Index: etc/mtree/BSD.include.dist =================================================================== --- etc/mtree/BSD.include.dist +++ etc/mtree/BSD.include.dist @@ -321,6 +321,8 @@ mac_partition .. .. + secure + .. ssp .. sys Index: include/Makefile =================================================================== --- include/Makefile +++ include/Makefile @@ -6,7 +6,7 @@ .include CLEANFILES= osreldate.h version vers.c -SUBDIR= arpa protocols rpcsvc rpc xlocale +SUBDIR= arpa protocols rpcsvc rpc secure xlocale INCS= a.out.h ar.h assert.h bitstring.h complex.h cpio.h _ctype.h ctype.h \ db.h \ dirent.h dlfcn.h elf.h elf-hints.h err.h fmtmsg.h fnmatch.h fstab.h \ Index: include/secure/Makefile =================================================================== --- /dev/null +++ include/secure/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +INCS= security.h _poll.h _socket.h _stat.h _stdio.h _string.h _strings.h _unistd.h +INCSDIR= ${INCLUDEDIR}/secure + +.include Index: include/secure/_poll.h =================================================================== --- /dev/null +++ include/secure/_poll.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#ifndef _SYS_POLL_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_POLL_H_ +#define _SECURE_POLL_H_ + +#include + +__BEGIN_DECLS + +int __poll_chk(struct pollfd *, nfds_t, int, size_t); +int __poll_real(struct pollfd *, nfds_t, int) __RENAME(poll); +__errordecl(__poll_too_small_error, "poll: pollfd array smaller than fd count"); + +int __ppoll_chk(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *, size_t); +int __ppoll_real(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *) __RENAME(ppoll); +__errordecl(__ppoll_too_small_error, "ppoll: pollfd array smaller than fd count"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE int +poll(struct pollfd *_fds, nfds_t _fd_count, int _timeout) +{ + size_t _bos = __bos(_fds); + +#if defined(__clang__) + return (__poll_chk(_fds, _fd_count, _timeout, _bos)); +#else + if (_bos != __FORTIFY_UNKNOWN_SIZE) { + if (!__builtin_constant_p(_fd_count)) + return (__poll_chk(_fds, _fd_count, _timeout, _bos)); + else if (_bos / sizeof(*_fds) < _fd_count) + __poll_too_small_error(); + } + return (__poll_real(_fds, _fd_count, _timeout)); +#endif +} + +#if __BSD_VISIBLE +__FORTIFY_INLINE int +ppoll(struct pollfd *_fds, nfds_t _fd_count, const struct timespec *_timeout, const sigset_t *_mask) +{ + size_t _bos = __bos(_fds); + +#if defined(__clang__) + return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos)); +#else + if (_bos != __FORTIFY_UNKNOWN_SIZE) { + if (!__builtin_constant_p(_fd_count)) + return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos)); + else if (_bos / sizeof(*_fds) < _fd_count) + __ppoll_too_small_error(); + } + return (__ppoll_real(_fds, _fd_count, _timeout, _mask)); +#endif +} +#endif + +#endif + +__END_DECLS + +#endif /* !_SECURE_POLL_H_ */ Index: include/secure/_socket.h =================================================================== --- /dev/null +++ include/secure/_socket.h @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + + +#ifndef _SYS_SOCKET_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_SOCKET_H_ +#define _SECURE_SOCKET_H_ + +#include +#include + +__BEGIN_DECLS + +extern ssize_t __recvfrom_chk(int, void *, size_t, size_t, int, struct sockaddr * __restrict, socklen_t * __restrict); +extern ssize_t __recvfrom_real(int, void *, size_t, int, const struct sockaddr *, socklen_t *) __RENAME(recvfrom); +__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE ssize_t +recvfrom(int _fd, void *_buf, size_t _len, int _flags, struct sockaddr * __restrict _src_addr, socklen_t * __restrict _addr_len) +{ + size_t _bos = __bos0(_buf); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__recvfrom_real(_fd, _buf, _len, _flags, _src_addr, _addr_len)); + + if (__builtin_constant_p(_len) && (_len <= _bos)) + return (__recvfrom_real(_fd, _buf, _len, _flags, _src_addr, _addr_len)); + + if (__builtin_constant_p(_len) && (_len > _bos)) + __recvfrom_error(); +#endif + + return (__recvfrom_chk(_fd, _buf, _len, _bos, _flags, _src_addr, _addr_len)); +} + + +__FORTIFY_INLINE ssize_t +recv(int _socket, void *_buf, size_t _len, int _flags) +{ + + return recvfrom(_socket, _buf, _len, _flags, NULL, 0); +} + +#endif /* !__BSD_FORTIFY */ + +__END_DECLS + +#endif /* !_SECURE_SOCKET_H */ Index: include/secure/_stat.h =================================================================== --- /dev/null +++ include/secure/_stat.h @@ -0,0 +1,70 @@ +/*- + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#ifndef _SYS_STAT_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STAT_H_ +#define _SECURE_STAT_H_ + +#include + +__BEGIN_DECLS + +extern mode_t __umask_chk(mode_t); +#ifndef __FORTIFY_UMASK_REAL +#define __FORTIFY_UMASK_REAL 1 +extern mode_t __umask_real(mode_t) __RENAME(umask); +#endif +__errordecl(__umask_invalid_mode, "umask called with invalid mode"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE mode_t +umask(mode_t _mode) +{ +#if !defined(__clang__) + if (__builtin_constant_p(_mode)) { + if ((_mode & 0777) != _mode) + __umask_invalid_mode(); + + return (__umask_real(_mode)); + } +#endif + return (__umask_chk(_mode)); +} +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STAT_H_ */ Index: include/secure/_stdio.h =================================================================== --- /dev/null +++ include/secure/_stdio.h @@ -0,0 +1,199 @@ +/* $FreeBSD$ */ +/* $OpenBSD: stdio.h,v 1.35 2006/01/13 18:10:09 miod Exp $ */ +/* $NetBSD: stdio.h,v 1.18 1996/04/25 18:29:21 jtc Exp $ */ +/* bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)stdio.h 5.17 (Berkeley) 6/3/91 + */ + +#ifndef _STDIO_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STDIO_H_ +#define _SECURE_STDIO_H_ + +#include +#include + +__BEGIN_DECLS + +extern char *__fgets_chk(char *, int, FILE *, size_t); +extern char *__fgets_real(char *, int, FILE *) __RENAME(fgets); +__errordecl(__fgets_too_big_error, "fgets called with size bigger than buffer"); +__errordecl(__fgets_too_small_error, "fgets called with size less than zero"); +extern char *__gets_chk(char *, size_t); +extern char *__gets_real(char *) __RENAME(gets); +extern int __sprintf_chk(char * __restrict, int, size_t, const char * __restrict, ...); +extern int __sprintf_real(char * __restrict, const char * __restrict, ...) __RENAME(sprintf); +extern int __vsprintf_chk(char * __restrict, int, size_t, const char * __restrict, __va_list); +extern int __vsprintf_real(char * __restrict, const char * __restrict, __va_list) __RENAME(vsprintf); + +#if __ISO_C_VISIBLE >= 1999 +extern int __snprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, ...); +extern int __snprintf_real(char * __restrict, size_t, const char * __restrict, ...) __RENAME(snprintf) __printflike(3, 4); +extern int __vsnprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, __va_list); +extern int __vsnprintf_real(char * __restrict, size_t, const char * __restrict, __va_list) __RENAME(vsnprintf) __printflike(3, 0); +#endif + +#if defined(__BSD_FORTIFY) + +#if __ISO_C_VISIBLE >= 1999 +__FORTIFY_INLINE __printflike(3, 0) int +vsnprintf(char *_dest, size_t _size, const char *_format, __va_list _ap) +{ + size_t _bos = __bos(_dest); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__vsnprintf_real(_dest, _size, _format, _ap)); +#endif + + return (__vsnprintf_chk(_dest, _size, 0, _bos, _format, _ap)); +} +#endif /* __ISO_C_VISIBLE */ + +__FORTIFY_INLINE __printflike(2, 0) int +vsprintf(char *_dest, const char *_format, __va_list _ap) +{ + size_t _bos = __bos(_dest); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__vsprintf_real(_dest, _format, _ap)); +#endif + + return (__vsprintf_chk(_dest, 0, _bos, _format, _ap)); +} + + +#if __ISO_C_VISIBLE >= 1999 +#if !__has_builtin(va_arg_pack) && !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ +#if !defined(snprintf) && !defined(__cplusplus) +#define __wrap_snprintf(_dest, _size, ...) __snprintf_chk(_dest, _size, 0, __bos(_dest), __VA_ARGS__) +#define snprintf(...) __wrap_snprintf(__VA_ARGS__) +#endif /* !snprintf */ +#else /* __GNUC_PREREQ__(4, 3) */ +__FORTIFY_INLINE __printflike(3, 4) int +snprintf(char *_dest, size_t _size, const char *_format, ...) +{ + size_t _bos = __bos(_dest); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__snprintf_real(_dest, _size, _format, + __builtin_va_arg_pack())); + + return (__snprintf_chk(_dest, _size, 0, _bos, _format, + __builtin_va_arg_pack())); +} +#endif /* !__GNUC_PREREQ__(4, 3) */ +#endif /* __ISO_C_VISIBLE */ + +#if !__has_builtin(va_arg_pack) && !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ +#if !defined(sprintf) && !defined(__cplusplus) +#define __wrap_sprintf(_dest, ...) __sprintf_chk(_dest, 0, __bos(_dest), __VA_ARGS__) +#define sprintf(...) __wrap_sprintf(__VA_ARGS__) +#endif /* !sprintf */ +#else /* __GNUC_PREREQ__(4, 3) */ +__FORTIFY_INLINE __printflike(2, 3) int +sprintf(char *_dest, const char *_format, ...) +{ + size_t _bos = __bos(_dest); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__sprintf_real(_dest, _format, + __builtin_va_arg_pack())); + + return (__sprintf_chk(_dest, 0, _bos, _format, + __builtin_va_arg_pack())); +} + +#endif /* !