos = __bos(d); + + /* Compiler doesn't know destination size. Don't call __strlcat_chk. */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strlcat_real(d, s, n)); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlcat_chk. + */ + if (__builtin_constant_p(n) && (n <= bos)) + return (__strlcat_real(d, s, n)); +#endif + + return (__strlcat_chk(d, s, n, bos)); +} +#endif /* __BSD_VISIBLE */ + + +__FORTIFY_INLINE size_t +strlen(const char *s) +{ + size_t bos = __bos(s); +#if !defined(__clang__) + size_t slen; +#endif + + /* Compiler doesn't know destination size. Don't call __strlen_chk. */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strlen_real(s)); + +#if !defined(__clang__) + slen = __builtin_strlen(s); // XXXOP __strlen_real? + if (__builtin_constant_p(slen)) + return (slen); +#endif + + return (__strlen_chk(s, bos)); +} + +__FORTIFY_INLINE char * +strchr(const char *s, int c) +{ + size_t bos = __bos(s); +#if !defined(__clang__) + size_t slen; +#endif + + /* Compiler doesn't know destination size. Don't call __strchr_chk. */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strchr_real(s, c)); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlcat_chk. + */ + slen = (__builtin_strlen(s)); + if (__builtin_constant_p(slen) && (slen < bos)) + return (__strchr_real(s, c)); +#endif + + return (__strchr_chk(s, c, bos)); +} + + +__FORTIFY_INLINE char * +strchrnul(const char *s, int c) +{ + size_t bos = __bos(s); + + /* Compiler doesn't know destination size. Don't call __strchr_chk. */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strchrnul_real(s, c)); + + return (__strchrnul_chk(s, c, bos)); +} + + +__FORTIFY_INLINE char * +strrchr(const char *s, int c) +{ + size_t bos = __bos(s); +#if !defined(__clang__) + size_t slen; +#endif + + /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__strrchr_real(s, c)); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlen_chk. + */ + slen = __strlen_real(s); + if (__builtin_constant_p(slen) && (slen < bos)) + return (__strrchr_real(s, c)); +#endif + + return (__strrchr_chk(s, c, bos)); +} + + +__FORTIFY_INLINE char * +rindex(const char *s, int c) +{ + size_t bos = __bos(s); +#if !defined(__clang__) + size_t slen; +#endif + + /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__rindex_real(s, c)); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __rindex_chk. + */ + slen = __strlen_real(s); + if (__builtin_constant_p(slen) && (slen < bos)) + return (__rindex_real(s, c)); +#endif + + return (__rindex_chk(s, c, bos)); +} + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STRING_H */ Index: include/secure/_strings.h =================================================================== --- /dev/null +++ include/secure/_strings.h @@ -0,0 +1,79 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _STRINGS_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STRINGS_H_ +#define _SECURE_STRINGS_H_ + +#include + +extern void * __bcopy_chk(void *, const void *, size_t, size_t) __RENAME(__memmove_chk); +extern void __bcopy_real(const void *, void *, size_t) __RENAME(bcopy); +extern void * __bzero_chk(void *, int, size_t, size_t) __RENAME(__memset_chk); +extern void __bzero_real(void *, size_t) __RENAME(bzero); + +__BEGIN_DECLS + +#if defined(__BSD_FORTIFY) +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE void +bcopy(const void *s, void *d, size_t l) +{ + size_t bos = __bos0(d); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + __bcopy_real(s, d, l); + + (void)(__bcopy_chk(d, s, l, __bos0(d))); +} +#endif + + +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE void +bzero(void *s, size_t n) +{ + size_t bos = __bos(s); + + if (bos == __FORTIFY_UNKNOWN_SIZE) + __bzero_real(s, n); + + (void)(__bzero_chk(s, '\0', n, bos)); +} +#endif + +#endif /* !__BSD_FORTIFY */ + +__END_DECLS + +#endif /* !defined(_SECURE_STRINGS_H_) */ Index: include/secure/_unistd.h =================================================================== --- /dev/null +++ include/secure/_unistd.h @@ -0,0 +1,167 @@ +/*- + * Copyright (c) 2015 Oliver Pinter + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 + * + * $FreeBSD$ + */ + +#ifndef _UNISTD_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_UNISTD_H_ +#define _SECURE_UNISTD_H_ + +#include +#include + +__BEGIN_DECLS + +extern ssize_t __pread_chk(int, void *, size_t, off_t, size_t); +extern ssize_t __pread_real(int, void *, size_t, off_t) __RENAME(pread); +__errordecl(__pread_dest_size_error, "pread called with size bigger than destination"); +__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX"); + +extern ssize_t __read_chk(int, void *, size_t, size_t); +extern ssize_t __read_real(int, void *, size_t) __RENAME(read); +__errordecl(__read_dest_size_error, "read called with size bigger than destination"); +__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX"); + +extern ssize_t __readlink_chk(const char *, char *, size_t, size_t); +extern ssize_t __readlink_real(const char *, char *, size_t) __RENAME(readlink); +__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination"); +__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX"); + +extern ssize_t __readlinkat_chk(int dirfd, const char *, char *, size_t, size_t); +extern ssize_t __readlinkat_real(int dirfd, const char *, char *, size_t) __RENAME(readlinkat); +__errordecl(__readlinkat_dest_size_error, "readlinkat called with size bigger than destination"); +__errordecl(__readlinkat_size_toobig_error, "readlinkat called with size > SSIZE_MAX"); + +#if defined(__BSD_FORTIFY) + +/* 1003.1-2008 */ +#if __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE +__FORTIFY_INLINE ssize_t +pread(int fd, void *buf, size_t count, off_t offset) +{ + size_t bos = __bos0(buf); + +#if !defined(__clang__) + if (__builtin_constant_p(count) && (count > SSIZE_MAX)) + __pread_count_toobig_error(); +#endif + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__pread_real(fd, buf, count, offset)); +#if !defined(__clang__) + if (__builtin_constant_p(count) && (count > bos)) + __pread_dest_size_error(); + if (__builtin_constant_p(count) && (count <= bos)) + return (__pread_real(fd, buf, count, offset)); +#endif + + return (__pread_chk(fd, buf, count, offset, bos)); +} +#endif /* __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE */ + + +__FORTIFY_INLINE