Index: etc/mtree/BSD.include.dist =================================================================== --- etc/mtree/BSD.include.dist +++ etc/mtree/BSD.include.dist @@ -321,6 +321,8 @@ mac_partition .. .. + secure + .. ssp .. sys Index: include/Makefile =================================================================== --- include/Makefile +++ include/Makefile @@ -6,7 +6,7 @@ .include CLEANFILES= osreldate.h version vers.c -SUBDIR= arpa protocols rpcsvc rpc xlocale +SUBDIR= arpa protocols rpcsvc rpc secure xlocale INCS= a.out.h ar.h assert.h bitstring.h complex.h cpio.h _ctype.h ctype.h \ db.h \ dirent.h dlfcn.h elf.h elf-hints.h err.h fmtmsg.h fnmatch.h fstab.h \ Index: include/secure/Makefile =================================================================== --- /dev/null +++ include/secure/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +INCS= security.h _poll.h _socket.h _stat.h _stdio.h _string.h _strings.h _unistd.h +INCSDIR= ${INCLUDEDIR}/secure + +.include Index: include/secure/_poll.h =================================================================== --- /dev/null +++ include/secure/_poll.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#ifndef _SYS_POLL_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_POLL_H_ +#define _SECURE_POLL_H_ + +#include + +__BEGIN_DECLS + +int __poll_chk(struct pollfd *, nfds_t, int, size_t); +int __poll_real(struct pollfd *, nfds_t, int) __RENAME(poll); +__errordecl(__poll_too_small_error, "poll: pollfd array smaller than fd count"); + +int __ppoll_chk(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *, size_t); +int __ppoll_real(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *) __RENAME(ppoll); +__errordecl(__ppoll_too_small_error, "ppoll: pollfd array smaller than fd count"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE int +poll(struct pollfd *_fds, nfds_t _fd_count, int _timeout) +{ + size_t _bos = __bos(_fds); + +#if defined(__clang__) + return (__poll_chk(_fds, _fd_count, _timeout, _bos)); +#else + if (_bos != __FORTIFY_UNKNOWN_SIZE) { + if (!__builtin_constant_p(_fd_count)) + return (__poll_chk(_fds, _fd_count, _timeout, _bos)); + else if (_bos / sizeof(*_fds) < _fd_count) + __poll_too_small_error(); + } + return (__poll_real(_fds, _fd_count, _timeout)); +#endif +} + +#if __BSD_VISIBLE +__FORTIFY_INLINE int +ppoll(struct pollfd *_fds, nfds_t _fd_count, const struct timespec *_timeout, const sigset_t *_mask) +{ + size_t _bos = __bos(_fds); + +#if defined(__clang__) + return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos)); +#else + if (_bos != __FORTIFY_UNKNOWN_SIZE) { + if (!__builtin_constant_p(_fd_count)) + return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos)); + else if (_bos / sizeof(*_fds) < _fd_count) + __ppoll_too_small_error(); + } + return (__ppoll_real(_fds, _fd_count, _timeout, _mask)); +#endif +} +#endif + +#endif + +__END_DECLS + +#endif /* !_SECURE_POLL_H_ */ Index: include/secure/_socket.h =================================================================== --- /dev/null +++ include/secure/_socket.h @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + + +#ifndef _SYS_SOCKET_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_SOCKET_H_ +#define _SECURE_SOCKET_H_ + +#include +#include + +__BEGIN_DECLS + +extern ssize_t __recvfrom_chk(int, void *, size_t, size_t, int, struct sockaddr * __restrict, socklen_t * __restrict); +extern ssize_t __recvfrom_real(int, void *, size_t, int, const struct sockaddr *, socklen_t *) __RENAME(recvfrom); +__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE ssize_t +recvfrom(int _s, void *_buf, size_t _len, int _flags, struct sockaddr * __restrict _from, socklen_t * __restrict _fromlen) +{ + size_t _bos = __bos0(_buf); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen)); + + if (__builtin_constant_p(_len) && (_len <= _bos)) + return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen)); + + if (__builtin_constant_p(_len) && (_len > _bos)) + __recvfrom_error(); +#endif + + return (__recvfrom_chk(_s, _buf, _len, _bos, _flags, _from, _fromlen)); +} + + +__FORTIFY_INLINE ssize_t +recv(int _s, void *_buf, size_t _len, int _flags) +{ + + return recvfrom(_s, _buf, _len, _flags, NULL, 0); +} + +#endif /* !__BSD_FORTIFY */ + +__END_DECLS + +#endif /* !_SECURE_SOCKET_H */ Index: include/secure/_stat.h =================================================================== --- /dev/null +++ include/secure/_stat.h @@ -0,0 +1,70 @@ +/*- + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#ifndef _SYS_STAT_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STAT_H_ +#define _SECURE_STAT_H_ + +#include + +__BEGIN_DECLS + +extern mode_t __umask_chk(mode_t); +#ifndef __FORTIFY_UMASK_REAL +#define __FORTIFY_UMASK_REAL 1 +extern mode_t __umask_real(mode_t) __RENAME(umask); +#endif +__errordecl(__umask_invalid_mode, "umask called with invalid mode"); + +#if defined(__BSD_FORTIFY) + +__FORTIFY_INLINE mode_t +umask(mode_t _mode) +{ +#if !defined(__clang__) + if (__builtin_constant_p(_mode)) { + if ((_mode & 0777) != _mode) + __umask_invalid_mode(); + + return (__umask_real(_mode)); + } +#endif + return (__umask_chk(_mode)); +} +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STAT_H_ */ Index: include/secure/_stdio.h =================================================================== --- /dev/null +++ include/secure/_stdio.h @@ -0,0 +1,198 @@ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)stdio.h 5.17 (Berkeley) 6/3/91 + * $OpenBSD: stdio.h,v 1.35 2006/01/13 18:10:09 miod Exp $ + * $NetBSD: stdio.h,v 1.18 1996/04/25 18:29:21 jtc Exp $ + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * $FreeBSD$ + */ + +#ifndef _STDIO_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STDIO_H_ +#define _SECURE_STDIO_H_ + +#include +#include + +__BEGIN_DECLS + +extern char *__fgets_chk(char *, int, FILE *, size_t); +extern char *__fgets_real(char *, int, FILE *) __RENAME(fgets); +__errordecl(__fgets_too_big_error, "fgets called with size bigger than buffer"); +__errordecl(__fgets_too_small_error, "fgets called with size less than zero"); +extern char *__gets_chk(char *, size_t); +extern char *__gets_real(char *) __RENAME(gets); +extern int __sprintf_chk(char * __restrict, int, size_t, const char * __restrict, ...); +extern int __sprintf_real(char * __restrict, const char * __restrict, ...) __RENAME(sprintf); +extern int __vsprintf_chk(char * __restrict, int, size_t, const char * __restrict, __va_list); +extern int __vsprintf_real(char * __restrict, const char * __restrict, __va_list) __RENAME(vsprintf); + +#if __ISO_C_VISIBLE >= 1999 +extern int __snprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, ...); +extern int __snprintf_real(char * __restrict, size_t, const char * __restrict, ...) __RENAME(snprintf) __printflike(3, 4); +extern int __vsnprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, __va_list); +extern int __vsnprintf_real(char * __restrict, size_t, const char * __restrict, __va_list) __RENAME(vsnprintf) __printflike(3, 0); +#endif + +#if defined(__BSD_FORTIFY) + +#if __ISO_C_VISIBLE >= 1999 +__FORTIFY_INLINE __printflike(3, 0) int +vsnprintf(char *_dest, size_t _size, const char *_format, __va_list _ap) +{ + size_t _bos = __bos(_dest); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__vsnprintf_real(_dest, _size, _format, _ap)); +#endif + + return (__vsnprintf_chk(_dest, _size, 0, _bos, _format, _ap)); +} +#endif /* __ISO_C_VISIBLE */ + +__FORTIFY_INLINE __printflike(2, 0) int +vsprintf(char *_dest, const char *_format, __va_list _ap) +{ + size_t _bos = __bos(_dest); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__vsprintf_real(_dest, _format, _ap)); +#endif + + return (__vsprintf_chk(_dest, 0, _bos, _format, _ap)); +} + + +#if __ISO_C_VISIBLE >= 1999 +#if !__has_builtin(va_arg_pack) && !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ +#if !defined(snprintf) && !defined(__cplusplus) +#define __wrap_snprintf(_dest, _size, ...) __snprintf_chk(_dest, _size, 0, __bos(_dest), __VA_ARGS__) +#define snprintf(...) __wrap_snprintf(__VA_ARGS__) +#endif /* !snprintf */ +#else /* __GNUC_PREREQ__(4, 3) */ +__FORTIFY_INLINE __printflike(3, 4) int +snprintf(char *_dest, size_t _size, const char *_format, ...) +{ + size_t _bos = __bos(_dest); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__snprintf_real(_dest, _size, _format, + __builtin_va_arg_pack())); + + return (__snprintf_chk(_dest, _size, 0, _bos, _format, + __builtin_va_arg_pack())); +} +#endif /* !