__GNUC_PREREQ__(4, 3) */ + +__FORTIFY_INLINE char * +fgets(char *_buf, int _n, FILE *_stream) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always negative. + * Force a compiler error. + */ + if (__builtin_constant_p(_n) && (_n < 0)) + __fgets_too_small_error(); + /* + * Compiler doesn 't know destination size. + * Don' t call __fgets_chk. + */ + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__fgets_real(_buf, _n, _stream)); + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. + * Don 't call __fgets_chk. + */ + if (__builtin_constant_p(_n) && (_n <= (int)_bos)) + return (__fgets_real(_buf, _n, _stream)); + /* + * Compiler can prove, at compile time, that the passed in size + * is always > the actual object size. + * Force a compiler error. + */ + if (__builtin_constant_p(_n) && (_n > (int)_bos)) + __fgets_too_big_error(); +#endif + return (__fgets_chk(_buf, _n, _stream, _bos)); +} + + +__FORTIFY_INLINE char * +gets(char *_buf) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__gets_real(_buf)); +#endif + + return (__gets_chk(_buf, _bos)); +} + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STDIO_H_ */ Index: include/secure/_string.h =================================================================== --- /dev/null +++ include/secure/_string.h @@ -0,0 +1,448 @@ +/*- + * Copyright (c) 2015 Oliver Pinter + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 + * + * $FreeBSD$ + */ + +#ifndef _STRING_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STRING_H_ +#define _SECURE_STRING_H_ + +#include + +__BEGIN_DECLS + +extern void *__memccpy_chk(void *, const void *, int, size_t, size_t); +extern void *__memccpy_real(void *, const void *, int, size_t) __RENAME(memccpy); +extern void *__memchr_chk(const void *, int, size_t, size_t); +extern void *__memchr_real(const void *, int, size_t) __RENAME(memchr); +extern void *__memcpy_chk(void *, const void *, size_t, size_t); +extern void *__memcpy_real(void *, const void *, size_t) __RENAME(memcpy); +__errordecl(__memchr_buf_size_error, "memchr called with size bigger than buffer"); +extern void *__memmove_chk(void *, const void *, size_t, size_t); +extern void *__memmove_real(void *, const void *, size_t) __RENAME(memmove); +extern void *__memrchr_chk(const void *, int, size_t, size_t); +extern void *__memrchr_real(const void *, int, size_t) __RENAME(memrchr); +__errordecl(__memrchr_buf_size_error, "memrchr called with size bigger than buffer"); +extern void *__memset_chk(void *, int, size_t, size_t); +extern void *__memset_real(void *, int, size_t) __RENAME(memset); +extern char *__strcat_chk(char *__restrict, const char *__restrict, size_t); +extern char *__strcat_real(char *__restrict, const char *__restrict) __RENAME(strcat); +extern char *__strncat_chk(char *__restrict, const char *__restrict, size_t, size_t); +extern char *__strncat_real(char *__restrict, const char *__restrict, size_t) __RENAME(strncat); +extern char *__stpcpy_chk(char *, const char *, size_t); +extern char *__stpcpy_real(char *, const char *) __RENAME(stpcpy); +extern char *__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t); +extern char *__stpncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); +extern char *__stpncpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(stpncpy); +extern char *__strcpy_chk(char *, const char *, size_t); +extern char *__strcpy_real(char *, const char *) __RENAME(strcpy); +extern char *__strncpy_chk(char *, const char *, size_t, size_t); +extern char *__strncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); +extern char *__strncpy_real(char *, const char *, size_t) __RENAME(strncpy); +extern size_t __strlcpy_chk(char *, const char *, size_t, size_t); +extern size_t __strlcpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcpy); +extern size_t __strlcat_chk(char * __restrict, const char * __restrict, size_t, size_t); +extern size_t __strlcat_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcat); +extern size_t __strlen_chk(const char *, size_t); +extern size_t __strlen_real(const char *) __RENAME(strlen); +extern char *__strchr_chk(const char *, int, size_t); +extern char *__strchr_real(const char *, int) __RENAME(strchr); +extern char *__strchrnul_chk(const char *, int, size_t); +extern char *__strchrnul_real(const char *, int) __RENAME(strchrnul); +extern char *__strrchr_chk(const char *, int, size_t); +extern char *__strrchr_real(const char *, int) __RENAME(strrchr); + +#if defined(__BSD_FORTIFY) + +#if __XSI_VISIBLE >= 600 +__FORTIFY_INLINE void * +memccpy(void * __restrict _d, const void * __restrict _s, int _c, size_t _n) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memccpy_real(_d, _s, _c, _n)); +#endif + + return (__memccpy_chk(_d, _s, _c, _n, _bos)); +} +#endif /* __XSI_VISIBLE */ + + +__FORTIFY_INLINE void * +memchr(const void *_s, int _c, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memchr_real(_s, _c, _n)); + + if (__builtin_constant_p(_n) && (_n > _bos)) + __memchr_buf_size_error(); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __memchr_chk. + */ + if (__builtin_constant_p(_n) && (_n <= _bos)) + return (__memchr_real(_s, _c, _n)); +#endif + + return (__memchr_chk(_s, _c, _n, _bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE void * +memrchr(const void *_s, int _c, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memrchr_real(_s, _c, _n)); + + if (__builtin_constant_p(_n) && (_n > _bos)) + (__memrchr_buf_size_error()); + + if (__builtin_constant_p(_n) && (_n <= _bos)) + return __memrchr_real(_s, _c, _n); +#endif + + return (__memrchr_chk(_s, _c, _n, _bos)); +} +#endif /* __BSD_VISIBLE */ + + +__FORTIFY_INLINE void * +memcpy(void * __restrict _d, const void * __restrict _s, size_t _n) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memcpy_real(_d, _s, _n)); +#endif + + return (__memcpy_chk(_d, _s, _n, _bos)); +} + + +__FORTIFY_INLINE void * +memmove(void *_d, const void *_s, size_t _n) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memmove_real(_d, _s, _n)); +#endif + + return (__memmove_chk(_d, _s, _n, _bos)); +} + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE char * +stpcpy(char * __restrict _d, const char * __restrict _s) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__stpcpy_real(_d, _s)); +#endif + + return (__stpcpy_chk(_d, _s, _bos)); +} +#endif /* __POSIX_VISIBLE */ + + +__FORTIFY_INLINE char * +strcpy(char * __restrict _d, const char * __restrict _s) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strcpy_real(_d, _s)); +#endif + + return (__strcpy_chk(_d, _s, _bos)); +} + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE char * +stpncpy(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _d_bos = __bos(_d); + size_t _s_bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + if (_d_bos == __FORTIFY_UNKNOWN_SIZE) + return (__stpncpy_real(_d, _s, _n)); + + if (_s_bos == __FORTIFY_UNKNOWN_SIZE) + return (__stpncpy_chk(_d, _s, _n, _d_bos)); + + if (__builtin_constant_p(_n) && (_n <= _s_bos)) + return (__stpncpy_chk(_d, _s, _n, _d_bos)); + + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen)) + return (__stpncpy_chk(_d, _s, _n, _d_bos)); +#endif + + return (__stpncpy_chk2(_d, _s, _n, _d_bos, _s_bos)); +} +#endif /* __POSIX_VISIBLE */ + + +__FORTIFY_INLINE char * +strncpy(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _d_bos = __bos(_d); + size_t _s_bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + if (_d_bos == __FORTIFY_UNKNOWN_SIZE) + return (__strncpy_real(_d, _s, _n)); + + if (_s_bos == __FORTIFY_UNKNOWN_SIZE) + return (__strncpy_chk(_d, _s, _n, _d_bos)); + + if (__builtin_constant_p(_n) && (_n <= _s_bos)) + return (__strncpy_chk(_d, _s, _n, _d_bos)); + + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen)) + return (__strncpy_chk(_d, _s, _n, _d_bos)); +#endif + + return (__strncpy_chk2(_d, _s, _n, _d_bos, _s_bos)); +} + + +__FORTIFY_INLINE char * +strcat(char * __restrict _d, const char * __restrict _s) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strcat_real(_d, _s)); +#endif + + return (__strcat_chk(_d, _s, _bos)); +} + + +__FORTIFY_INLINE char * +strncat(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strncat_real(_d, _s, _n)); +#endif + + return (__strncat_chk(_d, _s, _n, _bos)); +} + + +__FORTIFY_INLINE void * +memset(void *_s, int _c, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memset_real(_s, _c, _n)); +#endif + + return (__memset_chk(_s, _c, _n, _bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE size_t +strlcpy(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + /* Compiler doesn't know destination size. Don't call __strlcpy_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strlcpy_real(_d, _s, _n)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlcpy_chk. + */ + if (__builtin_constant_p(_n) && (_n <= _bos)) + return (__strlcpy_real(_d, _s, _n)); +#endif + + return (__strlcpy_chk(_d, _s, _n, _bos)); +} +#endif /* __BSD_VISIBLE */ + + +#if __BSD_VISIBLE +__FORTIFY_INLINE size_t +strlcat(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + /* Compiler doesn't know destination size. Don't call __strlcat_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strlcat_real(_d, _s, _n)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlcat_chk. + */ + if (__builtin_constant_p(_n) && (_n <= _bos)) + return (__strlcat_real(_d, _s, _n)); +#endif + + return (__strlcat_chk(_d, _s, _n, _bos)); +} +#endif /* __BSD_VISIBLE */ + + +__FORTIFY_INLINE size_t +strlen(const char *_s) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strlen_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strlen_real(_s)); + + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen)) + return (_slen); +#endif + + return (__strlen_chk(_s, _bos)); +} + +__FORTIFY_INLINE char * +strchr(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strchr_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strchr_real(_s, _c)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlchr_chk. + */ + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__strchr_real(_s, _c)); +#endif + + return (__strchr_chk(_s, _c, _bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE char * +strchrnul(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strchr_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strchrnul_real(_s, _c)); + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlchrnul_chk. + */ + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__strchrnul_real(_s, _c)); +#endif + + return (__strchrnul_chk(_s, _c, _bos)); +} +#endif + + +__FORTIFY_INLINE char * +strrchr(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strrchr_real(_s, _c)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlen_chk. + */ + _slen = __strlen_real(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__strrchr_real(_s, _c)); +#endif + + return (__strrchr_chk(_s, _c, _bos)); +} + + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STRING_H */ Index: include/secure/_strings.h =================================================================== --- /dev/null +++ include/secure/_strings.h @@ -0,0 +1,112 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _STRINGS_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STRINGS_H_ +#define _SECURE_STRINGS_H_ + +#include + +__BEGIN_DECLS + +extern void *__bcopy_chk(void *, const void *, size_t, size_t) __RENAME(__memmove_chk); +extern void __bcopy_real(const void *, void *, size_t) __RENAME(bcopy); +extern void *__bzero_chk(void *, int, size_t, size_t) __RENAME(__memset_chk); +extern void __bzero_real(void *, size_t) __RENAME(bzero); +extern char *__rindex_chk(const char *, int, size_t); +extern char *__rindex_real(const char *, int) __RENAME(rindex); + +#if defined(__BSD_FORTIFY) +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE void +bcopy(const void *_s, void *_d, size_t _l) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + __bcopy_real(_s, _d, _l); +#endif + + (void)(__bcopy_chk(_d, _s, _l, _bos)); +} +#endif + + +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE void +bzero(void *_s, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + __bzero_real(_s, _n); +#endif + + (void)(__bzero_chk(_s, '\0', _n, _bos)); +} +#endif + + +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE char * +rindex(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__rindex_real(_s, _c)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __rindex_chk. + */ + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__rindex_real(_s, _c)); +#endif + + return (__rindex_chk(_s, _c, _bos)); +} +#endif + + +#endif /* !__BSD_FORTIFY */ + +__END_DECLS + +#endif /* !defined(_SECURE_STRINGS_H_) */ Index: include/secure/_unistd.h =================================================================== --- /dev/null +++ include/secure/_unistd.h @@ -0,0 +1,171 @@ +/*- + * Copyright (c) 2015 Oliver Pinter + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 + * + * $FreeBSD$ + */ + +#ifndef _UNISTD_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_UNISTD_H_ +#define _SECURE_UNISTD_H_ + +#include +#include + +__BEGIN_DECLS + +extern ssize_t __pread_chk(int, void *, size_t, off_t, size_t); +extern ssize_t __pread_real(int, void *, size_t, off_t) __RENAME(pread); +__errordecl(__pread_dest_size_error, "pread called with size bigger than destination"); +__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX"); + +extern ssize_t __read_chk(int, void *, size_t, size_t); +extern ssize_t __read_real(int, void *, size_t) __RENAME(read); +__errordecl(__read_dest_size_error, "read called with size bigger than destination"); +__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX"); + +extern ssize_t __readlink_chk(const char *, char *, size_t, size_t); +extern ssize_t __readlink_real(const char *, char *, size_t) __RENAME(readlink); +__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination"); +__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX"); + +extern ssize_t __readlinkat_chk(int, const char *, char *, size_t, size_t); +extern ssize_t __readlinkat_real(int, const char *, char *, size_t) __RENAME(readlinkat); +__errordecl(__readlinkat_dest_size_error, "readlinkat called with size bigger than destination"); +__errordecl(__readlinkat_size_toobig_error, "readlinkat called with size > SSIZE_MAX"); + +#if defined(__BSD_FORTIFY) + +/* 1003.1-2008 */ +#if __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE +__FORTIFY_INLINE ssize_t +pread(int _fd, void *_buf, size_t _count, off_t _offset) +{ + size_t _bos = __bos0(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_count) && (_count > SSIZE_MAX)) + __pread_count_toobig_error(); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__pread_real(_fd, _buf, _count, _offset)); + + if (__builtin_constant_p(_count) && (_count > _bos)) + __pread_dest_size_error(); + + if (__builtin_constant_p(_count) && (_count <= _bos)) + return (__pread_real(_fd, _buf, _count, _offset)); +#endif + + return (__pread_chk(_fd, _buf, _count, _offset, _bos)); +} +#endif /* __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE */ + + +__FORTIFY_INLINE ssize_t +read(int _fd, void *_buf, size_t _count) +{ + size_t _bos = __bos0(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_count) && (_count > SSIZE_MAX)) + __read_count_toobig_error(); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__read_real(_fd, _buf, _count)); + + if (__builtin_constant_p(_count) && (_count > _bos)) + __read_dest_size_error(); + + if (__builtin_constant_p(_count) && (_count <= _bos)) + return (__read_real(_fd, _buf, _count)); +#endif + + return (__read_chk(_fd, _buf, _count, _bos)); +} + + +/* 1003.1-2001 */ +#if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE +__FORTIFY_INLINE ssize_t +readlink(const char *_path, char *_buf, size_t _size) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_size) && (_size > SSIZE_MAX)) + __readlink_size_toobig_error(); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__readlink_real(_path, _buf, _size)); + + if (__builtin_constant_p(_size) && (_size > _bos)) + __readlink_dest_size_error(); + + if (__builtin_constant_p(_size) && (_size <= _bos)) + return (__readlink_real(_path, _buf, _size)); +#endif + + return (__readlink_chk(_path, _buf, _size, _bos)); +} +#endif /* __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE */ + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE ssize_t +readlinkat(int _dirfd, const char *_path, char *_buf, size_t _size) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_size) && (_size > SSIZE_MAX)) + (__readlinkat_size_toobig_error()); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__readlinkat_real(_dirfd, _path, _buf, _size)); + + if (__builtin_constant_p(_size) && (_size > _bos)) + __readlinkat_dest_size_error(); + + if (__builtin_constant_p(_size) && (_size <= _bos)) + return (__readlinkat_real(_dirfd, _path, _buf, _size)); +#endif + + return (__readlinkat_chk(_dirfd, _path, _buf, _size, _bos)); +} +#endif /* __POSIX_VISIBLE >= 200809 */ + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_UNISTD_H_ */ Index: include/secure/security.h =================================================================== --- /dev/null +++ include/secure/security.h @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SECURE_SECURITY_ +#define _SECURE_SECURITY_ + +#include +#include + +#if !defined(__clang__) +#define __errordecl(name, msg) extern void name(void) __error_attr(msg) +#else +#define __errordecl(name, msg) +#endif + +#define __RENAME(x) __asm__(#x) + +__BEGIN_DECLS + +/* Common fail function. */ +void __secure_fail(const char *msg) __dead2 __nonnull(1); + +/* SSP related fail functions. */ +void __chk_fail(void) __dead2; +void __stack_chk_fail(void) __dead2; + +/* FORTIFY_SOURCE related fail function. */ +void __fortify_chk_fail(const char* msg) __dead2 __nonnull(1); +int __fortify_chk_overlap(const void *a, const void *b, size_t len); + +__END_DECLS + +#endif /* !