ssize_t +read(int fd, void *buf, size_t count) +{ + size_t bos = __bos0(buf); + +#if !defined(__clang__) + if (__builtin_constant_p(count) && (count > SSIZE_MAX)) + __read_count_toobig_error(); +#endif + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (__read_real(fd, buf, count)); +#if !defined(__clang__) + if (__builtin_constant_p(count) && (count > bos)) + __read_dest_size_error(); + if (__builtin_constant_p(count) && (count <= bos)) + return (__read_real(fd, buf, count)); +#endif + + return (__read_chk(fd, buf, count, bos)); +} + + +/* 1003.1-2001 */ +#if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE +__FORTIFY_INLINE ssize_t +readlink(const char *path, char *buf, size_t size) +{ + size_t bos = __bos(buf); + +#if !defined(__clang__) + if (__builtin_constant_p(size) && (size > SSIZE_MAX)) + __readlink_size_toobig_error(); +#endif + if (bos == __FORTIFY_UNKNOWN_SIZE) + return __readlink_real(path, buf, size); +#if !defined(__clang__) + if (__builtin_constant_p(size) && (size > bos)) + __readlink_dest_size_error(); + if (__builtin_constant_p(size) && (size <= bos)) + return __readlink_real(path, buf, size); +#endif + + return (__readlink_chk(path, buf, size, bos)); +} +#endif /* __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE */ + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE ssize_t +readlinkat(int dirfd, const char *path, char *buf, size_t size) +{ + size_t bos = __bos(buf); + +#if !defined(__clang__) + if (__builtin_constant_p(size) && (size > SSIZE_MAX)) + (__readlinkat_size_toobig_error()); +#endif + if (bos == __FORTIFY_UNKNOWN_SIZE) + return __readlinkat_real(dirfd, path, buf, size); +#if !defined(__clang__) + if (__builtin_constant_p(size) && (size > bos)) + __readlinkat_dest_size_error(); + if (__builtin_constant_p(size) && (size <= bos)) + return (__readlinkat_real(dirfd, path, buf, size)); +#endif + + return (__readlinkat_chk(dirfd, path, buf, size, bos)); +} +#endif /* __POSIX_VISIBLE >= 200809 */ + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_UNISTD_H_ */ Index: include/secure/security.h =================================================================== --- /dev/null +++ include/secure/security.h @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SECURE_SECURITY_ +#define _SECURE_SECURITY_ + +#include +#include + +#if !defined(__clang__) +#define __errordecl(name, msg) extern void name(void) __error_attr(msg) +#else +#define __errordecl(name, msg) +#endif + +#define __RENAME(x) __asm__(#x) + +__BEGIN_DECLS + +/* Common fail function. */ +void __secure_fail(const char *msg) __dead2 __nonnull(1); + +/* SSP related fail functions. */ +void __chk_fail(void) __dead2; +void __stack_chk_fail(void) __dead2; + +/* FORTIFY_SOURCE related fail function. */ +void __fortify_chk_fail(const char* msg) __dead2 __nonnull(1); +int __fortify_chk_overlap(const void *a, const void *b, size_t len); + +__END_DECLS + +#endif /* !_SECURE_SECURITY_ */ Index: include/stdio.h =================================================================== --- include/stdio.h +++ include/stdio.h @@ -521,4 +521,9 @@ #endif /* __cplusplus */ __END_DECLS + +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_STDIO_H_ */ Index: include/string.h =================================================================== --- include/string.h +++ include/string.h @@ -141,4 +141,8 @@ #endif __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* _STRING_H_ */ Index: include/strings.h =================================================================== --- include/strings.h +++ include/strings.h @@ -68,4 +68,8 @@ #endif __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* _STRINGS_H_ */ Index: include/unistd.h =================================================================== --- include/unistd.h +++ include/unistd.h @@ -589,4 +589,8 @@ #endif /* __BSD_VISIBLE */ __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_UNISTD_H_ */ Index: lib/libc/Makefile =================================================================== --- lib/libc/Makefile +++ lib/libc/Makefile @@ -95,6 +95,7 @@ .include "${LIBC_SRCTOP}/stdtime/Makefile.inc" .include "${LIBC_SRCTOP}/string/Makefile.inc" .include "${LIBC_SRCTOP}/sys/Makefile.inc" +.include "${LIBC_SRCTOP}/secure/Makefile.inc" .include "${LIBC_SRCTOP}/rpc/Makefile.inc" .include "${LIBC_SRCTOP}/uuid/Makefile.inc" .include "${LIBC_SRCTOP}/xdr/Makefile.inc" Index: lib/libc/secure/Makefile.inc =================================================================== --- /dev/null +++ lib/libc/secure/Makefile.inc @@ -0,0 +1,51 @@ +# secure sources +.PATH: ${LIBC_SRCTOP}/secure + +# Sources common to both syscall interfaces: +SRCS+= \ + fortify_source.c \ + secure_common.c \ + stack_protector.c \ + stack_protector_compat.c + +# Sources which contains FORTIFY_SOURCE functions: +SRCS+= \ + __fgets_chk.c \ + __gets_chk.c \ + __memccpy_chk.c \ + __memchr_chk.c \ + __memcpy_chk.c \ + __memmove_chk.c \ + __memrchr_chk.c \ + __memset_chk.c \ + __pread_chk.c \ + __read_chk.c \ + __readlink_chk.c \ + __readlinkat_chk.c \ + __stpcpy_chk.c \ + __stpncpy_chk.c \ + __strcat_chk.c \ + __strchr_chk.c \ + __strchrnul_chk.c \ + __strcpy_chk.c \ + __strlcat_chk.c \ + __strlcpy_chk.c \ + __strlen_chk.c \ + __strncat_chk.c \ + __strncpy_chk.c \ + __strrchr_chk.c \ + __vsnprintf_chk.c \ + __vsprintf_chk.c + +# Sources which contains FORTIFY_SOURCE functions, +# but live in .h files under sys/sys +SRCS+= \ + __FD_chk.c \ + __poll_chk.c \ + __recvfrom_chk.c \ + __umask_chk.c + +SYM_MAPS+= ${LIBC_SRCTOP}/secure/Symbol.map + +MAN+= __builtin_object_size.3 + Index: lib/libc/secure/Symbol.map =================================================================== --- /dev/null +++ lib/libc/secure/Symbol.map @@ -0,0 +1,69 @@ +/* + * $FreeBSD$ + */ + +/* + * It'd be nice to have this automatically generated, but we don't + * know to what version they will eventually belong, so for now + * it has to be manual. + */ +FBSD_1.0 { + __chk_fail; + __stack_chk_fail; + __stack_chk_guard; +}; + +FBSD_1.1 { +}; + +FBSD_1.2 { +}; + +FBSD_1.3 { +}; + +FBSD_1.4 { + __FD_ISSET_chk; + __FD_CLR_chk; + __FD_SET_chk; + __fgets_chk; + __fortify_chk_fail; + __gets_chk; + __memccpy_chk; + __memchr_chk; + __memcpy_chk; + __memmove_chk; + __memrchr_chk; + __memset_chk; + __poll_chk; + __ppoll_chk; + __pread_chk; + __read_chk; + __readlink_chk; + __readlinkat_chk; + __recvfrom_chk; + __rindex_chk; + __snprintf_chk; + __sprintf_chk; + __stpcpy_chk; + __stpncpy_chk; + __stpncpy_chk2; + __strcat_chk; + __strchr_chk; + __strchrnul_chk; + __strcpy_chk; + __strlcat_chk; + __strlcpy_chk; + __strlen_chk; + __strncat_chk; + __strncpy_chk; + __strncpy_chk2; + __strrchr_chk; + __umask_chk; + __vsnprintf_chk; + __vsprintf_chk; + __secure_fail; +}; + +FBSDprivate_1.0 { +}; Index: lib/libc/secure/__FD_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__FD_chk.c @@ -0,0 +1,80 @@ +/*- + * Copyright (C) 2013 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_select.h" + +int +__FD_ISSET_chk(int fd, fd_set *set, size_t set_size) +{ + + if (__predict_false(fd < 0)) + __fortify_chk_fail("FD_ISSET: file descriptor < 0"); + if (__predict_false(fd >= FD_SETSIZE)) + __fortify_chk_fail("FD_ISSET: file descriptor >= FD_SETSIZE"); + if (__predict_false(set_size < sizeof(fd_set))) + __fortify_chk_fail("FD_ISSET: set is too small"); + + return (FD_ISSET(fd, set)); +} + +void +__FD_CLR_chk(int fd, fd_set *set, size_t set_size) +{ + + if (__predict_false(fd < 0)) + __fortify_chk_fail("FD_CLR: file descriptor < 0"); + if (__predict_false(fd >= FD_SETSIZE)) + __fortify_chk_fail("FD_CLR: file descriptor >= FD_SETSIZE"); + if (__predict_false(set_size < sizeof(fd_set))) + __fortify_chk_fail("FD_CLR: set is too small"); + + FD_CLR(fd, set); +} + +void +__FD_SET_chk(int fd, fd_set *set, size_t set_size) +{ + + if (__predict_false(fd < 0)) + __fortify_chk_fail("FD_SET: file descriptor < 0"); + if (__predict_false(fd >= FD_SETSIZE)) + __fortify_chk_fail("FD_SET: file descriptor >= FD_SETSIZE"); + if (__predict_false(set_size < sizeof(fd_set))) + __fortify_chk_fail("FD_SET: set is too small"); + + FD_SET(fd, set); +} Index: lib/libc/secure/__builtin_object_size.3 =================================================================== --- /dev/null +++ lib/libc/secure/__builtin_object_size.3 @@ -0,0 +1,101 @@ +.\" $NetBSD: __builtin_object_size.3,v 1.10 2012/07/19 06:44:12 wiz Exp $ +.\" +.\" Copyright (c) 2007 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd July 18, 2012 +.Dt __BUILTIN_OBJECT_SIZE 3 +.Os +.Sh NAME +.Nm __builtin_object_size +.Nd return the size of the given object +.Sh SYNOPSIS +.Ft size_t +.Fn __builtin_object_size "void *ptr" "int type" +.Sh DESCRIPTION +The +.Fn __builtin_object_size +function is a +.Xr gcc 1 +built-in function that returns the size of the +.Fa ptr +object if known at compile time and the object does not have any side +effects. +.Sh RETURN VALUES +If the size of the object is not known or it has side effects the +.Fn __builtin_object_size +function returns: +.Bl -tag -width (size_t)\-1 -offset indent +.It Dv (size_t)\-1 +for +.Fa type +.Dv 0 +and +.Dv 1 . +.It Dv (size_t)0 +for +.Fa type +.Dv 2 +and +.Dv 3 . +.El +.Pp +If the size of the object is known, then the +.Fn __builtin_object_size +function returns the maximum size of all the objects that the compiler +knows that they can be pointed to by +.Fa ptr +when +.Fa type +.Dv \*[Am] 2 == 0 , +and the minimum size when +.Fa type +.Dv \*[Am] 2 != 0 . +.Sh SEE ALSO +.Xr gcc 1 , +.Xr __builtin_return_address 3 , +.Xr attribute 3 , +.Xr ssp 3 +.Sh HISTORY +The +.Fn __builtin_object_size +appeared in +.Tn GCC 4.1 . +.Sh CAVEATS +This is a non-standard, compiler-specific extension. +.Pp +Note that currently the object size calculation pass is only done at -O1 +or above, meaning that this function always returns \-1 when the optimizer +is off. +.Pp +There are some discussions about always doing the object size pass, but +the issue is that without the optimization pass data sizes are not going +to be correct. +.Pp +For that reason currently code fortification (size-checked replacement +functions) is disabled when optimization is off. Index: lib/libc/secure/__fgets_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__fgets_chk.c @@ -0,0 +1,54 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_stdio.h" + +char * +__fgets_chk(char *dest, int supplied_size, FILE *stream, + size_t dest_len_from_compiler) +{ + + if (supplied_size < 0) + __fortify_chk_fail("fgets: buffer size < 0"); + if (((size_t)supplied_size) > dest_len_from_compiler) + __fortify_chk_fail( + "fgets: prevented write past end of buffer"); + + return (fgets(dest, supplied_size, stream)); +} Index: lib/libc/secure/__gets_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__gets_chk.c @@ -0,0 +1,78 @@ +/* $FreeBSD$ */ +/* $NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $ */ + +/*- + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#undef _FORTIFY_SOURCE + +#include +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $"); + +/*LINTLIBRARY*/ + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +char * +__gets_chk(char * __restrict buf, size_t slen) +{ + char *abuf; + size_t len; + + if (slen >= (size_t)INT_MAX) + return (gets(buf)); + + if ((abuf = malloc(slen + 1)) == NULL) + return (gets(buf)); + + if (fgets(abuf, (int)(slen + 1), stdin) == NULL) { + free(abuf); + return (NULL); + } + + len = strlen(abuf); + if (len > 0 && abuf[len - 1] == '\n') + --len; + + if (len >= slen) + __fortify_chk_fail( + "gets: prevented write past end of buffer"); + + (void)memcpy(buf, abuf, len); + + buf[len] = '\0'; + free(abuf); + + return (buf); +} Index: lib/libc/secure/__memccpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memccpy_chk.c @@ -0,0 +1,67 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memccpy_chk(void *dest, const void *src, int c, size_t copy_amount, size_t dest_len) +{ + void *ret; + size_t len; + + if (__predict_false(copy_amount > dest_len)) { + __fortify_chk_fail("memccpy: prevented write past end of buffer"); + } + + /* + * If copy_amount was copied, then return NULL, otherwise + * a pointer to the byte after the copy of c in the string + * dest is returned. + * + * See the memccpy(3) manpage for more details. + */ + ret = memccpy(dest, src, c, copy_amount); + + if (ret != NULL) { + len = ret - dest; + } + + if (__predict_false(__fortify_chk_overlap(dest, src, len))) { + __fortify_chk_fail("memccpy: prevented overlapping strings"); + } + + return (ret); +} Index: lib/libc/secure/__memchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memchr_chk.c @@ -0,0 +1,49 