__GNUC_PREREQ__(4, 3) */ +#endif /* __ISO_C_VISIBLE */ + +#if !__has_builtin(va_arg_pack) && !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ +#if !defined(sprintf) && !defined(__cplusplus) +#define __wrap_sprintf(_dest, ...) __sprintf_chk(_dest, 0, __bos(_dest), __VA_ARGS__) +#define sprintf(...) __wrap_sprintf(__VA_ARGS__) +#endif /* !sprintf */ +#else /* __GNUC_PREREQ__(4, 3) */ +__FORTIFY_INLINE __printflike(2, 3) int +sprintf(char *_dest, const char *_format, ...) +{ + size_t _bos = __bos(_dest); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__sprintf_real(_dest, _format, + __builtin_va_arg_pack())); + + return (__sprintf_chk(_dest, 0, _bos, _format, + __builtin_va_arg_pack())); +} + +#endif /* !__GNUC_PREREQ__(4, 3) */ + +__FORTIFY_INLINE char * +fgets(char *_buf, int _n, FILE *_stream) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + /* + * Compiler can prove, at compile time, that the passed in size + * is always negative. + * Force a compiler error. + */ + if (__builtin_constant_p(_n) && (_n < 0)) + __fgets_too_small_error(); + /* + * Compiler doesn 't know destination size. + * Don' t call __fgets_chk. + */ + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__fgets_real(_buf, _n, _stream)); + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. + * Don 't call __fgets_chk. + */ + if (__builtin_constant_p(_n) && (_n <= (int)_bos)) + return (__fgets_real(_buf, _n, _stream)); + /* + * Compiler can prove, at compile time, that the passed in size + * is always > the actual object size. + * Force a compiler error. + */ + if (__builtin_constant_p(_n) && (_n > (int)_bos)) + __fgets_too_big_error(); +#endif + return (__fgets_chk(_buf, _n, _stream, _bos)); +} + + +__FORTIFY_INLINE char * +gets(char *_buf) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__gets_real(_buf)); +#endif + + return (__gets_chk(_buf, _bos)); +} + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STDIO_H_ */ Index: include/secure/_string.h =================================================================== --- /dev/null +++ include/secure/_string.h @@ -0,0 +1,448 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 + * + * $FreeBSD$ + */ + +#ifndef _STRING_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STRING_H_ +#define _SECURE_STRING_H_ + +#include + +__BEGIN_DECLS + +extern void *__memccpy_chk(void *, const void *, int, size_t, size_t); +extern void *__memccpy_real(void *, const void *, int, size_t) __RENAME(memccpy); +extern void *__memchr_chk(const void *, int, size_t, size_t); +extern void *__memchr_real(const void *, int, size_t) __RENAME(memchr); +extern void *__memcpy_chk(void *, const void *, size_t, size_t); +extern void *__memcpy_real(void *, const void *, size_t) __RENAME(memcpy); +__errordecl(__memchr_buf_size_error, "memchr called with size bigger than buffer"); +extern void *__memmove_chk(void *, const void *, size_t, size_t); +extern void *__memmove_real(void *, const void *, size_t) __RENAME(memmove); +extern void *__memrchr_chk(const void *, int, size_t, size_t); +extern void *__memrchr_real(const void *, int, size_t) __RENAME(memrchr); +__errordecl(__memrchr_buf_size_error, "memrchr called with size bigger than buffer"); +extern void *__memset_chk(void *, int, size_t, size_t); +extern void *__memset_real(void *, int, size_t) __RENAME(memset); +extern char *__strcat_chk(char *__restrict, const char *__restrict, size_t); +extern char *__strcat_real(char *__restrict, const char *__restrict) __RENAME(strcat); +extern char *__strncat_chk(char *__restrict, const char *__restrict, size_t, size_t); +extern char *__strncat_real(char *__restrict, const char *__restrict, size_t) __RENAME(strncat); +extern char *__stpcpy_chk(char *, const char *, size_t); +extern char *__stpcpy_real(char *, const char *) __RENAME(stpcpy); +extern char *__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t); +extern char *__stpncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); +extern char *__stpncpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(stpncpy); +extern char *__strcpy_chk(char *, const char *, size_t); +extern char *__strcpy_real(char *, const char *) __RENAME(strcpy); +extern char *__strncpy_chk(char *, const char *, size_t, size_t); +extern char *__strncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); +extern char *__strncpy_real(char *, const char *, size_t) __RENAME(strncpy); +extern size_t __strlcpy_chk(char *, const char *, size_t, size_t); +extern size_t __strlcpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcpy); +extern size_t __strlcat_chk(char * __restrict, const char * __restrict, size_t, size_t); +extern size_t __strlcat_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcat); +extern size_t __strlen_chk(const char *, size_t); +extern size_t __strlen_real(const char *) __RENAME(strlen); +extern char *__strchr_chk(const char *, int, size_t); +extern char *__strchr_real(const char *, int) __RENAME(strchr); +extern char *__strchrnul_chk(const char *, int, size_t); +extern char *__strchrnul_real(const char *, int) __RENAME(strchrnul); +extern char *__strrchr_chk(const char *, int, size_t); +extern char *__strrchr_real(const char *, int) __RENAME(strrchr); + +#if defined(__BSD_FORTIFY) + +#if __XSI_VISIBLE >= 600 +__FORTIFY_INLINE void * +memccpy(void * __restrict _d, const void * __restrict _s, int _c, size_t _n) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memccpy_real(_d, _s, _c, _n)); +#endif + + return (__memccpy_chk(_d, _s, _c, _n, _bos)); +} +#endif /* __XSI_VISIBLE */ + + +__FORTIFY_INLINE void * +memchr(const void *_s, int _c, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memchr_real(_s, _c, _n)); + + if (__builtin_constant_p(_n) && (_n > _bos)) + __memchr_buf_size_error(); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __memchr_chk. + */ + if (__builtin_constant_p(_n) && (_n <= _bos)) + return (__memchr_real(_s, _c, _n)); +#endif + + return (__memchr_chk(_s, _c, _n, _bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE void * +memrchr(const void *_s, int _c, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memrchr_real(_s, _c, _n)); + + if (__builtin_constant_p(_n) && (_n > _bos)) + (__memrchr_buf_size_error()); + + if (__builtin_constant_p(_n) && (_n <= _bos)) + return __memrchr_real(_s, _c, _n); +#endif + + return (__memrchr_chk(_s, _c, _n, _bos)); +} +#endif /* __BSD_VISIBLE */ + + +__FORTIFY_INLINE void * +memcpy(void * __restrict _d, const void * __restrict _s, size_t _n) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memcpy_real(_d, _s, _n)); +#endif + + return (__memcpy_chk(_d, _s, _n, _bos)); +} + + +__FORTIFY_INLINE void * +memmove(void *_d, const void *_s, size_t _n) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memmove_real(_d, _s, _n)); +#endif + + return (__memmove_chk(_d, _s, _n, _bos)); +} + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE char * +stpcpy(char * __restrict _d, const char * __restrict _s) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__stpcpy_real(_d, _s)); +#endif + + return (__stpcpy_chk(_d, _s, _bos)); +} +#endif /* __POSIX_VISIBLE */ + + +__FORTIFY_INLINE char * +strcpy(char * __restrict _d, const char * __restrict _s) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strcpy_real(_d, _s)); +#endif + + return (__strcpy_chk(_d, _s, _bos)); +} + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE char * +stpncpy(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _d_bos = __bos(_d); + size_t _s_bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + if (_d_bos == __FORTIFY_UNKNOWN_SIZE) + return (__stpncpy_real(_d, _s, _n)); + + if (_s_bos == __FORTIFY_UNKNOWN_SIZE) + return (__stpncpy_chk(_d, _s, _n, _d_bos)); + + if (__builtin_constant_p(_n) && (_n <= _s_bos)) + return (__stpncpy_chk(_d, _s, _n, _d_bos)); + + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen)) + return (__stpncpy_chk(_d, _s, _n, _d_bos)); +#endif + + return (__stpncpy_chk2(_d, _s, _n, _d_bos, _s_bos)); +} +#endif /* __POSIX_VISIBLE */ + + +__FORTIFY_INLINE char * +strncpy(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _d_bos = __bos(_d); + size_t _s_bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + if (_d_bos == __FORTIFY_UNKNOWN_SIZE) + return (__strncpy_real(_d, _s, _n)); + + if (_s_bos == __FORTIFY_UNKNOWN_SIZE) + return (__strncpy_chk(_d, _s, _n, _d_bos)); + + if (__builtin_constant_p(_n) && (_n <= _s_bos)) + return (__strncpy_chk(_d, _s, _n, _d_bos)); + + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen)) + return (__strncpy_chk(_d, _s, _n, _d_bos)); +#endif + + return (__strncpy_chk2(_d, _s, _n, _d_bos, _s_bos)); +} + + +__FORTIFY_INLINE char * +strcat(char * __restrict _d, const char * __restrict _s) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strcat_real(_d, _s)); +#endif + + return (__strcat_chk(_d, _s, _bos)); +} + + +__FORTIFY_INLINE char * +strncat(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strncat_real(_d, _s, _n)); +#endif + + return (__strncat_chk(_d, _s, _n, _bos)); +} + + +__FORTIFY_INLINE void * +memset(void *_s, int _c, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__memset_real(_s, _c, _n)); +#endif + + return (__memset_chk(_s, _c, _n, _bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE size_t +strlcpy(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + /* Compiler doesn't know destination size. Don't call __strlcpy_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strlcpy_real(_d, _s, _n)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlcpy_chk. + */ + if (__builtin_constant_p(_n) && (_n <= _bos)) + return (__strlcpy_real(_d, _s, _n)); +#endif + + return (__strlcpy_chk(_d, _s, _n, _bos)); +} +#endif /* __BSD_VISIBLE */ + + +#if __BSD_VISIBLE +__FORTIFY_INLINE size_t +strlcat(char * __restrict _d, const char * __restrict _s, size_t _n) +{ + size_t _bos = __bos(_d); + +#if !defined(__clang__) + /* Compiler doesn't know destination size. Don't call __strlcat_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strlcat_real(_d, _s, _n)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlcat_chk. + */ + if (__builtin_constant_p(_n) && (_n <= _bos)) + return (__strlcat_real(_d, _s, _n)); +#endif + + return (__strlcat_chk(_d, _s, _n, _bos)); +} +#endif /* __BSD_VISIBLE */ + + +__FORTIFY_INLINE size_t +strlen(const char *_s) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strlen_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strlen_real(_s)); + + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen)) + return (_slen); +#endif + + return (__strlen_chk(_s, _bos)); +} + +__FORTIFY_INLINE char * +strchr(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strchr_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strchr_real(_s, _c)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlchr_chk. + */ + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__strchr_real(_s, _c)); +#endif + + return (__strchr_chk(_s, _c, _bos)); +} + + +#if __BSD_VISIBLE +__FORTIFY_INLINE char * +strchrnul(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strchr_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strchrnul_real(_s, _c)); + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlchrnul_chk. + */ + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__strchrnul_real(_s, _c)); +#endif + + return (__strchrnul_chk(_s, _c, _bos)); +} +#endif + + +__FORTIFY_INLINE char * +strrchr(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ + if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strrchr_real(_s, _c)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __strlen_chk. + */ + _slen = __strlen_real(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__strrchr_real(_s, _c)); +#endif + + return (__strrchr_chk(_s, _c, _bos)); +} + + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STRING_H */ Index: include/secure/_strings.h =================================================================== --- /dev/null +++ include/secure/_strings.h @@ -0,0 +1,112 @@ +/*- + * Copyright (C) 2015 Olivér Pintér + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _STRINGS_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STRINGS_H_ +#define _SECURE_STRINGS_H_ + +#include + +__BEGIN_DECLS + +extern void *__bcopy_chk(void *, const void *, size_t, size_t) __RENAME(__memmove_chk); +extern void __bcopy_real(const void *, void *, size_t) __RENAME(bcopy); +extern void *__bzero_chk(void *, int, size_t, size_t) __RENAME(__memset_chk); +extern void __bzero_real(void *, size_t) __RENAME(bzero); +extern char *__rindex_chk(const char *, int, size_t); +extern char *__rindex_real(const char *, int) __RENAME(rindex); + +#if defined(__BSD_FORTIFY) +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE void +bcopy(const void *_s, void *_d, size_t _l) +{ + size_t _bos = __bos0(_d); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + __bcopy_real(_s, _d, _l); +#endif + + (void)(__bcopy_chk(_d, _s, _l, _bos)); +} +#endif + + +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE void +bzero(void *_s, size_t _n) +{ + size_t _bos = __bos(_s); + +#if !defined(__clang__) + if (_bos == __FORTIFY_UNKNOWN_SIZE) + __bzero_real(_s, _n); +#endif + + (void)(__bzero_chk(_s, '\0', _n, _bos)); +} +#endif + + +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 +__FORTIFY_INLINE char * +rindex(const char *_s, int _c) +{ + size_t _bos = __bos(_s); +#if !defined(__clang__) + size_t _slen; + + /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__rindex_real(_s, _c)); + + /* + * Compiler can prove, at compile time, that the passed in size + * is always <= the actual object size. Don't call __rindex_chk. + */ + _slen = __builtin_strlen(_s); + if (__builtin_constant_p(_slen) && (_slen < _bos)) + return (__rindex_real(_s, _c)); +#endif + + return (__rindex_chk(_s, _c, _bos)); +} +#endif + + +#endif /* !__BSD_FORTIFY */ + +__END_DECLS + +#endif /* !defined(_SECURE_STRINGS_H_) */ Index: include/secure/_unistd.h =================================================================== --- /dev/null +++ include/secure/_unistd.h @@ -0,0 +1,171 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 + * + * $FreeBSD$ + */ + +#ifndef _UNISTD_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_UNISTD_H_ +#define _SECURE_UNISTD_H_ + +#include +#include + +__BEGIN_DECLS + +extern ssize_t __pread_chk(int, void *, size_t, off_t, size_t); +extern ssize_t __pread_real(int, void *, size_t, off_t) __RENAME(pread); +__errordecl(__pread_dest_size_error, "pread called with size bigger than destination"); +__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX"); + +extern ssize_t __read_chk(int, void *, size_t, size_t); +extern ssize_t __read_real(int, void *, size_t) __RENAME(read); +__errordecl(__read_dest_size_error, "read called with size bigger than destination"); +__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX"); + +extern ssize_t __readlink_chk(const char *, char *, size_t, size_t); +extern ssize_t __readlink_real(const char *, char *, size_t) __RENAME(readlink); +__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination"); +__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX"); + +extern ssize_t __readlinkat_chk(int, const char *, char *, size_t, size_t); +extern ssize_t __readlinkat_real(int, const char *, char *, size_t) __RENAME(readlinkat); +__errordecl(__readlinkat_dest_size_error, "readlinkat called with size bigger than destination"); +__errordecl(__readlinkat_size_toobig_error, "readlinkat called with size > SSIZE_MAX"); + +#if defined(__BSD_FORTIFY) + +/* 1003.1-2008 */ +#if __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE +__FORTIFY_INLINE ssize_t +pread(int _fd, void *_buf, size_t _count, off_t _offset) +{ + size_t _bos = __bos0(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_count) && (_count > SSIZE_MAX)) + __pread_count_toobig_error(); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__pread_real(_fd, _buf, _count, _offset)); + + if (__builtin_constant_p(_count) && (_count > _bos)) + __pread_dest_size_error(); + + if (__builtin_constant_p(_count) && (_count <= _bos)) + return (__pread_real(_fd, _buf, _count, _offset)); +#endif + + return (__pread_chk(_fd, _buf, _count, _offset, _bos)); +} +#endif /* __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE */ + + +__FORTIFY_INLINE ssize_t +read(int _fd, void *_buf, size_t _count) +{ + size_t _bos = __bos0(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_count) && (_count > SSIZE_MAX)) + __read_count_toobig_error(); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__read_real(_fd, _buf, _count)); + + if (__builtin_constant_p(_count) && (_count > _bos)) + __read_dest_size_error(); + + if (__builtin_constant_p(_count) && (_count <= _bos)) + return (__read_real(_fd, _buf, _count)); +#endif + + return (__read_chk(_fd, _buf, _count, _bos)); +} + + +/* 1003.1-2001 */ +#if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE +__FORTIFY_INLINE ssize_t +readlink(const char *_path, char *_buf, size_t _size) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_size) && (_size > SSIZE_MAX)) + __readlink_size_toobig_error(); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__readlink_real(_path, _buf, _size)); + + if (__builtin_constant_p(_size) && (_size > _bos)) + __readlink_dest_size_error(); + + if (__builtin_constant_p(_size) && (_size <= _bos)) + return (__readlink_real(_path, _buf, _size)); +#endif + + return (__readlink_chk(_path, _buf, _size, _bos)); +} +#endif /* __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE */ + + +#if __POSIX_VISIBLE >= 200809 +__FORTIFY_INLINE ssize_t +readlinkat(int _dirfd, const char *_path, char *_buf, size_t _size) +{ + size_t _bos = __bos(_buf); + +#if !defined(__clang__) + if (__builtin_constant_p(_size) && (_size > SSIZE_MAX)) + (__readlinkat_size_toobig_error()); + + if (_bos == __FORTIFY_UNKNOWN_SIZE) + return (__readlinkat_real(_dirfd, _path, _buf, _size)); + + if (__builtin_constant_p(_size) && (_size > _bos)) + __readlinkat_dest_size_error(); + + if (__builtin_constant_p(_size) && (_size <= _bos)) + return (__readlinkat_real(_dirfd, _path, _buf, _size)); +#endif + + return (__readlinkat_chk(_dirfd, _path, _buf, _size, _bos)); +} +#endif /* __POSIX_VISIBLE >= 200809 */ + +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_UNISTD_H_ */ Index: include/secure/security.h =================================================================== --- /dev/null +++ include/secure/security.h @@ -0,0 +1,58 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SECURE_SECURITY_ +#define _SECURE_SECURITY_ + +#include +#include + +#if !defined(__clang__) +#define __errordecl(name, msg) extern void name(void) __error_attr(msg) +#else +#define __errordecl(name, msg) +#endif + +#define __RENAME(x) __asm__(#x) + +__BEGIN_DECLS + +/* Common fail function. */ +void __secure_fail(const char *msg) __dead2 __nonnull(1); + +/* SSP related fail functions. */ +void __chk_fail(void) __dead2; +void __stack_chk_fail(void) __dead2; + +/* FORTIFY_SOURCE related fail function. */ +void __fortify_chk_fail(const char* msg) __dead2 __nonnull(1); +int __fortify_chk_overlap(const void *a, const void *b, size_t len); + +__END_DECLS + +#endif /* !_SECURE_SECURITY_ */ Index: include/stdio.h =================================================================== --- include/stdio.h +++ include/stdio.h @@ -521,4 +521,9 @@ #endif /* __cplusplus */ __END_DECLS + +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_STDIO_H_ */ Index: include/string.h =================================================================== --- include/string.h +++ include/string.h @@ -141,4 +141,8 @@ #endif __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* _STRING_H_ */ Index: include/strings.h =================================================================== --- include/strings.h +++ include/strings.h @@ -68,4 +68,8 @@ #endif __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* _STRINGS_H_ */ Index: include/unistd.h =================================================================== --- include/unistd.h +++ include/unistd.h @@ -589,4 +589,8 @@ #endif /* __BSD_VISIBLE */ __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_UNISTD_H_ */ Index: lib/libc/Makefile =================================================================== --- lib/libc/Makefile +++ lib/libc/Makefile @@ -95,6 +95,7 @@ .include "${LIBC_SRCTOP}/stdtime/Makefile.inc" .include "${LIBC_SRCTOP}/string/Makefile.inc" .include "${LIBC_SRCTOP}/sys/Makefile.inc" +.include "${LIBC_SRCTOP}/secure/Makefile.inc" .include "${LIBC_SRCTOP}/rpc/Makefile.inc" .include "${LIBC_SRCTOP}/uuid/Makefile.inc" .include "${LIBC_SRCTOP}/xdr/Makefile.inc" Index: lib/libc/secure/Makefile.inc =================================================================== --- /dev/null +++ lib/libc/secure/Makefile.inc @@ -0,0 +1,50 @@ +# secure sources +.PATH: ${LIBC_SRCTOP}/secure + +# Sources common to both syscall interfaces: +SRCS+= \ + fortify_source.c \ + secure_common.c \ + stack_protector.c \ + stack_protector_compat.c + +# Sources which contains FORTIFY_SOURCE functions: +SRCS+= \ + __fgets_chk.c \ + __gets_chk.c \ + __memccpy_chk.c \ + __memchr_chk.c \ + __memcpy_chk.c \ + __memmove_chk.c \ + __memrchr_chk.c \ + __memset_chk.c \ + __pread_chk.c \ + __read_chk.c \ + __readlink_chk.c \ + __readlinkat_chk.c \ + __stpcpy_chk.c \ + __stpncpy_chk.c \ + __strcat_chk.c \ + __strchr_chk.c \ + __strchrnul_chk.c \ + __strcpy_chk.c \ + __strlcat_chk.c \ + __strlcpy_chk.c \ + __strlen_chk.c \ + __strncat_chk.c \ + __strncpy_chk.c \ + __strrchr_chk.c \ + __vsnprintf_chk.c \ + __vsprintf_chk.c + +# Sources which contains FORTIFY_SOURCE functions, +# but live in .h files under sys/sys +SRCS+= \ + __poll_chk.c \ + __recvfrom_chk.c \ + __umask_chk.c + +SYM_MAPS+= ${LIBC_SRCTOP}/secure/Symbol.map + +MAN+= __builtin_object_size.3 + Index: lib/libc/secure/Symbol.map =================================================================== --- /dev/null +++ lib/libc/secure/Symbol.map @@ -0,0 +1,66 @@ +/* + * $FreeBSD$ + */ + +/* + * It'd be nice to have this automatically generated, but we don't + * know to what version they will eventually belong, so for now + * it has to be manual. + */ +FBSD_1.0 { + __chk_fail; + __stack_chk_fail; + __stack_chk_guard; +}; + +FBSD_1.1 { +}; + +FBSD_1.2 { +}; + +FBSD_1.3 { +}; + +FBSD_1.4 { + __fgets_chk; + __fortify_chk_fail; + __gets_chk; + __memccpy_chk; + __memchr_chk; + __memcpy_chk; + __memmove_chk; + __memrchr_chk; + __memset_chk; + __poll_chk; + __ppoll_chk; + __pread_chk; + __read_chk; + __readlink_chk; + __readlinkat_chk; + __recvfrom_chk; + __rindex_chk; + __snprintf_chk; + __sprintf_chk; + __stpcpy_chk; + __stpncpy_chk; + __stpncpy_chk2; + __strcat_chk; + __strchr_chk; + __strchrnul_chk; + __strcpy_chk; + __strlcat_chk; + __strlcpy_chk; + __strlen_chk; + __strncat_chk; + __strncpy_chk; + __strncpy_chk2; + __strrchr_chk; + __umask_chk; + __vsnprintf_chk; + __vsprintf_chk; + __secure_fail; +}; + +FBSDprivate_1.0 { +}; Index: lib/libc/secure/__builtin_object_size.3 =================================================================== --- /dev/null +++ lib/libc/secure/__builtin_object_size.3 @@ -0,0 +1,101 @@ +.\" $NetBSD: __builtin_object_size.3,v 1.10 2012/07/19 06:44:12 wiz Exp $ +.\" +.\" Copyright (c) 2007 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd July 18, 2012 +.Dt __BUILTIN_OBJECT_SIZE 3 +.Os +.Sh NAME +.Nm __builtin_object_size +.Nd return the size of the given object +.Sh SYNOPSIS +.Ft size_t +.Fn __builtin_object_size "void *ptr" "int type" +.Sh DESCRIPTION +The +.Fn __builtin_object_size +function is a +.Xr gcc 1 +built-in function that returns the size of the +.Fa ptr +object if known at compile time and the object does not have any side +effects. +.Sh RETURN VALUES +If the size of the object is not known or it has side effects the +.Fn __builtin_object_size +function returns: +.Bl -tag -width (size_t)\-1 -offset indent +.It Dv (size_t)\-1 +for +.Fa type +.Dv 0 +and +.Dv 1 . +.It Dv (size_t)0 +for +.Fa type +.Dv 2 +and +.Dv 3 . +.El +.Pp +If the size of the object is known, then the +.Fn __builtin_object_size +function returns the maximum size of all the objects that the compiler +knows that they can be pointed to by +.Fa ptr +when +.Fa type +.Dv \*[Am] 2 == 0 , +and the minimum size when +.Fa type +.Dv \*[Am] 2 != 0 . +.Sh SEE ALSO +.Xr gcc 1 , +.Xr __builtin_return_address 3 , +.Xr attribute 3 , +.Xr ssp 3 +.Sh HISTORY +The +.Fn __builtin_object_size +appeared in +.Tn GCC 4.1 . +.Sh CAVEATS +This is a non-standard, compiler-specific extension. +.Pp +Note that currently the object size calculation pass is only done at -O1 +or above, meaning that this function always returns \-1 when the optimizer +is off. +.Pp +There are some discussions about always doing the object size pass, but +the issue is that without the optimization pass data sizes are not going +to be correct. +.Pp +For that reason currently code fortification (size-checked replacement +functions) is disabled when optimization is off. Index: lib/libc/secure/__fgets_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__fgets_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_stdio.h" + +char * +__fgets_chk(char *buf, int n, FILE *stream, size_t bos) +{ + + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (fgets(buf, n, stream)); + + if (n < 0) + __fortify_chk_fail("fgets: buffer size < 0"); + + if (((size_t)n) > bos) + __fortify_chk_fail("fgets: prevented write past end of buffer"); + + return (fgets(buf, n, stream)); +} Index: lib/libc/secure/__gets_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__gets_chk.c @@ -0,0 +1,80 @@ +/* $FreeBSD$ */ +/* $NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $ */ + +/*- + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#undef _FORTIFY_SOURCE + +#include +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $"); + +/*LINTLIBRARY*/ + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +char * +__gets_chk(char * __restrict buf, size_t bos) +{ + char *abuf; + size_t len; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (gets(buf)); + + if (__predict_false(bos >= (size_t)INT_MAX)) + return (gets(buf)); + + if ((abuf = malloc(bos + 1)) == NULL) + return (gets(buf)); + + if (fgets(abuf, (int)(bos + 1), stdin) == NULL) { + free(abuf); + return (NULL); + } + + len = strlen(abuf); + if (len > 0 && abuf[len - 1] == '\n') + --len; + + if (len >= bos) + __fortify_chk_fail("gets: prevented write past end of buffer"); + + (void)memcpy(buf, abuf, len); + + buf[len] = '\0'; + free(abuf); + + return (buf); +} Index: lib/libc/secure/__memccpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memccpy_chk.c @@ -0,0 +1,66 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memccpy_chk(void *dest, const void *src, int c, size_t n, size_t bos) +{ + void *ret; + size_t len; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memccpy(dest, src, c, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memccpy: prevented write past end of buffer"); + + /* + * If n was copied, then return NULL, otherwise + * a pointer to the byte after the copy of c in the string + * dest is returned. + * + * See the memccpy(3) manpage for more details. + */ + ret = memccpy(dest, src, c, n); + if (ret != NULL) + len = ret - dest; + + if (__predict_false(__fortify_chk_overlap(dest, src, len))) + __fortify_chk_fail("memccpy: prevented overlapping strings"); + + return (ret); +} Index: lib/libc/secure/__memchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memchr_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +void * +__memchr_chk(const void *s, int c, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memchr(s, c, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail( + "memchr: prevented read past end of buffer"); + + return (memchr(s, c, n)); +} Index: lib/libc/secure/__memcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memcpy_chk.c @@ -0,0 +1,57 @@ +/*- + * Copyright (C) 2015 Oliver Pinter + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memcpy_chk(void *d, const void *s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memcpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memcpy: prevented write past end of buffer"); + + /* See the memcpy(3) for more details. */ + if (__predict_false(__fortify_chk_overlap(d, s, n))) + __fortify_chk_fail("memcpy: prevented overlaping strings"); + + return (memcpy(d, s, n)); +} Index: lib/libc/secure/__memmove_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memmove_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memmove_chk(void *d, const void *s, size_t n, size_t bos) +{ + + /* + * Compiler doesn 't know dination size. + * Fallback to the original function. + */ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memmove(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memmove: prevented write past end of buffer"); + + return (memmove(d, s, n)); +} Index: lib/libc/secure/__memrchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memrchr_chk.c @@ -0,0 +1,51 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +void * +__memrchr_chk(const void *s, int c, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (memrchr(s, c, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memrchr: prevented read past end of buffer"); + + return (memrchr(s, c, n)); +} Index: lib/libc/secure/__memset_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__memset_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +void * +__memset_chk(void *d, int c, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return memset(d, c, n); + + if (__predict_false(n > bos)) + __fortify_chk_fail("memset: prevented write past end of buffer"); + + return memset(d, c, n); +} Index: lib/libc/secure/__poll_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__poll_chk.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_poll.h" + +int +__poll_chk(struct pollfd *fds, nfds_t fd_count, int timeout, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (poll(fds, fd_count, timeout)); + + if (__predict_false(bos / sizeof(*fds) < fd_count)) + __fortify_chk_fail("poll: pollfd array smaller than fd count"); + + return (poll(fds, fd_count, timeout)); +} + +int +__ppoll_chk(struct pollfd *fds, nfds_t fd_count, const struct timespec *timeout, const sigset_t *mask, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (ppoll(fds, fd_count, timeout, mask)); + + if (__predict_false(bos / sizeof(*fds) < fd_count)) + __fortify_chk_fail("ppoll: pollfd array smaller than fd count"); + + return (ppoll(fds, fd_count, timeout, mask)); +} Index: lib/libc/secure/__pread_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__pread_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__pread_chk(int fd, void *buf, size_t count, off_t offset, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (pread(fd, buf, count, offset)); + + if (__predict_false(count > bos)) + __fortify_chk_fail("pread: prevented write past end of buffer"); + + if (__predict_false(count > SSIZE_MAX)) + __fortify_chk_fail("pread: count > SSIZE_MAX"); + + return (pread(fd, buf, count, offset)); +} Index: lib/libc/secure/__read_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__read_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2013 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__read_chk(int fd, void *buf, size_t count, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (read(fd, buf, count)); + + if (__predict_false(count > bos)) + __fortify_chk_fail("read: prevented write past end of buffer"); + + if (__predict_false(count > SSIZE_MAX)) + __fortify_chk_fail("read: count > SSIZE_MAX"); + + return (read(fd, buf, count)); +} Index: lib/libc/secure/__readlink_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__readlink_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__readlink_chk(const char *path, char *buf, size_t size, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (readlink(path, buf, size)); + + if (__predict_false(size > bos)) + __fortify_chk_fail("readlink: prevented write past end of buffer"); + + if (__predict_false(size > SSIZE_MAX)) + __fortify_chk_fail("readlink: size > SSIZE_MAX"); + + return (readlink(path, buf, size)); +} Index: lib/libc/secure/__readlinkat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__readlinkat_chk.c @@ -0,0 +1,55 @@ +/*- + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_unistd.h" + +ssize_t +__readlinkat_chk(int dirfd, const char *path, char *buf, size_t size, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (readlinkat(dirfd, path, buf, size)); + + if (__predict_false(size > bos)) + __fortify_chk_fail("readlinkat: prevented write past end of buffer"); + + if (__predict_false(size > SSIZE_MAX)) + __fortify_chk_fail("readlinkat: size > SSIZE_MAX"); + + return (readlinkat(dirfd, path, buf, size)); +} Index: lib/libc/secure/__recvfrom_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__recvfrom_chk.c @@ -0,0 +1,53 @@ +/*- + * Copyright (C) 2013 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_socket.h" + +ssize_t +__recvfrom_chk(int s, void *buf, size_t len, size_t bos, + int flags, struct sockaddr * __restrict from, + socklen_t * __restrict fromlen) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (recvfrom(s, buf, len, flags, from, fromlen)); + + if (__predict_false(len > bos)) + __fortify_chk_fail("recvfrom: prevented write past end of buffer"); + + return (recvfrom(s, buf, len, flags, from, fromlen)); +} Index: lib/libc/secure/__stpcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__stpcpy_chk.c @@ -0,0 +1,59 @@ +/*- + * Copyright (C) 2014 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__stpcpy_chk(char *dest, const char *src, size_t bos) +{ + /* TODO:optimize so we don't scan src twice. */ + size_t src_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (stpcpy(dest, src)); + + src_len = strlen(src) + 1; + if (__predict_false(src_len > bos)) + __fortify_chk_fail("stpcpy: prevented write past end of buffer"); + + return (stpcpy(dest, src)); +} Index: lib/libc/secure/__stpncpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__stpncpy_chk.c @@ -0,0 +1,98 @@ +/*- + * Copyright (C) 2014 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__stpncpy_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (stpncpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("stpncpy: prevented write past end of buffer"); + + return stpncpy(d, s, n); +} + +/* + * __stpncpy_chk2 + * + * This is a variant of __stpncpy_chk, but it also checks to make + * sure we don't read beyond the end of "s". The code for this is + * based on the original version of stpncpy, but modified to check + * how much we read from "s" at the end of the copy operation. + */ +char * +__stpncpy_chk2(char *__restrict d, const char *__restrict s, size_t n, size_t d_bos, size_t s_bos) +{ + char *_d; + const char *_s = s; + size_t s_copy_len ; + + if (__predict_false(d_bos == __FORTIFY_UNKNOWN_SIZE)) + return (stpncpy(d, s, n)); + + if (__predict_false(s_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__stpncpy_chk(d, s, n, d_bos)); + + if (__predict_false(n > d_bos)) + __fortify_chk_fail("stpncpy: prevented write past end of buffer"); + + if (n != 0) { + _d = d; + + do { + if ((*_d++ = *_s++) == 0) { + /* NUL pad the remaining n-1 bytes */ + while (--n != 0) + *_d++ = 0; + break; + } + } while (--n != 0); + + s_copy_len = (size_t)(_s - s); + + if (__predict_false(s_copy_len > s_bos)) + __fortify_chk_fail("stpncpy: prevented read past end of buffer"); + } + + return (d); +} Index: lib/libc/secure/__strcat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strcat_chk.c @@ -0,0 +1,66 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strcat_chk(char *__restrict d, const char *__restrict s, size_t bos) +{ + char *save = d; + size_t d_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (bos == __FORTIFY_UNKNOWN_SIZE) + return (strcat(d, s)); + + d_len = __strlen_chk(d, bos); + + d += d_len; + bos -= d_len; + + while ((*d++ = *s++) != '\0') { + bos--; + if (__predict_false(bos == 0)) + __fortify_chk_fail("strcat: prevented write past end of buffer"); + } + + return (save); +} Index: lib/libc/secure/__strchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strchr_chk.c @@ -0,0 +1,56 @@ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strchr_chk(const char *p, int ch, size_t bos) +{ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strchr(p, ch)); + + for (;; ++p, bos--) { + if (__predict_false(bos == 0)) + __fortify_chk_fail("strchr: prevented read past end of buffer"); + if (*p == (char)(ch)) + return ((char *)(p)); + if (*p == '\0') + return (NULL); + } + /* NOTREACHED */ +} Index: lib/libc/secure/__strchrnul_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strchrnul_chk.c @@ -0,0 +1,59 @@ +/*- + * Copyright (c) 2015 Pinter Oliver + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strchrnul_chk(const char *p, int ch, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strchrnul(p, ch)); + + for (;; ++p, bos--) { + if (__predict_false(bos == 0)) + __fortify_chk_fail( + "strchrnul: prevented read past end of buffer"); + if (*p == (char)(ch)) + return ((char *)(p)); + if (*p == '\0') + return ((char *)(p)); + } + /* NOTREACHED */ +} Index: lib/libc/secure/__strcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strcpy_chk.c @@ -0,0 +1,59 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strcpy_chk(char *d, const char *s, size_t bos) +{ + /* TODO: optimize so we don't scan s twice. */ + size_t s_len; + + /* + * Compiler doesn 't know destination size. + * Fallback to the original function. + */ + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strcpy(d, s)); + + s_len = strlen(s) + 1; + if (__predict_false(s_len > bos)) + __fortify_chk_fail("strcpy: prevented write past end of buffer"); + + return (strcpy(d, s)); +} Index: lib/libc/secure/__strlcat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlcat_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +size_t +__strlcat_chk(char *d, const char *s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strlcat(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("strlcat: prevented write past end of buffer"); + + return (strlcat(d, s, n)); +} Index: lib/libc/secure/__strlcpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlcpy_chk.c @@ -0,0 +1,52 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +size_t +__strlcpy_chk(char *d, const char *s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strlcpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail("strlcpy: prevented write past end of buffer"); + + return (strlcpy(d, s, n)); +} Index: lib/libc/secure/__strlen_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strlen_chk.c @@ -0,0 +1,67 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +/* + * This test is designed to detect code such as: + * + * int main() { + * char buf[10]; + * memcpy(buf, "1234567890", sizeof(buf)); + * size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE + * printf("%d\n", len); + * return 0; + * } + * + * or anytime strlen reads beyond an object boundary. + */ +size_t +__strlen_chk(const char *s, size_t bos) +{ + size_t ret; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strlen(s)); + + ret = strlen(s); + if (__predict_false(ret >= bos)) + __fortify_chk_fail("strlen: prevented read past end of buffer"); + + return (ret); +} Index: lib/libc/secure/__strncat_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strncat_chk.c @@ -0,0 +1,70 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strncat_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) +{ + size_t d_len; + char *_d; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strncat(d, s, n)); + + if (n == 0) + return (d); + + d_len = __strlen_chk(d, bos); + _d = d + d_len; + bos -= d_len; + + while (*s != '\0') { + *_d++ = *s++; + n--; + bos--; + + if (__predict_false(bos == 0)) + __fortify_chk_fail("strncat: prevented write past end of buffer"); + if (n == 0) + break; + } + *_d = '\0'; + + return (d); +} Index: lib/libc/secure/__strncpy_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strncpy_chk.c @@ -0,0 +1,97 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include "secure/_string.h" + +char * +__strncpy_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strncpy(d, s, n)); + + if (__predict_false(n > bos)) + __fortify_chk_fail( + "strncpy: prevented write past end of buffer"); + + return (strncpy(d, s, n)); +} + +/* + * __strncpy_chk2 + * + * This is a variant of __strncpy_chk, but it also checks to make + * sure we don't read beyond the end of "src". The code for this is + * based on the original version of strncpy, but modified to check + * how much we read from "src" at the end of the copy operation. + */ +char * +__strncpy_chk2(char *__restrict d, const char *__restrict s, size_t n, size_t d_bos, size_t s_bos) +{ + size_t s_copy_len; + + if (__predict_false(d_bos == __FORTIFY_UNKNOWN_SIZE)) + return (strncpy(d, s, n)); + + if (__predict_false(s_bos == __FORTIFY_UNKNOWN_SIZE)) + return (__strncpy_chk(d, s, n, d_bos)); + + if (__predict_false(n > d_bos)) + __fortify_chk_fail("strncpy: prevented write past end of buffer"); + + if (n != 0) { + char *_d = d; + const char *_s = s; + + do { + if ((*_d++ = *_s++) == 0) { + /* NUL pad the remaining n-1 bytes */ + while (--n != 0) + *_d++ = 0; + break; + } + } while (--n != 0); + + s_copy_len = (size_t)(_s - s); + + if (__predict_false(s_copy_len > s_bos)) + __fortify_chk_fail("strncpy: prevented read past end of buffer"); + } + + return (d); +} Index: lib/libc/secure/__strrchr_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__strrchr_chk.c @@ -0,0 +1,62 @@ +/*- + * Copyright (c) 1988 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include "secure/_string.h" + +char * +__strrchr_chk(const char *p, int ch, size_t bos) +{ + char *save; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (strrchr(p, ch)); + + for (save = NULL;; ++p, bos--) { + if (bos == 0) + __fortify_chk_fail( + "strrchr: prevented read past end of buffer"); + if (*p == (char)ch) + save = (char *)p; + if (!