_SECURE_SECURITY_ */ Index: include/stdio.h =================================================================== --- include/stdio.h +++ include/stdio.h @@ -521,4 +521,9 @@ #endif /* __cplusplus */ __END_DECLS + +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_STDIO_H_ */ Index: include/string.h =================================================================== --- include/string.h +++ include/string.h @@ -141,4 +141,8 @@ #endif __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* _STRING_H_ */ Index: include/strings.h =================================================================== --- include/strings.h +++ include/strings.h @@ -68,4 +68,8 @@ #endif __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* _STRINGS_H_ */ Index: include/unistd.h =================================================================== --- include/unistd.h +++ include/unistd.h @@ -589,4 +589,8 @@ #endif /* __BSD_VISIBLE */ __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_UNISTD_H_ */ Index: lib/libc/Makefile =================================================================== --- lib/libc/Makefile +++ lib/libc/Makefile @@ -95,6 +95,7 @@ .include "${LIBC_SRCTOP}/stdtime/Makefile.inc" .include "${LIBC_SRCTOP}/string/Makefile.inc" .include "${LIBC_SRCTOP}/sys/Makefile.inc" +.include "${LIBC_SRCTOP}/secure/Makefile.inc" .include "${LIBC_SRCTOP}/rpc/Makefile.inc" .include "${LIBC_SRCTOP}/uuid/Makefile.inc" .include "${LIBC_SRCTOP}/xdr/Makefile.inc" Index: lib/libc/secure/Makefile.inc =================================================================== --- /dev/null +++ lib/libc/secure/Makefile.inc @@ -0,0 +1,50 @@ +# secure sources +.PATH: ${LIBC_SRCTOP}/secure + +# Sources common to both syscall interfaces: +SRCS+= \ + fortify_source.c \ + secure_common.c \ + stack_protector.c \ + stack_protector_compat.c + +# Sources which contains FORTIFY_SOURCE functions: +SRCS+= \ + __fgets_chk.c \ + __gets_chk.c \ + __memccpy_chk.c \ + __memchr_chk.c \ + __memcpy_chk.c \ + __memmove_chk.c \ + __memrchr_chk.c \ + __memset_chk.c \ + __pread_chk.c \ + __read_chk.c \ + __readlink_chk.c \ + __readlinkat_chk.c \ + __stpcpy_chk.c \ + __stpncpy_chk.c \ + __strcat_chk.c \ + __strchr_chk.c \ + __strchrnul_chk.c \ + __strcpy_chk.c \ + __strlcat_chk.c \ + __strlcpy_chk.c \ + __strlen_chk.c \ + __strncat_chk.c \ + __strncpy_chk.c \ + __strrchr_chk.c \ + __vsnprintf_chk.c \ + __vsprintf_chk.c + +# Sources which contains FORTIFY_SOURCE functions, +# but live in .h files under sys/sys +SRCS+= \ + __poll_chk.c \ + __recvfrom_chk.c \ + __umask_chk.c + +SYM_MAPS+= ${LIBC_SRCTOP}/secure/Symbol.map + +MAN+= __builtin_object_size.3 + Index: lib/libc/secure/Symbol.map =================================================================== --- /dev/null +++ lib/libc/secure/Symbol.map @@ -0,0 +1,66 @@ +/* + * $FreeBSD$ + */ + +/* + * It'd be nice to have this automatically generated, but we don't + * know to what version they will eventually belong, so for now + * it has to be manual. + */ +FBSD_1.0 { + __chk_fail; + __stack_chk_fail; + __stack_chk_guard; +}; + +FBSD_1.1 { +}; + +FBSD_1.2 { +}; + +FBSD_1.3 { +}; + +FBSD_1.4 { + __fgets_chk; + __fortify_chk_fail; + __gets_chk; + __memccpy_chk; + __memchr_chk; + __memcpy_chk; + __memmove_chk; + __memrchr_chk; + __memset_chk; + __poll_chk; + __ppoll_chk; + __pread_chk; + __read_chk; + __readlink_chk; + __readlinkat_chk; + __recvfrom_chk; + __rindex_chk; + __snprintf_chk; + __sprintf_chk; + __stpcpy_chk; + __stpncpy_chk; + __stpncpy_chk2; + __strcat_chk; + __strchr_chk; + __strchrnul_chk; + __strcpy_chk; + __strlcat_chk; + __strlcpy_chk; + __strlen_chk; + __strncat_chk; + __strncpy_chk; + __strncpy_chk2; + __strrchr_chk; + __umask_chk; + __vsnprintf_chk; + __vsprintf_chk; + __secure_fail; +}; + +FBSDprivate_1.0 { +}; Index: lib/libc/secure/__builtin_object_size.3 =================================================================== --- /dev/null +++ lib/libc/secure/__builtin_object_size.3 @@ -0,0 +1,101 @@ +.\" $NetBSD: __builtin_object_size.3,v 1.10 2012/07/19 06:44:12 wiz Exp $ +.\" +.\" Copyright (c) 2007 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd July 18, 2012 +.Dt __BUILTIN_OBJECT_SIZE 3 +.Os +.Sh NAME +.Nm __builtin_object_size +.Nd return the size of the given object +.Sh SYNOPSIS +.Ft size_t +.Fn __builtin_object_size "void *ptr" "int type" +.Sh DESCRIPTION +The +.Fn __builtin_object_size +function is a +.Xr gcc 1 +built-in function that returns the size of the +.Fa ptr +object if known at compile time and the object does not have any side +effects. +.Sh RETURN VALUES +If the size of the object is not known or it has side effects the +.Fn __builtin_object_size +function returns: +.Bl -tag -width (size_t)\-1 -offset indent +.It Dv (size_t)\-1 +for +.Fa type +.Dv 0 +and +.Dv 1 . +.It Dv (size_t)0 +for +.Fa type +.Dv 2 +and +.Dv 3 . +.El +.Pp +If the size of the object is known, then the +.Fn __builtin_object_size +function returns the maximum size of all the objects that the compiler +knows that they can be pointed to by +.Fa ptr +when +.Fa type +.Dv \*[Am] 2 == 0 , +and the minimum size when +.Fa type +.Dv \*[Am] 2 != 0 . +.Sh SEE ALSO +.Xr gcc 1 , +.Xr __builtin_return_address 3 , +.Xr attribute 3 , +.Xr ssp 3 +.Sh HISTORY +The +.Fn __builtin_object_size +appeared in +.Tn GCC 4.1 . +.Sh CAVEATS +This is a non-standard, compiler-specific extension. +.Pp +Note that currently the object size calculation pass is only done at -O1 +or above, meaning that this function always returns \-1 when the optimizer +is off. +.Pp +There are some discussions about always doing the object size pass, but +the issue is that without the optimization pass data sizes are not going +to be correct. +.Pp +For that reason currently code fortification (size-checked replacement +functions) is disabled when optimization is off. Index: lib/libc/secure/__fgets_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__fgets_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_stdio.h" + +char * +__fgets_chk(char *buf, int n, FILE *stream, size_t bos) +{ + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (fgets(buf, n, stream)); + + if (n < 0) + __fortify_chk_fail("fgets: buffer size < 0"); + + if (((size_t)n) > bos) + __fortify_chk_fail("fgets: prevented write past end of buffer"); + + return (fgets(buf, n, stream)); +} Index: lib/libc/secure/__gets_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__gets_chk.c @@ -0,0 +1,80 @@ +/* $FreeBSD$ */ +/* $NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $ */ + +/*- + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#undef _FORTIFY_SOURCE + +#include +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $"); + +/*LINTLIBRARY*/ + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +char * +__gets_chk(char * __restrict buf, size_t bos) +{ + char *abuf; + size_t len; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (gets(buf)); + + if (__predict_false(bos >= (size_t)INT_MAX)) + return (gets(buf)); + + if ((abuf = malloc(bos + 1)) == NULL) + return (gets(buf)); + + if (fgets(abuf, (int)(bos + 1), stdin) == NULL) { + free(abuf); + return (NULL); + } + + len = strlen(abuf); + if (len > 0 && abuf[len - 1] == '\n') + --len; + + if (len >= bos) + __fortify_chk_fail("gets: prevented write past end of buffer"); + + (void)memcpy(buf, abuf, len); + + buf[len] = '\0'; + free(abuf); + + return (buf); +} Index: lib/libc/secure/__memccpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memccpy_chk.c @@ -0,0 +1,66 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memccpy_chk(void *dest, const void *src, int c, size_t n, size_t bos) +{ + void *ret; + size_t len; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memccpy(dest, src, c, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memccpy: prevented write past end of buffer"); + + /* + * If n was copied, then return NULL, otherwise + * a pointer to the byte after the copy of c in the string + * dest is returned. + * + * See the memccpy(3) manpage for more details. + */ + ret = memccpy(dest, src, c, n); + if (ret != NULL) + len = ret - dest; + + if (__predict_false(__fortify_chk_overlap(dest, src, len))) + __fortify_chk_fail("memccpy: prevented overlapping strings"); + + return (ret); +} Index: lib/libc/secure/__memchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memchr_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +void * +__memchr_chk(const void *s, int c, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memchr(s, c, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail( + "memchr: prevented read past end of buffer"); + + return (memchr(s, c, n)); +} Index: lib/libc/secure/__memcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memcpy_chk.c @@ -0,0 +1,57 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memcpy_chk(void *d, const void *s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memcpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memcpy: prevented write past end of buffer"); + + /* See the memcpy(3) for more details. */ + if (__predict_false(__fortify_chk_overlap(d, s, n))) + __fortify_chk_fail("memcpy: prevented overlaping strings"); + + return (memcpy(d, s, n)); +} Index: lib/libc/secure/__memmove_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memmove_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memmove_chk(void *d, const void *s, size_t n, size_t bos) +{ + + /* + * Compiler doesn 't know dination size. + * Fallback to the original function. + */ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memmove(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memmove: prevented write past end of buffer"); + + return (memmove(d, s, n)); +} Index: lib/libc/secure/__memrchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memrchr_chk.c @@ -0,0 +1,51 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +void * +__memrchr_chk(const void *s, int c, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memrchr(s, c, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memrchr: prevented read past end of buffer"); + + return (memrchr(s, c, n)); +} Index: lib/libc/secure/__memset_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memset_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memset_chk(void *d, int c, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return memset(d, c, n); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memset: prevented write past end of buffer"); + + return memset(d, c, n); +} Index: lib/libc/secure/__poll_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__poll_chk.