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +void * +__memchr_chk(const void *s, int c, size_t n, size_t buf_size) +{ + + if (__predict_false(n > buf_size)) + __fortify_chk_fail( + "memchr: prevented read past end of buffer"); + + return (memchr(s, c, n)); +} Index: lib/libc/secure/__memcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memcpy_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memcpy_chk(void *dest, const void *src, size_t copy_amount, size_t dest_len) +{ + + + if (__predict_false(copy_amount > dest_len)) + __fortify_chk_fail( + "memcpy: prevented write past end of buffer"); + + /* See the memcpy(3) for more details. */ + if (__predict_false(__fortify_chk_overlap(dest, src, copy_amount))) + __fortify_chk_fail("memcpy: prevented overlaping strings"); + + return (memcpy(dest, src, copy_amount)); +} Index: lib/libc/secure/__memmove_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memmove_chk.c @@ -0,0 +1,57 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memmove_chk(void *dest, const void *src, size_t len, size_t dest_len) +{ + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (dest_len == __FORTIFY_UNKNOWN_SIZE) + return (memmove(dest, src, len)); + + if (__predict_false(len > dest_len)) + __fortify_chk_fail( + "memmove: prevented write past end of buffer"); + + return (memmove(dest, src, len)); +} Index: lib/libc/secure/__memrchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memrchr_chk.c @@ -0,0 +1,49 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +void * +__memrchr_chk(const void *s, int c, size_t n, size_t buf_size) +{ + + if (__predict_false(n > buf_size)) + __fortify_chk_fail( + "memrchr: prevented read past end of buffer"); + + return (memrchr(s, c, n)); +} Index: lib/libc/secure/__memset_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memset_chk.c @@ -0,0 +1,50 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memset_chk(void *dest, int c, size_t n, size_t dest_len) +{ + + if (__predict_false(n > dest_len)) + __fortify_chk_fail( + "memset: prevented write past end of buffer"); + + return memset(dest, c, n); +} Index: lib/libc/secure/__poll_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__poll_chk.c @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_poll.h" + +int +__poll_chk(struct pollfd *fds, nfds_t fd_count, int timeout, size_t fds_size) +{ + + if (__predict_false(fds_size / sizeof(*fds) < fd_count)) + __fortify_chk_fail("poll: pollfd array smaller than fd count"); + + return (poll(fds, fd_count, timeout)); +} + +int +__ppoll_chk(struct pollfd *fds, nfds_t fd_count, const struct timespec *timeout, const sigset_t *mask, size_t fds_size) +{ + if (__predict_false(fds_size / sizeof(*fds) < fd_count)) + __fortify_chk_fail("ppoll: pollfd array smaller than fd count"); + + return (ppoll(fds, fd_count, timeout, mask)); +} Index: lib/libc/secure/__pread_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__pread_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__pread_chk(int fd, void *buf, size_t count, off_t offset, size_t buf_size) +{ + + if (__predict_false(count > buf_size)) + __fortify_chk_fail( + "pread: prevented write past end of buffer"); + if (__predict_false(count > SSIZE_MAX)) + __fortify_chk_fail("pread: count > SSIZE_MAX"); + + return (pread(fd, buf, count, offset)); +} Index: lib/libc/secure/__read_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__read_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2013 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__read_chk(int fd, void *buf, size_t count, size_t buf_size) +{ + + if (__predict_false(count > buf_size)) + __fortify_chk_fail( + "read: prevented write past end of buffer"); + if (__predict_false(count > SSIZE_MAX)) + __fortify_chk_fail("read: count > SSIZE_MAX"); + + return (read(fd, buf, count)); +} Index: lib/libc/secure/__readlink_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__readlink_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__readlink_chk(const char *path, char *buf, size_t size, size_t buf_size) +{ + + if (__predict_false(size > buf_size)) + __fortify_chk_fail( + "readlink: prevented write past end of buffer"); + if (__predict_false(size > SSIZE_MAX)) + __fortify_chk_fail("readlink: size > SSIZE_MAX"); + + return (readlink(path, buf, size)); +} Index: lib/libc/secure/__readlinkat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__readlinkat_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__readlinkat_chk(int dirfd, const char *path, char *buf, size_t size, size_t buf_size) +{ + + if (__predict_false(size > buf_size)) + __fortify_chk_fail( + "readlinkat: prevented write past end of buffer"); + if (__predict_false(size > SSIZE_MAX)) + __fortify_chk_fail("readlinkat: size > SSIZE_MAX"); + + return (readlinkat(dirfd, path, buf, size)); +} Index: lib/libc/secure/__recvfrom_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__recvfrom_chk.c @@ -0,0 +1,51 @@ +/*- + * Copyright (C) 2013 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_socket.h" + +ssize_t +__recvfrom_chk(int socket, void *buf, size_t len, size_t buflen, + int flags, struct sockaddr * __restrict src_addr, + socklen_t * __restrict addrlen) +{ + + if (__predict_false(len > buflen)) + __fortify_chk_fail( + "recvfrom: prevented write past end of buffer"); + + return (recvfrom(socket, buf, len, flags, src_addr, addrlen)); +} Index: lib/libc/secure/__stpcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__stpcpy_chk.c @@ -0,0 +1,59 @@ +/*- + * Copyright (C) 2014 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__stpcpy_chk(char *dest, const char *src, size_t dest_len) +{ + /* TODO:optimize so we don't scan src twice. */ + size_t src_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (dest_len == __FORTIFY_UNKNOWN_SIZE) + return (stpcpy(dest, src)); + + src_len = strlen(src) + 1; + if (__predict_false(src_len > dest_len)) + __fortify_chk_fail("stpcpy: prevented write past end of buffer"); + + return (stpcpy(dest, src)); +} Index: lib/libc/secure/__stpncpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__stpncpy_chk.c @@ -0,0 +1,94 @@ +/*- + * Copyright (C) 2014 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__stpncpy_chk(char *__restrict dest, const char *__restrict src, + size_t len, size_t dest_len) +{ + + if (__predict_false(len > dest_len)) + __fortify_chk_fail( + "stpncpy: prevented write past end of buffer"); + + return stpncpy(dest, src, len); +} + +/* + * __stpncpy_chk2 + * + * This is a variant of __stpncpy_chk, but it also checks to make + * sure we don't read beyond the end of "src". The code for this is + * based on the original version of stpncpy, but modified to check + * how much we read from "src" at the end of the copy operation. + */ +char * +__stpncpy_chk2(char *__restrict dst, const char *__restrict src, + size_t n, size_t dest_len, size_t src_len) +{ + char *d; + const char *s = src; + size_t s_copy_len ; + + if (__predict_false(n > dest_len)) + __fortify_chk_fail( + "stpncpy: prevented write past end of buffer"); + + if (n != 0) { + d = dst; + + do { + if ((*d++ = *s++) == 0) { + /* NUL pad the remaining n-1 bytes */ + while (--n != 0) + *d++ = 0; + break; + } + } while (--n != 0); + + s_copy_len = (size_t)(s - src); + + if (__predict_false(s_copy_len > src_len)) + __fortify_chk_fail( + "stpncpy: prevented read past end of buffer"); + } + + return (dst); +} Index: lib/libc/secure/__strcat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strcat_chk.c @@ -0,0 +1,68 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strcat_chk(char *__restrict dest, const char *__restrict src, + size_t dest_buf_size) +{ + char *save = dest; + size_t dest_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (dest_buf_size == __FORTIFY_UNKNOWN_SIZE) + return (strcat(dest, src)); + + dest_len = __strlen_chk(dest, dest_buf_size); + + dest += dest_len; + dest_buf_size -= dest_len; + + while ((*dest++ = *src++) != '\0') { + dest_buf_size--; + if (__predict_false(dest_buf_size == 0)) + __fortify_chk_fail( + "strcat: prevented write past end of buffer"); + } + + return (save); +} Index: lib/libc/secure/__strchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strchr_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strchr_chk(const char *p, int ch, size_t s_len) +{ + + for (;; ++p, s_len--) { + if (__predict_false(s_len == 0)) + __fortify_chk_fail( + "strchr: prevented read past end of buffer"); + if (*p == (char)(ch)) + return ((char *)(p)); + if (*p == '\0') + return (NULL); + } + /* NOTREACHED */ +} Index: lib/libc/secure/__strchrnul_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strchrnul_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 2015 Pinter Oliver + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strchrnul_chk(const char *p, int ch, size_t s_len) +{ + + for (;; ++p, s_len--) { + if (__predict_false(s_len == 0)) + __fortify_chk_fail( + "strchrnul: prevented read past end of buffer"); + if (*p == (char)(ch)) + return ((char *)(p)); + if (*p == '\0') + return ((char *)(p)); + } + /* NOTREACHED */ +} Index: lib/libc/secure/__strcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strcpy_chk.c @@ -0,0 +1,60 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strcpy_chk(char *dest, const char *src, size_t dest_len) +{ + /* TODO: optimize so we don't scan src twice. */ + size_t src_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (dest_len == __FORTIFY_UNKNOWN_SIZE) + return (strcpy(dest, src)); + + src_len = strlen(src) + 1; + if (__predict_false(src_len > dest_len)) + __fortify_chk_fail( + "strcpy: prevented write past end of buffer"); + + return (strcpy(dest, src)); +} Index: lib/libc/secure/__strlcat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlcat_chk.c @@ -0,0 +1,51 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +size_t +__strlcat_chk(char *dest, const char *src, + size_t supplied_size, size_t dest_len_from_compiler) +{ + + if (__predict_false(supplied_size > dest_len_from_compiler)) + __fortify_chk_fail( + "strlcat: prevented write past end of buffer"); + + return (strlcat(dest, src, supplied_size)); +} Index: lib/libc/secure/__strlcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlcpy_chk.c @@ -0,0 +1,51 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +size_t +__strlcpy_chk(char *dest, const char *src, + size_t supplied_size, size_t dest_len_from_compiler) +{ + + if (__predict_false(supplied_size > dest_len_from_compiler)) + __fortify_chk_fail( + "strlcpy: prevented write past end of buffer"); + + return (strlcpy(dest, src, supplied_size)); +} Index: lib/libc/secure/__strlen_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlen_chk.c @@ -0,0 +1,64 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +/* + * This test is designed to detect code such as: + * + * int main() { + * char buf[10]; + * memcpy(buf, "1234567890", sizeof(buf)); + * size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE + * printf("%d\n", len); + * return 0; + * } + * + * or anytime strlen reads beyond an object boundary. + */ +size_t +__strlen_chk(const char *s, size_t s_len) +{ + size_t ret; + + ret = strlen(s); + if (__predict_false(ret >= s_len)) + __fortify_chk_fail("strlen: prevented read past end of buffer"); + + return (ret); +} Index: lib/libc/secure/__strncat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strncat_chk.c @@ -0,0 +1,69 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strncat_chk(char *__restrict dest, const char *__restrict src, + size_t len, size_t dest_buf_size) +{ + size_t dest_len; + char *d; + + if (len == 0) + return (dest); + + dest_len = __strlen_chk(dest, dest_buf_size); + d = dest + dest_len; + dest_buf_size -= dest_len; + + while (*src != '\0') { + *d++ = *src++; + len--; + dest_buf_size--; + + if (__predict_false(dest_buf_size == 0)) + __fortify_chk_fail( + "strncat: prevented write past end of buffer"); + if (len == 0) + break; + } + *d = '\0'; + + return (dest); +} Index: lib/libc/secure/__strncpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strncpy_chk.c @@ -0,0 +1,90 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strncpy_chk(char *__restrict dest, const char *__restrict src, + size_t len, size_t dest_len) +{ + + if (__predict_false(len > dest_len)) + __fortify_chk_fail( + "strncpy: prevented write past end of buffer"); + + return (strncpy(dest, src, len)); +} + +/* + * __strncpy_chk2 + * + * This is a variant of __strncpy_chk, but it also checks to make + * sure we don't read beyond the end of "src". The code for this is + * based on the original version of strncpy, but modified to check + * how much we read from "src" at the end of the copy operation. + */ +char * +__strncpy_chk2(char *__restrict dst, const char *__restrict src, + size_t n, size_t dest_len, size_t src_len) +{ + size_t s_copy_len; + + if (__predict_false(n > dest_len)) + __fortify_chk_fail( + "strncpy: prevented write past end of buffer"); + if (n != 0) { + char *d = dst; + const char *s = src; + + do { + if ((*d++ = *s++) == 0) { + /* NUL pad the remaining n-1 bytes */ + while (--n != 0) + *d++ = 0; + break; + } + } while (--n != 0); + + s_copy_len = (size_t)(s - src); + + if (__predict_false(s_copy_len > src_len)) + __fortify_chk_fail("strncpy: prevented read past end of buffer"); + } + + return (dst); +} Index: lib/libc/secure/__strrchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strrchr_chk.c @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 1988 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strrchr_chk(const char *p, int ch, size_t s_len) +{ + + for (char *save = NULL;; ++p, s_len--) { + if (s_len == 0) + __fortify_chk_fail( + "strrchr: prevented read past end of buffer"); + if (*p == (char)ch) + save = (char *)p; + if (!*p) + return (save); + } + /* NOTREACHED */ +} + +__weak_reference(__strrchr_chk, __rindex_chk); + Index: lib/libc/secure/__umask_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__umask_chk.c @@ -0,0 +1,53 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stat.h" + +/* + * Validate that umask is called with sane mode. + */ +mode_t +__umask_chk(mode_t mode) +{ + + if (__predict_false((mode & 0777) != mode)) + __fortify_chk_fail("umask: called with invalid mask"); + + return (umask(mode)); +} Index: lib/libc/secure/__vsnprintf_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__vsnprintf_chk.c @@ -0,0 +1,76 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +int +__vsnprintf_chk(char *dest, size_t supplied_size, int flags, + size_t dest_len_from_compiler, const char *format, va_list va) +{ + + if (__predict_false(supplied_size > dest_len_from_compiler)) + __fortify_chk_fail( + "vsnprintf: prevented write past end of buffer"); + + return (vsnprintf(dest, supplied_size, format, va)); +} + + +int +__snprintf_chk(char *dest, size_t supplied_size, int flags, + size_t dest_len_from_compiler, const char *format,...) +{ + va_list va; + int result; + + if (dest_len_from_compiler == __FORTIFY_UNKNOWN_SIZE) { + va_start(va, format); + result = __vsnprintf_real(dest, supplied_size, format, va); + va_end(va); + + return (result); + } + + va_start(va, format); + result = __vsnprintf_chk(dest, supplied_size, flags, + dest_len_from_compiler, format, va); + va_end(va); + + return (result); +} Index: lib/libc/secure/__vsprintf_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__vsprintf_chk.c @@ -0,0 +1,78 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +int +__vsprintf_chk(char * __restrict dest, int flags, size_t dest_len_from_compiler, + const char * __restrict format, __va_list va) +{ + int result; + + result = vsnprintf(dest, dest_len_from_compiler, format, va); + if ((size_t)result >= dest_len_from_compiler) + __fortify_chk_fail( + "vsprintf: prevented write past end of buffer"); + + return (result); +} + + +int +__sprintf_chk(char * __restrict dest, int flags, size_t dest_len_from_compiler, + const char * __restrict format, ...) +{ + va_list va; + int result; + + /* XXXOP */ + if (dest_len_from_compiler == __FORTIFY_UNKNOWN_SIZE) { + va_start(va, format); + result = __vsprintf_real(dest, format, va); + va_end(va); + + return (result); + } + + va_start(va, format); + result = __vsprintf_chk(dest, flags, dest_len_from_compiler, format, va); + va_end(va); + + return (result); +} Index: lib/libc/secure/fortify_source.c =================================================================== --- /dev/null +++ lib/libc/secure/fortify_source.c @@ -0,0 +1,47 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include "secure/security.h" + +void +__fortify_chk_fail(const char* msg) +{ + + __secure_fail(msg); +} + +int +__fortify_chk_overlap(const void *a, const void *b, size_t len) +{ + + return ((a <= b && b <= a + len) || (b <= a && a <= b + len)); +} Index: lib/libc/secure/secure_common.c =================================================================== --- /dev/null +++ lib/libc/secure/secure_common.c @@ -0,0 +1,75 @@ +/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ +/* + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "libc_private.h" + +static void __fail(const char *) __dead2; + +/*ARGSUSED*/ +static void +__fail(const char *msg) +{ + struct sigaction sa; + sigset_t mask; + + /* Immediately block all signal handlers from running code */ + (void)sigfillset(&mask); + (void)sigdelset(&mask, SIGABRT); + (void)sigprocmask(SIG_BLOCK, &mask, NULL); + + /* This may fail on a chroot jail... */ + syslog(LOG_CRIT, "%s", msg); + + (void)memset(&sa, 0, sizeof(sa)); + (void)sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = SIG_DFL; + (void)sigaction(SIGABRT, &sa, NULL); + (void)kill(getpid(), SIGABRT); + _exit(127); +} + +void +__secure_fail(const char *msg) +{ + + __fail(msg); +} Index: lib/libc/secure/stack_protector.c =================================================================== --- /dev/null +++ lib/libc/secure/stack_protector.c @@ -0,0 +1,89 @@ +/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ +/* + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include "libc_private.h" + +extern int __sysctl(const int *name, u_int namelen, void *oldp, + size_t *oldlenp, void *newp, size_t newlen); + +long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; +static void __guard_setup(void) __attribute__((__constructor__, __used__)); +void __stack_chk_fail(void) __dead2; + +/*LINTED used*/ +static void +__guard_setup(void) +{ + static const int mib[2] = { CTL_KERN, KERN_ARND }; + size_t len; + int error; + + if (__stack_chk_guard[0] != 0) + return; + error = _elf_aux_info(AT_CANARY, __stack_chk_guard, + sizeof(__stack_chk_guard)); + if (error == 0 && __stack_chk_guard[0] != 0) + return; + + len = sizeof(__stack_chk_guard); + if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == + -1 || len != sizeof(__stack_chk_guard)) { + /* If sysctl was unsuccessful, use the "terminator canary". */ + ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; + ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; + ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; + ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; + } +} + +void +__stack_chk_fail(void) +{ + + __secure_fail("stack overflow detected; terminated"); +} + +void +__chk_fail(void) +{ + + __secure_fail("buffer overflow detected; terminated"); +} + +#ifndef PIC +__weak_reference(__stack_chk_fail, __stack_chk_fail_local); +#endif Index: lib/libc/secure/stack_protector_compat.c =================================================================== --- /dev/null +++ lib/libc/secure/stack_protector_compat.c @@ -0,0 +1,20 @@ +/* + * Written by Alexander Kabaev + * The file is in public domain. + */ + +#include +__FBSDID("$FreeBSD$"); + +void __stack_chk_fail(void); + +#ifdef PIC +void +__stack_chk_fail_local_hidden(void) +{ + + __stack_chk_fail(); +} + +__sym_compat(__stack_chk_fail_local, __stack_chk_fail_local_hidden, FBSD_1.0); +#endif Index: lib/libc/stdio/fgets.c =================================================================== --- lib/libc/stdio/fgets.c +++ lib/libc/stdio/fgets.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)fgets.c 8.2 (Berkeley) 12/22/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/gets.c =================================================================== --- lib/libc/stdio/gets.c +++ lib/libc/stdio/gets.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)gets.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/snprintf.c =================================================================== --- lib/libc/stdio/snprintf.c +++ lib/libc/stdio/snprintf.c @@ -38,6 +38,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)snprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/sprintf.c =================================================================== --- lib/libc/stdio/sprintf.c +++ lib/libc/stdio/sprintf.c @@ -38,6 +38,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)sprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/vsnprintf.c =================================================================== --- lib/libc/stdio/vsnprintf.c +++ lib/libc/stdio/vsnprintf.c @@ -38,6 +38,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)vsnprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/bzero.c =================================================================== --- lib/libc/string/bzero.c +++ lib/libc/string/bzero.c @@ -1,3 +1,4 @@ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memccpy.c =================================================================== --- lib/libc/string/memccpy.c +++ lib/libc/string/memccpy.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memccpy.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memchr.c =================================================================== --- lib/libc/string/memchr.c +++ lib/libc/string/memchr.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memchr.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memset.c =================================================================== --- lib/libc/string/memset.c +++ lib/libc/string/memset.c @@ -33,6 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memset.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/stpncpy.c =================================================================== --- lib/libc/string/stpncpy.c +++ lib/libc/string/stpncpy.c @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strchr.c =================================================================== --- lib/libc/string/strchr.c +++ lib/libc/string/strchr.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)index.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strchrnul.c =================================================================== --- lib/libc/string/strchrnul.c +++ lib/libc/string/strchrnul.c @@ -25,6 +25,7 @@ * */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlcat.c =================================================================== --- lib/libc/string/strlcat.c +++ lib/libc/string/strlcat.c @@ -16,6 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlcpy.c =================================================================== --- lib/libc/string/strlcpy.c +++ lib/libc/string/strlcpy.c @@ -16,6 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlen.c =================================================================== --- lib/libc/string/strlen.c +++ lib/libc/string/strlen.c @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strrchr.c =================================================================== --- lib/libc/string/strrchr.c +++ lib/libc/string/strrchr.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)rindex.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/Makefile.inc =================================================================== --- lib/libc/sys/Makefile.inc +++ lib/libc/sys/Makefile.inc @@ -21,8 +21,6 @@ # Sources common to both syscall interfaces: SRCS+= \ - stack_protector.c \ - stack_protector_compat.c \ __error.c \ interposing_table.c Index: lib/libc/sys/Symbol.map =================================================================== --- lib/libc/sys/Symbol.map +++ lib/libc/sys/Symbol.map @@ -56,7 +56,6 @@ bind; chdir; chflags; - __chk_fail; chmod; chown; chroot; @@ -281,8 +280,6 @@ sigwaitinfo; socket; socketpair; - __stack_chk_fail; - __stack_chk_guard; stat; statfs; swapoff; Index: lib/libc/sys/read.c =================================================================== --- lib/libc/sys/read.c +++ lib/libc/sys/read.c @@ -30,6 +30,7 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/readv.c =================================================================== --- lib/libc/sys/readv.c +++ lib/libc/sys/readv.c @@ -30,6 +30,7 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/stack_protector.c =================================================================== --- lib/libc/sys/stack_protector.c +++ /dev/null @@ -1,117 +0,0 @@ -/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ -/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ -/* - * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "libc_private.h" - -extern int __sysctl(const int *name, u_int namelen, void *oldp, - size_t *oldlenp, void *newp, size_t newlen); - -long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; -static void __guard_setup(void) __attribute__((__constructor__, __used__)); -static