*p) + return (save); + } + /* NOTREACHED */ +} + +__weak_reference(__strrchr_chk, __rindex_chk); + Index: lib/libc/secure/__umask_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__umask_chk.c @@ -0,0 +1,53 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stat.h" + +/* + * Validate that umask is called with sane mode. + */ +mode_t +__umask_chk(mode_t mode) +{ + + if (__predict_false((mode & 0777) != mode)) + __fortify_chk_fail("umask: called with invalid mask"); + + return (umask(mode)); +} Index: lib/libc/secure/__vsnprintf_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__vsnprintf_chk.c @@ -0,0 +1,76 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +int +__vsnprintf_chk(char *d, size_t n, int flags, size_t bos, const char *fmt, va_list va) +{ + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (vsnprintf(d, n, fmt, va)); + + if (__predict_false(n > bos)) + __fortify_chk_fail( + "vsnprintf: prevented write past end of buffer"); + + return (vsnprintf(d, n, fmt, va)); +} + + +int +__snprintf_chk(char *d, size_t n, int flags, size_t bos, const char *fmt, ...) +{ + va_list va; + int result; + + if (bos == __FORTIFY_UNKNOWN_SIZE) { + va_start(va, fmt); + result = __vsnprintf_real(d, n, fmt, va); + va_end(va); + + return (result); + } + + va_start(va, fmt); + result = __vsnprintf_chk(d, n, flags, bos, fmt, va); + va_end(va); + + return (result); +} Index: lib/libc/secure/__vsprintf_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__vsprintf_chk.c @@ -0,0 +1,78 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stdio.h" + +int +__vsprintf_chk(char * __restrict d, int flags, size_t bos, const char * __restrict fmt, __va_list va) +{ + int result; + + if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) + return (vsprintf(d, fmt, va)); + + result = vsnprintf(d, bos, fmt, va); + if ((size_t)result >= bos) + __fortify_chk_fail( + "vsprintf: prevented write past end of buffer"); + + return (result); +} + + +int +__sprintf_chk(char * __restrict d, int flags, size_t bos, const char * __restrict fmt, ...) +{ + va_list va; + int result; + + if (bos == __FORTIFY_UNKNOWN_SIZE) { + va_start(va, fmt); + result = __vsprintf_real(d, fmt, va); + va_end(va); + + return (result); + } + + va_start(va, fmt); + result = __vsprintf_chk(d, flags, bos, fmt, va); + va_end(va); + + return (result); +} Index: lib/libc/secure/fortify_source.c =================================================================== --- /dev/null +++ lib/libc/secure/fortify_source.c @@ -0,0 +1,47 @@ +/*- + * Copyright (c) 2015 Olivér Pintér + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include "secure/security.h" + +void +__fortify_chk_fail(const char* msg) +{ + + __secure_fail(msg); +} + +int +__fortify_chk_overlap(const void *a, const void *b, size_t len) +{ + + return ((a <= b && b <= a + len) || (b <= a && a <= b + len)); +} Index: lib/libc/secure/secure_common.c =================================================================== --- /dev/null +++ lib/libc/secure/secure_common.c @@ -0,0 +1,75 @@ +/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ +/* + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "libc_private.h" + +static void __fail(const char *) __dead2; + +/*ARGSUSED*/ +static void +__fail(const char *msg) +{ + struct sigaction sa; + sigset_t mask; + + /* Immediately block all signal handlers from running code */ + (void)sigfillset(&mask); + (void)sigdelset(&mask, SIGABRT); + (void)sigprocmask(SIG_BLOCK, &mask, NULL); + + /* This may fail on a chroot jail... */ + syslog(LOG_CRIT, "%s", msg); + + (void)memset(&sa, 0, sizeof(sa)); + (void)sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = SIG_DFL; + (void)sigaction(SIGABRT, &sa, NULL); + (void)kill(getpid(), SIGABRT); + _exit(127); +} + +void +__secure_fail(const char *msg) +{ + + __fail(msg); +} Index: lib/libc/secure/stack_protector.c =================================================================== --- /dev/null +++ lib/libc/secure/stack_protector.c @@ -0,0 +1,89 @@ +/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ +/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ +/* + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include "libc_private.h" + +extern int __sysctl(const int *name, u_int namelen, void *oldp, + size_t *oldlenp, void *newp, size_t newlen); + +long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; +static void __guard_setup(void) __attribute__((__constructor__, __used__)); +void __stack_chk_fail(void) __dead2; + +/*LINTED used*/ +static void +__guard_setup(void) +{ + static const int mib[2] = { CTL_KERN, KERN_ARND }; + size_t len; + int error; + + if (__stack_chk_guard[0] != 0) + return; + error = _elf_aux_info(AT_CANARY, __stack_chk_guard, + sizeof(__stack_chk_guard)); + if (error == 0 && __stack_chk_guard[0] != 0) + return; + + len = sizeof(__stack_chk_guard); + if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == + -1 || len != sizeof(__stack_chk_guard)) { + /* If sysctl was unsuccessful, use the "terminator canary". */ + ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; + ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; + ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; + ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; + } +} + +void +__stack_chk_fail(void) +{ + + __secure_fail("stack overflow detected; terminated"); +} + +void +__chk_fail(void) +{ + + __secure_fail("buffer overflow detected; terminated"); +} + +#ifndef PIC +__weak_reference(__stack_chk_fail, __stack_chk_fail_local); +#endif Index: lib/libc/secure/stack_protector_compat.c =================================================================== --- /dev/null +++ lib/libc/secure/stack_protector_compat.c @@ -0,0 +1,20 @@ +/* + * Written by Alexander Kabaev + * The file is in public domain. + */ + +#include +__FBSDID("$FreeBSD$"); + +void __stack_chk_fail(void); + +#ifdef PIC +void +__stack_chk_fail_local_hidden(void) +{ + + __stack_chk_fail(); +} + +__sym_compat(__stack_chk_fail_local, __stack_chk_fail_local_hidden, FBSD_1.0); +#endif Index: lib/libc/stdio/fgets.c =================================================================== --- lib/libc/stdio/fgets.c +++ lib/libc/stdio/fgets.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)fgets.c 8.2 (Berkeley) 12/22/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/gets.c =================================================================== --- lib/libc/stdio/gets.c +++ lib/libc/stdio/gets.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)gets.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/snprintf.c =================================================================== --- lib/libc/stdio/snprintf.c +++ lib/libc/stdio/snprintf.c @@ -38,6 +38,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)snprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/sprintf.c =================================================================== --- lib/libc/stdio/sprintf.c +++ lib/libc/stdio/sprintf.c @@ -38,6 +38,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)sprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/stdio/vsnprintf.c =================================================================== --- lib/libc/stdio/vsnprintf.c +++ lib/libc/stdio/vsnprintf.c @@ -38,6 +38,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)vsnprintf.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/bzero.c =================================================================== --- lib/libc/string/bzero.c +++ lib/libc/string/bzero.c @@ -1,3 +1,4 @@ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memccpy.c =================================================================== --- lib/libc/string/memccpy.c +++ lib/libc/string/memccpy.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memccpy.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memchr.c =================================================================== --- lib/libc/string/memchr.c +++ lib/libc/string/memchr.c @@ -33,6 +33,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memchr.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/memset.c =================================================================== --- lib/libc/string/memset.c +++ lib/libc/string/memset.c @@ -33,6 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)memset.