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_poll.h" + +int +__poll_chk(struct pollfd *fds, nfds_t fd_count, int timeout, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (poll(fds, fd_count, timeout)); + + if (__predict_false(bos / sizeof(*fds) < fd_count)) + __fortify_chk_fail("poll: pollfd array smaller than fd count"); + + return (poll(fds, fd_count, timeout)); +} + +int +__ppoll_chk(struct pollfd *fds, nfds_t fd_count, const struct timespec *timeout, const sigset_t *mask, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (ppoll(fds, fd_count, timeout, mask)); + + if (__predict_false(bos / sizeof(*fds) < fd_count)) + __fortify_chk_fail("ppoll: pollfd array smaller than fd count"); + + return (ppoll(fds, fd_count, timeout, mask)); +} Index: lib/libc/secure/__pread_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__pread_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__pread_chk(int fd, void *buf, size_t count, off_t offset, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (pread(fd, buf, count, offset)); + + if (__predict_false(count > bos)) + __fortify_chk_fail("pread: prevented write past end of buffer"); + + if (__predict_false(count > SSIZE_MAX)) + __fortify_chk_fail("pread: count > SSIZE_MAX"); + + return (pread(fd, buf, count, offset)); +} Index: lib/libc/secure/__read_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__read_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2013 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__read_chk(int fd, void *buf, size_t count, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (read(fd, buf, count)); + + if (__predict_false(count > bos)) + __fortify_chk_fail("read: prevented write past end of buffer"); + + if (__predict_false(count > SSIZE_MAX)) + __fortify_chk_fail("read: count > SSIZE_MAX"); + + return (read(fd, buf, count)); +} Index: lib/libc/secure/__readlink_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__readlink_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__readlink_chk(const char *path, char *buf, size_t size, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (readlink(path, buf, size)); + + if (__predict_false(size > bos)) + __fortify_chk_fail("readlink: prevented write past end of buffer"); + + if (__predict_false(size > SSIZE_MAX)) + __fortify_chk_fail("readlink: size > SSIZE_MAX"); + + return (readlink(path, buf, size)); +} Index: lib/libc/secure/__readlinkat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__readlinkat_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__readlinkat_chk(int dirfd, const char *path, char *buf, size_t size, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (readlinkat(dirfd, path, buf, size)); + + if (__predict_false(size > bos)) + __fortify_chk_fail("readlinkat: prevented write past end of buffer"); + + if (__predict_false(size > SSIZE_MAX)) + __fortify_chk_fail("readlinkat: size > SSIZE_MAX"); + + return (readlinkat(dirfd, path, buf, size)); +} Index: lib/libc/secure/__recvfrom_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__recvfrom_chk.c @@ -0,0 +1,53 @@ +/*- + * Copyright (C) 2013 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_socket.h" + +ssize_t +__recvfrom_chk(int socket, void *buf, size_t len, size_t bos, + int flags, struct sockaddr * __restrict src_addr, + socklen_t * __restrict addrlen) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (recvfrom(socket, buf, len, flags, src_addr, addrlen)); + + if (__predict_false(len > bos)) + __fortify_chk_fail("recvfrom: prevented write past end of buffer"); + + return (recvfrom(socket, buf, len, flags, src_addr, addrlen)); +} Index: lib/libc/secure/__stpcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__stpcpy_chk.c @@ -0,0 +1,59 @@ +/*- + * Copyright (C) 2014 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__stpcpy_chk(char *dest, const char *src, size_t bos) +{ + /* TODO:optimize so we don't scan src twice. */ + size_t src_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (stpcpy(dest, src)); + + src_len = strlen(src) + 1; + if (__predict_false(src_len > bos)) + __fortify_chk_fail("stpcpy: prevented write past end of buffer"); + + return (stpcpy(dest, src)); +} Index: lib/libc/secure/__stpncpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__stpncpy_chk.c @@ -0,0 +1,98 @@ +/*- + * Copyright (C) 2014 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__stpncpy_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (stpncpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("stpncpy: prevented write past end of buffer"); + + return stpncpy(d, s, n); +} + +/* + * __stpncpy_chk2 + * + * This is a variant of __stpncpy_chk, but it also checks to make + * sure we don't read beyond the end of "s". The code for this is + * based on the original version of stpncpy, but modified to check + * how much we read from "s" at the end of the copy operation. + */ +char * +__stpncpy_chk2(char *__restrict d, const char *__restrict s, size_t n, size_t d_bos, size_t s_bos) +{ + char *_d; + const char *_s = s; + size_t s_copy_len ; + + if (__predict_false(d_bos == __FORTIFY_UNKNOWN_SIZE)) + return (stpncpy(d, s, n)); + + if (__predict_false(s_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__stpncpy_chk(d, s, n, d_bos)); + + if (__predict_false(n > d_bos)) + __fortify_chk_fail("stpncpy: prevented write past end of buffer"); + + if (n != 0) { + _d = d; + + do { + if ((*_d++ = *_s++) == 0) { + /* NUL pad the remaining n-1 bytes */ + while (--n != 0) + *_d++ = 0; + break; + } + } while (--n != 0); + + s_copy_len = (size_t)(_s - s); + + if (__predict_false(s_copy_len > s_bos)) + __fortify_chk_fail("stpncpy: prevented read past end of buffer"); + } + + return (d); +} Index: lib/libc/secure/__strcat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strcat_chk.c @@ -0,0 +1,66 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strcat_chk(char *__restrict d, const char *__restrict s, size_t bos) +{ + char *save = d; + size_t d_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (strcat(d, s)); + + d_len = __strlen_chk(d, bos); + + d += d_len; + bos -= d_len; + + while ((*d++ = *s++) != '\0') { + bos--; + if (__predict_false(bos == 0)) + __fortify_chk_fail("strcat: prevented write past end of buffer"); + } + + return (save); +} Index: lib/libc/secure/__strchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strchr_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strchr_chk(const char *p, int ch, size_t bos) +{ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strchr(p, ch)); + + for (;; ++p, bos--) { + if (__predict_false(bos == 0)) + __fortify_chk_fail("strchr: prevented read past end of buffer"); + if (*p == (char)(ch)) + return ((char *)(p)); + if (*p == '\0') + return (NULL); + } + /* NOTREACHED */ +} Index: lib/libc/secure/__strchrnul_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strchrnul_chk.c @@ -0,0 +1,59 @@ +/*- + * Copyright (c) 2015 Pinter Oliver + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strchrnul_chk(const char *p, int ch, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strchrnul(p, ch)); + + for (;; ++p, bos--) { + if (__predict_false(bos == 0)) + __fortify_chk_fail( + "strchrnul: prevented read past end of buffer"); + if (*p == (char)(ch)) + return ((char *)(p)); + if (*p == '\0') + return ((char *)(p)); + } + /* NOTREACHED */ +} Index: lib/libc/secure/__strcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strcpy_chk.c @@ -0,0 +1,59 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strcpy_chk(char *d, const char *s, size_t bos) +{ + /* TODO: optimize so we don't scan s twice. */ + size_t s_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strcpy(d, s)); + + s_len = strlen(s) + 1; + if (__predict_false(s_len > bos)) + __fortify_chk_fail("strcpy: prevented write past end of buffer"); + + return (strcpy(d, s)); +} Index: lib/libc/secure/__strlcat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlcat_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +size_t +__strlcat_chk(char *d, const char *s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strlcat(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("strlcat: prevented write past end of buffer"); + + return (strlcat(d, s, n)); +} Index: lib/libc/secure/__strlcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlcpy_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +size_t +__strlcpy_chk(char *d, const char *s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strlcpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("strlcpy: prevented write past end of buffer"); + + return (strlcpy(d, s, n)); +} Index: lib/libc/secure/__strlen_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlen_chk.c @@ -0,0 +1,67 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +/* + * This test is designed to detect code such as: + * + * int main() { + * char buf[10]; + * memcpy(buf, "1234567890", sizeof(buf)); + * size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE + * printf("%d\n", len); + * return 0; + * } + * + * or anytime strlen reads beyond an object boundary. + */ +size_t +__strlen_chk(const char *s, size_t bos) +{ + size_t ret; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strlen(s)); + + ret = strlen(s); + if (__predict_false(ret >= bos)) + __fortify_chk_fail("strlen: prevented read past end of buffer"); + + return (ret); +} Index: lib/libc/secure/__strncat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strncat_chk.c @@ -0,0 +1,70 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strncat_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) +{ + size_t d_len; + char *_d; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strncat(d, s, n)); + + if (n == 0) + return (d); + + d_len = __strlen_chk(d, bos); + _d = d + d_len; + bos -= d_len; + + while (*s != '\0') { + *_d++ = *s++; + n--; + bos--; + + if (__predict_false(bos == 0)) + __fortify_chk_fail("strncat: prevented write past end of buffer"); + if (n == 0) + break; + } + *_d = '\0'; + + return (d); +} Index: lib/libc/secure/__strncpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strncpy_chk.c @@ -0,0 +1,97 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strncpy_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strncpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail( + "strncpy: prevented write past end of buffer"); + + return (strncpy(d, s, n)); +} + +/* + * __strncpy_chk2 + * + * This is a variant of __strncpy_chk, but it also checks to make + * sure we don't read beyond the end of "src". The code for this is + * based on the original version of strncpy, but modified to check + * how much we read from "src" at the end of the copy operation. + */ +char * +__strncpy_chk2(char *__restrict d, const char *__restrict s, size_t n, size_t d_bos, size_t s_bos) +{ + size_t s_copy_len; + + if (__predict_false(d_bos == __FORTIFY_UNKNOWN_SIZE)) + return (strncpy(d, s, n)); + + if (__predict_false(s_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strncpy_chk(d, s, n, d_bos)); + + if (__predict_false(n > d_bos)) + __fortify_chk_fail("strncpy: prevented write past end of buffer"); + + if (n != 0) { + char *_d = d; + const char *_s = s; + + do { + if ((*_d++ = *_s++) == 0) { + /* NUL pad the remaining n-1 bytes */ + while (--n != 0) + *_d++ = 0; + break; + } + } while (--n != 0); + + s_copy_len = (size_t)(_s - s); + + if (__predict_false(s_copy_len > s_bos)) + __fortify_chk_fail("strncpy: prevented read past end of buffer"); + } + + return (d); +} Index: lib/libc/secure/__strrchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strrchr_chk.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 1988 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strrchr_chk(const char *p, int ch, size_t bos) +{ + char *save; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strrchr(p, ch)); + + for (save = NULL;; ++p, bos--) { + if (bos == 0) + __fortify_chk_fail( + "strrchr: prevented read past end of buffer"); + if (*p == (char)ch) + save = (char *)p; + if (!*p) + return (save); + } + /* NOTREACHED */ +} + +__weak_reference(__strrchr_chk, __rindex_chk); + Index: lib/libc/secure/__umask_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__umask_chk.c @@ -0,0 +1,53 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stat.h" + +/* + * Validate that umask is called with sane mode. + */ +mode_t +__umask_chk(mode_t mode) +{ + + if (__predict_false((mode & 0777) != mode)) + __fortify_chk_fail("umask: called with invalid mask"); + + return (umask(mode)); +} Index: lib/libc/secure/__vsnprintf_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__vsnprintf_chk.c @@ -0,0 +1,76 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +int +__vsnprintf_chk(char *d, size_t n, int flags, size_t bos, const char *fmt, va_list va) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (vsnprintf(d, n, fmt, va)); + + if (__predict_false(n > bos)) + __fortify_chk_fail( + "vsnprintf: prevented write past end of buffer"); + + return (vsnprintf(d, n, fmt, va)); +} + + +int +__snprintf_chk(char *d, size_t n, int flags, size_t bos, const char *fmt, ...) +{ + va_list va; + int result; + + if (bos == __FORTIFY_UNKNOWN_SIZE) { + va_start(va, fmt); + result = __vsnprintf_real(d, n, fmt, va); + va_end(va); + + return (result); + } + + va_start(va, fmt); + result = __vsnprintf_chk(d, n, flags, bos, fmt, va); + va_end(va); + + return (result); +} Index: lib/libc/secure/__vsprintf_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__vsprintf_chk.c @@ -0,0 +1,78 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +int +__vsprintf_chk(char * __restrict d, int flags, size_t bos, const char * __restrict fmt, __va_list va) +{ + int result; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (vsprintf(d, fmt, va)); + + result = vsnprintf(d, bos, fmt, va); + if ((size_t)result >= bos) + __fortify_chk_fail( + "vsprintf: prevented write past end of buffer"); + + return (result); +} + + +int +__sprintf_chk(char * __restrict d, int flags, size_t bos, const char * __restrict fmt, ...) +{ + va_list va; + int result; + + if (bos == __FORTIFY_UNKNOWN_SIZE) { + va_start(va, fmt); + result = __vsprintf_real(d, fmt, va); + va_end(va); + + return (result); + } + + va_start(va, fmt); + result = __vsprintf_chk(d, flags, bos, fmt, va); + va_end(va); + + return (result); +} Index: lib/libc/secure/fortify_source.c =================================================================== --- /dev/null +++ lib/libc/secure/fortify_source.c @@ -0,0 +1,47 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include "secure/security.h" + +void +__fortify_chk_fail(const char* msg) +{ + + __secure_fail(msg); +} + +int +__fortify_chk_overlap(const void *a, const void *b, size_t len) +{ + + return ((a <= b && b <= a + len) || (b <= a && a <= b + len)); +} Index: lib/libc/secure/secure_common.c =================================================================== --- /dev/null +++ lib/libc/secure/secure_common.c @@ -0,0 +1,75 @@ +/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ +/* + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "libc_private.h" + +static void __fail(const char *) __dead2; + +/*ARGSUSED*/ +static void +__fail(const char *msg) +{ + struct sigaction sa; + sigset_t mask; + + /* Immediately block all signal handlers from running code */ + (void)sigfillset(&mask); + (void)sigdelset(&mask, SIGABRT); + (void)sigprocmask(SIG_BLOCK, &mask, NULL); + + /* This may fail on a chroot jail... */ + syslog(LOG_CRIT, "%s", msg); + + (void)memset(&sa, 0, sizeof(sa)); + (void)sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = SIG_DFL; + (void)sigaction(SIGABRT, &sa, NULL); + (void)kill(getpid(), SIGABRT); + _exit(127); +} + +void +__secure_fail(const char *msg) +{ + + __fail(msg); +} Index: lib/libc/secure/stack_protector.c =================================================================== --- /dev/null +++ lib/libc/secure/stack_protector.c @@ -0,0 +1,89 @@ +/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ +/* + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include "libc_private.h" + +extern int __sysctl(const int *name, u_int namelen, void *oldp, + size_t *oldlenp, void *newp, size_t newlen); + +long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; +static void __guard_setup(void) __attribute__((__constructor__, __used__)); +void __stack_chk_fail(void) __dead2; + +/*LINTED used*/ +static void +__guard_setup(void) +{ + static const int mib[2] = { CTL_KERN, KERN_ARND }; + size_t len; + int error; + + if (__stack_chk_guard[0] != 0) + return; + error = _elf_aux_info(AT_CANARY, __stack_chk_guard, + sizeof(__stack_chk_guard)); + if (error == 0 && __stack_chk_guard[0] != 0) + return; + + len = sizeof(__stack_chk_guard); + if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == + -1 || len != sizeof(__stack_chk_guard)) { + /* If sysctl was unsuccessful, use the "terminator canary". */ + ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; + ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; + ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; + ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; + } +} + +void +__stack_chk_fail(void) +{ + + __secure_fail("stack overflow detected; terminated"); +} + +void +__chk_fail(void) +{ + + __secure_fail("buffer overflow detected; terminated"); +} + +#ifndef PIC +__weak_reference(__stack_chk_fail, __stack_chk_fail_local); +#endif Index: lib/libc/secure/stack_protector_compat.c =================================================================== --- /dev/null +++ lib/libc/secure/stack_protector_compat.c @@ -0,0 +1,20 @@ +/* + * Written by Alexander Kabaev + * The file is in public domain. + */ + +#include +__FBSDID("$FreeBSD$"); + +void __stack_chk_fail(void); + +#ifdef PIC +void +__stack_chk_fail_local_hidden(void) +{ + + __stack_chk_fail(); +} + +__sym_compat(__stack_chk_fail_local, __stack_chk_fail_local_hidden, FBSD_1.0); +#endif Index: lib/libc/stdio/fgets.c =================================================================== --- lib/libc/stdio/fgets.c +++ lib/libc/stdio/fgets.