void __fail(const char *); -void __stack_chk_fail(void); -void __chk_fail(void); - -/*LINTED used*/ -static void -__guard_setup(void) -{ - static const int mib[2] = { CTL_KERN, KERN_ARND }; - size_t len; - int error; - - if (__stack_chk_guard[0] != 0) - return; - error = _elf_aux_info(AT_CANARY, __stack_chk_guard, - sizeof(__stack_chk_guard)); - if (error == 0 && __stack_chk_guard[0] != 0) - return; - - len = sizeof(__stack_chk_guard); - if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == - -1 || len != sizeof(__stack_chk_guard)) { - /* If sysctl was unsuccessful, use the "terminator canary". */ - ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; - ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; - ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; - ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; - } -} - -/*ARGSUSED*/ -static void -__fail(const char *msg) -{ - struct sigaction sa; - sigset_t mask; - - /* Immediately block all signal handlers from running code */ - (void)sigfillset(&mask); - (void)sigdelset(&mask, SIGABRT); - (void)sigprocmask(SIG_BLOCK, &mask, NULL); - - /* This may fail on a chroot jail... */ - syslog(LOG_CRIT, "%s", msg); - - (void)memset(&sa, 0, sizeof(sa)); - (void)sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; - sa.sa_handler = SIG_DFL; - (void)sigaction(SIGABRT, &sa, NULL); - (void)kill(getpid(), SIGABRT); - _exit(127); -} - -void -__stack_chk_fail(void) -{ - __fail("stack overflow detected; terminated"); -} - -void -__chk_fail(void) -{ - __fail("buffer overflow detected; terminated"); -} - -#ifndef PIC -__weak_reference(__stack_chk_fail, __stack_chk_fail_local); -#endif Index: lib/libc/sys/stack_protector_compat.c =================================================================== --- lib/libc/sys/stack_protector_compat.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Written by Alexander Kabaev - * The file is in public domain. - */ - -#include -__FBSDID("$FreeBSD$"); - -void __stack_chk_fail(void); - -#ifdef PIC -void -__stack_chk_fail_local_hidden(void) -{ - - __stack_chk_fail(); -} - -__sym_compat(__stack_chk_fail_local, __stack_chk_fail_local_hidden, FBSD_1.0); -#endif Index: sys/sys/cdefs.h =================================================================== --- sys/sys/cdefs.h +++ sys/sys/cdefs.h @@ -554,6 +554,26 @@ #define __gnu_inline #endif +#if __has_attribute(error) || __GNUC_PREREQ__(4, 3) +#define __error_attr(msg) __attribute__((__error__(msg))) +#else +#define __error_attr(msg) +#endif + +/* FORTIFY_SOURCE related defines. */ +#if __GNUC_PREREQ__(4, 1) && defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ + defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 +#define __BSD_FORTIFY 1 +#if _FORTIFY_SOURCE >= 2 +#define __bos(s) __builtin_object_size((s), 1) +#else +#define __bos(s) __builtin_object_size((s), 0) +#endif +#define __bos0(s) __builtin_object_size((s), 0) +#define __FORTIFY_INLINE extern __inline __always_inline __gnu_inline +#endif /* !_FORTIFY_SOURCE */ +#define __FORTIFY_UNKNOWN_SIZE ((size_t) -1) + /* Compiler-dependent macros that rely on FreeBSD-specific extensions. */ #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 300001 && \ defined(__GNUC__) && !defined(__INTEL_COMPILER) Index: sys/sys/poll.h =================================================================== --- sys/sys/poll.h +++ sys/sys/poll.h @@ -117,6 +117,10 @@ #endif __END_DECLS +#ifdef __BSD_FORTIFY +#include +#endif + #endif /* !_KERNEL */ #endif /* !_SYS_POLL_H_ */ Index: sys/sys/select.h =================================================================== --- sys/sys/select.h +++ sys/sys/select.h @@ -103,6 +103,11 @@ int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); #endif __END_DECLS + +#ifdef __BSD_FORTIFY +#include +#endif + #endif /* !_KERNEL */ #endif /* _SYS_SELECT_H_ */ Index: sys/sys/socket.h =================================================================== --- sys/sys/socket.h +++ sys/sys/socket.h @@ -630,6 +630,10 @@ int socketpair(int, int, int, int *); __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_KERNEL */ #ifdef _KERNEL Index: sys/sys/stat.h =================================================================== --- sys/sys/stat.h +++ sys/sys/stat.h @@ -356,6 +356,11 @@ int mknodat(int, const char *, mode_t, dev_t); #endif __END_DECLS + +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_KERNEL */ #endif /* !_SYS_STAT_H_ */ Index: tools/hbsd/build_hbsd_kernel.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_kernel.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_kernel_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_kernel_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT -DNO_CLEAN KERNCONF=GENERIC buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_libc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_libc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-libc-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-libc-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}/lib/libc; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_libc_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_libc_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-libc-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-libc-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}/lib/libc; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_world.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_world.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC buildworld buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_world_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_world_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC buildworld buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/install_hbsd_world.csh =================================================================== --- /dev/null +++ tools/hbsd/install_hbsd_world.csh @@ -0,0 +1,44 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC installworld installkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/install_hbsd_world_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/install_hbsd_world_nc.csh @@ -0,0 +1,44 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC installworld installkernel) |& tee -a ${_log} +touch ${_check_toolchain}