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)fgets.c 8.2 (Berkeley) 12/22/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/gets.c =================================================================== --- lib/libc/stdio/gets.c +++ lib/libc/stdio/gets.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)gets.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/snprintf.c =================================================================== --- lib/libc/stdio/snprintf.c +++ lib/libc/stdio/snprintf.c @@ -38,6 +38,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)snprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/sprintf.c =================================================================== --- lib/libc/stdio/sprintf.c +++ lib/libc/stdio/sprintf.c @@ -38,6 +38,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)sprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/vsnprintf.c =================================================================== --- lib/libc/stdio/vsnprintf.c +++ lib/libc/stdio/vsnprintf.c @@ -38,6 +38,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)vsnprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/bzero.c =================================================================== --- lib/libc/string/bzero.c +++ lib/libc/string/bzero.c @@ -1,3 +1,4 @@ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memccpy.c =================================================================== --- lib/libc/string/memccpy.c +++ lib/libc/string/memccpy.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memccpy.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memchr.c =================================================================== --- lib/libc/string/memchr.c +++ lib/libc/string/memchr.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memchr.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memset.c =================================================================== --- lib/libc/string/memset.c +++ lib/libc/string/memset.c @@ -33,6 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memset.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/stpncpy.c =================================================================== --- lib/libc/string/stpncpy.c +++ lib/libc/string/stpncpy.c @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strchr.c =================================================================== --- lib/libc/string/strchr.c +++ lib/libc/string/strchr.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)index.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strchrnul.c =================================================================== --- lib/libc/string/strchrnul.c +++ lib/libc/string/strchrnul.c @@ -25,6 +25,7 @@ * */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlcat.c =================================================================== --- lib/libc/string/strlcat.c +++ lib/libc/string/strlcat.c @@ -16,6 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlcpy.c =================================================================== --- lib/libc/string/strlcpy.c +++ lib/libc/string/strlcpy.c @@ -16,6 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlen.c =================================================================== --- lib/libc/string/strlen.c +++ lib/libc/string/strlen.c @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strrchr.c =================================================================== --- lib/libc/string/strrchr.c +++ lib/libc/string/strrchr.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)rindex.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/Makefile.inc =================================================================== --- lib/libc/sys/Makefile.inc +++ lib/libc/sys/Makefile.inc @@ -21,8 +21,6 @@ # Sources common to both syscall interfaces: SRCS+= \ - stack_protector.c \ - stack_protector_compat.c \ __error.c \ interposing_table.c Index: lib/libc/sys/Symbol.map =================================================================== --- lib/libc/sys/Symbol.map +++ lib/libc/sys/Symbol.map @@ -56,7 +56,6 @@ bind; chdir; chflags; - __chk_fail; chmod; chown; chroot; @@ -281,8 +280,6 @@ sigwaitinfo; socket; socketpair; - __stack_chk_fail; - __stack_chk_guard; stat; statfs; swapoff; Index: lib/libc/sys/read.c =================================================================== --- lib/libc/sys/read.c +++ lib/libc/sys/read.c @@ -30,6 +30,7 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/readv.c =================================================================== --- lib/libc/sys/readv.c +++ lib/libc/sys/readv.c @@ -30,6 +30,7 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/stack_protector.c =================================================================== --- lib/libc/sys/stack_protector.c +++ /dev/null @@ -1,117 +0,0 @@ -/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ -/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ -/* - * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "libc_private.h" - -extern int __sysctl(const int *name, u_int namelen, void *oldp, - size_t *oldlenp, void *newp, size_t newlen); - -long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; -static void __guard_setup(void) __attribute__((__constructor__, __used__)); -static void __fail(const char *); -void __stack_chk_fail(void); -void __chk_fail(void); - -/*LINTED used*/ -static void -__guard_setup(void) -{ - static const int mib[2] = { CTL_KERN, KERN_ARND }; - size_t len; - int error; - - if (__stack_chk_guard[0] != 0) - return; - error = _elf_aux_info(AT_CANARY, __stack_chk_guard, - sizeof(__stack_chk_guard)); - if (error == 0 && __stack_chk_guard[0] != 0) - return; - - len = sizeof(__stack_chk_guard); - if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == - -1 || len != sizeof(__stack_chk_guard)) { - /* If sysctl was unsuccessful, use the "terminator canary". */ - ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; - ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; - ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; - ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; - } -} - -/*ARGSUSED*/ -static void -__fail(const char *msg) -{ - struct sigaction sa; - sigset_t mask; - - /* Immediately block all signal handlers from running code */ - (void)sigfillset(&mask); - (void)sigdelset(&mask, SIGABRT); - (void)sigprocmask(SIG_BLOCK, &mask, NULL); - - /* This may fail on a chroot jail... */ - syslog(LOG_CRIT, "%s", msg); - - (void)memset(&sa, 0, sizeof(sa)); - (void)sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; - sa.sa_handler = SIG_DFL; - (void)sigaction(SIGABRT, &sa, NULL); - (void)kill(getpid(), SIGABRT); - _exit(127); -} - -void -__stack_chk_fail(void) -{ - __fail("stack overflow detected; terminated"); -} - -void -__chk_fail(void) -{ - __fail("buffer overflow detected; terminated"); -} - -#ifndef PIC -__weak_reference(__stack_chk_fail, __stack_chk_fail_local); -#endif Index: lib/libc/sys/stack_protector_compat.c =================================================================== --- lib/libc/sys/stack_protector_compat.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Written by Alexander Kabaev - * The file is in public domain. - */ - -#include -__FBSDID("$FreeBSD$"); - -void __stack_chk_fail(void); - -#ifdef PIC -void -__stack_chk_fail_local_hidden(void) -{ - - __stack_chk_fail(); -} - -__sym_compat(__stack_chk_fail_local, __stack_chk_fail_local_hidden, FBSD_1.0); -#endif Index: lib/libstand/Makefile =================================================================== --- lib/libstand/Makefile +++ lib/libstand/Makefile @@ -8,6 +8,7 @@ MK_PROFILE= no MK_SSP= no +MK_FORTIFY= no .include Index: lib/libstand/stand.h =================================================================== --- lib/libstand/stand.h +++ lib/libstand/stand.h @@ -61,6 +61,12 @@ #ifndef STAND_H #define STAND_H +#undef _FORTIFY_SOURCE +/* + * Yes, this second one is a big hack. + */ +#undef __BSD_FORTIFY + #include #include #include Index: lib/libthr/Makefile =================================================================== --- lib/libthr/Makefile +++ lib/libthr/Makefile @@ -12,6 +12,7 @@ .include MK_SSP= no +MK_FORTIFY= no LIB=thr SHLIB_MAJOR= 3 Index: libexec/rtld-elf/Makefile =================================================================== --- libexec/rtld-elf/Makefile +++ libexec/rtld-elf/Makefile @@ -6,6 +6,7 @@ .include MK_SSP= no +MK_FORTIFY= no PROG?= ld-elf.so.1 SRCS= rtld_start.S \ Index: rescue/librescue/Makefile =================================================================== --- rescue/librescue/Makefile +++ rescue/librescue/Makefile @@ -4,6 +4,7 @@ .include MK_SSP= no +MK_FORTIFY= no # Certain library entries have hard-coded references to # /bin, /sbin, etc, that require those entries to be Index: rescue/rescue/Makefile =================================================================== --- rescue/rescue/Makefile +++ rescue/rescue/Makefile @@ -5,6 +5,7 @@ MAN= MK_SSP= no +MK_FORTIFY= no PROG= rescue BINDIR?=/rescue Index: share/mk/bsd.opts.mk =================================================================== --- share/mk/bsd.opts.mk +++ share/mk/bsd.opts.mk @@ -51,6 +51,7 @@ __DEFAULT_YES_OPTIONS = \ ASSERT_DEBUG \ DOCCOMPRESS \ + FORTIFY \ INCLUDES \ INSTALLLIB \ KERBEROS \ Index: share/mk/bsd.sys.mk =================================================================== --- share/mk/bsd.sys.mk +++ share/mk/bsd.sys.mk @@ -153,6 +153,11 @@ CFLAGS+= ${SSP_CFLAGS} .endif # SSP && !ARM && !MIPS +.if ${MK_FORTIFY} != "no" +FORTIFY_CFLAGS?= -D_FORTIFY_SOURCE=1 +CFLAGS+= ${FORTIFY_CFLAGS} +.endif # FORTIFY + # Allow user-specified additional warning flags, plus compiler specific flag overrides. # Unless we've overriden this... .if ${MK_WARNS} != "no" Index: sys/boot/efi/boot1/Makefile =================================================================== --- sys/boot/efi/boot1/Makefile +++ sys/boot/efi/boot1/Makefile @@ -8,6 +8,7 @@ .if ${COMPILER_TYPE} != "gcc" MK_SSP= no +MK_FORTIFY= no PROG= loader.sym INTERNALPROG= Index: sys/boot/efi/loader/Makefile =================================================================== --- sys/boot/efi/loader/Makefile +++ sys/boot/efi/loader/Makefile @@ -8,6 +8,7 @@ .if ${COMPILER_TYPE} != "gcc" MK_SSP= no +MK_FORTIFY= no PROG= loader.sym INTERNALPROG= Index: sys/boot/ficl/Makefile =================================================================== --- sys/boot/ficl/Makefile +++ sys/boot/ficl/Makefile @@ -1,6 +1,10 @@ # $FreeBSD$ # +.include + +MK_FORTIFY= no + FICLDIR?= ${.CURDIR} .if defined(FICL32) Index: sys/boot/i386/libi386/Makefile =================================================================== --- sys/boot/i386/libi386/Makefile +++ sys/boot/i386/libi386/Makefile @@ -1,5 +1,10 @@ # $FreeBSD$ # + +.include + +MK_FORTIFY= no + LIB= i386 INTERNALLIB= Index: sys/boot/i386/loader/Makefile =================================================================== --- sys/boot/i386/loader/Makefile +++ sys/boot/i386/loader/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no LOADER?= loader PROG= ${LOADER}.sym Index: sys/boot/libstand32/Makefile =================================================================== --- sys/boot/libstand32/Makefile +++ sys/boot/libstand32/Makefile @@ -10,6 +10,7 @@ .include MK_SSP= no +MK_FORTIFY= no LIBSTAND_SRC= ${.CURDIR}/../../../lib/libstand LIBC_SRC= ${LIBSTAND_SRC}/../libc Index: sys/boot/mips/beri/loader/Makefile =================================================================== --- sys/boot/mips/beri/loader/Makefile +++ sys/boot/mips/beri/loader/Makefile @@ -31,6 +31,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG?= loader Index: sys/boot/pc98/loader/Makefile =================================================================== --- sys/boot/pc98/loader/Makefile +++ sys/boot/pc98/loader/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= LOADER?= loader Index: sys/boot/powerpc/kboot/Makefile =================================================================== --- sys/boot/powerpc/kboot/Makefile +++ sys/boot/powerpc/kboot/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG= loader.kboot Index: sys/boot/powerpc/ofw/Makefile =================================================================== --- sys/boot/powerpc/ofw/Makefile +++ sys/boot/powerpc/ofw/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG= loader Index: sys/boot/powerpc/ps3/Makefile =================================================================== --- sys/boot/powerpc/ps3/Makefile +++ sys/boot/powerpc/ps3/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG= loader.ps3 Index: sys/boot/sparc64/loader/Makefile =================================================================== --- sys/boot/sparc64/loader/Makefile +++ sys/boot/sparc64/loader/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG?= loader Index: sys/boot/zfs/Makefile =================================================================== --- sys/boot/zfs/Makefile +++ sys/boot/zfs/Makefile @@ -1,5 +1,9 @@ # $FreeBSD$ +.include + +MK_FORTIFY= no + LIB= zfsboot INTERNALLIB= Index: sys/sys/cdefs.h =================================================================== --- sys/sys/cdefs.h +++ sys/sys/cdefs.h @@ -554,6 +554,26 @@ #define __gnu_inline #endif +#if __has_attribute(error) || __GNUC_PREREQ__(4, 3) +#define __error_attr(msg) __attribute__((__error__(msg))) +#else +#define __error_attr(msg) +#endif + +/* FORTIFY_SOURCE related defines. */ +#if __GNUC_PREREQ__(4, 1) && defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ + defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 && !defined(lint) +#define __BSD_FORTIFY 1 +#if _FORTIFY_SOURCE >= 2 +#define __bos(s) __builtin_object_size((s), 1) +#else +#define __bos(s) __builtin_object_size((s), 0) +#endif +#define __bos0(s) __builtin_object_size((s), 0) +#define __FORTIFY_INLINE extern __inline __always_inline __gnu_inline +#endif /* !_FORTIFY_SOURCE */ +#define __FORTIFY_UNKNOWN_SIZE ((size_t) -1) + /* Compiler-dependent macros that rely on FreeBSD-specific extensions. */ #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 300001 && \ defined(__GNUC__) && !defined(__INTEL_COMPILER) Index: sys/sys/poll.h =================================================================== --- sys/sys/poll.h +++ sys/sys/poll.h @@ -117,6 +117,10 @@ #endif __END_DECLS +#ifdef __BSD_FORTIFY +#include +#endif + #endif /* !_KERNEL */ #endif /* !_SYS_POLL_H_ */ Index: sys/sys/select.h =================================================================== --- sys/sys/select.h +++ sys/sys/select.h @@ -103,6 +103,7 @@ int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); #endif __END_DECLS + #endif /* !_KERNEL */ #endif /* _SYS_SELECT_H_ */ Index: sys/sys/socket.h =================================================================== --- sys/sys/socket.h +++ sys/sys/socket.h @@ -630,6 +630,10 @@ int socketpair(int, int, int, int *); __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_KERNEL */ #ifdef _KERNEL Index: sys/sys/stat.h =================================================================== --- sys/sys/stat.h +++ sys/sys/stat.h @@ -356,6 +356,11 @@ int mknodat(int, const char *, mode_t, dev_t); #endif __END_DECLS + +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_KERNEL */ #endif /* !_SYS_STAT_H_ */ Index: tools/hbsd/build_hbsd_kernel.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_kernel.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_kernel_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_kernel_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT -DNO_CLEAN KERNCONF=GENERIC buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_libc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_libc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-libc-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-libc-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}/lib/libc; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_libc_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_libc_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-libc-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-libc-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}/lib/libc; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_world.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_world.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC buildworld buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_world_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_world_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC buildworld buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/install_hbsd_world.csh =================================================================== --- /dev/null +++ tools/hbsd/install_hbsd_world.csh @@ -0,0 +1,44 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC installworld installkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/install_hbsd_world_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/install_hbsd_world_nc.csh @@ -0,0 +1,44 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC installworld installkernel) |& tee -a ${_log} +touch ${_check_toolchain}