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/stpncpy.c =================================================================== --- lib/libc/string/stpncpy.c +++ lib/libc/string/stpncpy.c @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strchr.c =================================================================== --- lib/libc/string/strchr.c +++ lib/libc/string/strchr.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)index.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strchrnul.c =================================================================== --- lib/libc/string/strchrnul.c +++ lib/libc/string/strchrnul.c @@ -25,6 +25,7 @@ * */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlcat.c =================================================================== --- lib/libc/string/strlcat.c +++ lib/libc/string/strlcat.c @@ -16,6 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlcpy.c =================================================================== --- lib/libc/string/strlcpy.c +++ lib/libc/string/strlcpy.c @@ -16,6 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strlen.c =================================================================== --- lib/libc/string/strlen.c +++ lib/libc/string/strlen.c @@ -24,6 +24,7 @@ * SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/string/strrchr.c =================================================================== --- lib/libc/string/strrchr.c +++ lib/libc/string/strrchr.c @@ -30,6 +30,8 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)rindex.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ + +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/Makefile.inc =================================================================== --- lib/libc/sys/Makefile.inc +++ lib/libc/sys/Makefile.inc @@ -21,8 +21,6 @@ # Sources common to both syscall interfaces: SRCS+= \ - stack_protector.c \ - stack_protector_compat.c \ __error.c \ interposing_table.c Index: lib/libc/sys/Symbol.map =================================================================== --- lib/libc/sys/Symbol.map +++ lib/libc/sys/Symbol.map @@ -56,7 +56,6 @@ bind; chdir; chflags; - __chk_fail; chmod; chown; chroot; @@ -281,8 +280,6 @@ sigwaitinfo; socket; socketpair; - __stack_chk_fail; - __stack_chk_guard; stat; statfs; swapoff; Index: lib/libc/sys/read.c =================================================================== --- lib/libc/sys/read.c +++ lib/libc/sys/read.c @@ -30,6 +30,7 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/readv.c =================================================================== --- lib/libc/sys/readv.c +++ lib/libc/sys/readv.c @@ -30,6 +30,7 @@ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#undef _FORTIFY_SOURCE #include __FBSDID("$FreeBSD$"); Index: lib/libc/sys/stack_protector.c =================================================================== --- lib/libc/sys/stack_protector.c +++ /dev/null @@ -1,117 +0,0 @@ -/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ -/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ -/* - * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "libc_private.h" - -extern int __sysctl(const int *name, u_int namelen, void *oldp, - size_t *oldlenp, void *newp, size_t newlen); - -long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; -static void __guard_setup(void) __attribute__((__constructor__, __used__)); -static void __fail(const char *); -void __stack_chk_fail(void); -void __chk_fail(void); - -/*LINTED used*/ -static void -__guard_setup(void) -{ - static const int mib[2] = { CTL_KERN, KERN_ARND }; - size_t len; - int error; - - if (__stack_chk_guard[0] != 0) - return; - error = _elf_aux_info(AT_CANARY, __stack_chk_guard, - sizeof(__stack_chk_guard)); - if (error == 0 && __stack_chk_guard[0] != 0) - return; - - len = sizeof(__stack_chk_guard); - if (__sysctl(mib, nitems(mib), __stack_chk_guard, &len, NULL, 0) == - -1 || len != sizeof(__stack_chk_guard)) { - /* If sysctl was unsuccessful, use the "terminator canary". */ - ((unsigned char *)(void *)__stack_chk_guard)[0] = 0; - ((unsigned char *)(void *)__stack_chk_guard)[1] = 0; - ((unsigned char *)(void *)__stack_chk_guard)[2] = '\n'; - ((unsigned char *)(void *)__stack_chk_guard)[3] = 255; - } -} - -/*ARGSUSED*/ -static void -__fail(const char *msg) -{ - struct sigaction sa; - sigset_t mask; - - /* Immediately block all signal handlers from running code */ - (void)sigfillset(&mask); - (void)sigdelset(&mask, SIGABRT); - (void)sigprocmask(SIG_BLOCK, &mask, NULL); - - /* This may fail on a chroot jail... */ - syslog(LOG_CRIT, "%s", msg); - - (void)memset(&sa, 0, sizeof(sa)); - (void)sigemptyset(&sa.sa_mask); - sa.sa_flags = 0; - sa.sa_handler = SIG_DFL; - (void)sigaction(SIGABRT, &sa, NULL); - (void)kill(getpid(), SIGABRT); - _exit(127); -} - -void -__stack_chk_fail(void) -{ - __fail("stack overflow detected; terminated"); -} - -void -__chk_fail(void) -{ - __fail("buffer overflow detected; terminated"); -} - -#ifndef PIC -__weak_reference(__stack_chk_fail, __stack_chk_fail_local); -#endif Index: lib/libc/sys/stack_protector_compat.c =================================================================== --- lib/libc/sys/stack_protector_compat.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Written by Alexander Kabaev - * The file is in public domain. - */ - -#include -__FBSDID("$FreeBSD$"); - -void __stack_chk_fail(void); - -#ifdef PIC -void -__stack_chk_fail_local_hidden(void) -{ - - __stack_chk_fail(); -} - -__sym_compat(__stack_chk_fail_local, __stack_chk_fail_local_hidden, FBSD_1.0); -#endif Index: lib/libstand/Makefile =================================================================== --- lib/libstand/Makefile +++ lib/libstand/Makefile @@ -8,6 +8,7 @@ MK_PROFILE= no MK_SSP= no +MK_FORTIFY= no .include Index: lib/libstand/stand.h =================================================================== --- lib/libstand/stand.h +++ lib/libstand/stand.h @@ -61,6 +61,12 @@ #ifndef STAND_H #define STAND_H +#undef _FORTIFY_SOURCE +/* + * Yes, this second one is a big hack. + */ +#undef __BSD_FORTIFY + #include #include #include Index: lib/libthr/Makefile =================================================================== --- lib/libthr/Makefile +++ lib/libthr/Makefile @@ -12,6 +12,7 @@ .include MK_SSP= no +MK_FORTIFY= no LIB=thr SHLIB_MAJOR= 3 Index: libexec/rtld-elf/Makefile =================================================================== --- libexec/rtld-elf/Makefile +++ libexec/rtld-elf/Makefile @@ -6,6 +6,7 @@ .include MK_SSP= no +MK_FORTIFY= no PROG?= ld-elf.so.1 SRCS= rtld_start.S \ Index: rescue/librescue/Makefile =================================================================== --- rescue/librescue/Makefile +++ rescue/librescue/Makefile @@ -4,6 +4,7 @@ .include MK_SSP= no +MK_FORTIFY= no # Certain library entries have hard-coded references to # /bin, /sbin, etc, that require those entries to be Index: rescue/rescue/Makefile =================================================================== --- rescue/rescue/Makefile +++ rescue/rescue/Makefile @@ -5,6 +5,7 @@ MAN= MK_SSP= no +MK_FORTIFY= no PROG= rescue BINDIR?=/rescue Index: share/mk/bsd.opts.mk =================================================================== --- share/mk/bsd.opts.mk +++ share/mk/bsd.opts.mk @@ -51,6 +51,7 @@ __DEFAULT_YES_OPTIONS = \ ASSERT_DEBUG \ DOCCOMPRESS \ + FORTIFY \ INCLUDES \ INSTALLLIB \ KERBEROS \ Index: share/mk/bsd.sys.mk =================================================================== --- share/mk/bsd.sys.mk +++ share/mk/bsd.sys.mk @@ -153,6 +153,11 @@ CFLAGS+= ${SSP_CFLAGS} .endif # SSP && !ARM && !MIPS +.if ${MK_FORTIFY} != "no" +FORTIFY_CFLAGS?= -D_FORTIFY_SOURCE=1 +CFLAGS+= ${FORTIFY_CFLAGS} +.endif # FORTIFY + # Allow user-specified additional warning flags, plus compiler specific flag overrides. # Unless we've overriden this... .if ${MK_WARNS} != "no" Index: sys/boot/efi/boot1/Makefile =================================================================== --- sys/boot/efi/boot1/Makefile +++ sys/boot/efi/boot1/Makefile @@ -8,6 +8,7 @@ .if ${COMPILER_TYPE} != "gcc" MK_SSP= no +MK_FORTIFY= no PROG= loader.sym INTERNALPROG= Index: sys/boot/efi/loader/Makefile =================================================================== --- sys/boot/efi/loader/Makefile +++ sys/boot/efi/loader/Makefile @@ -8,6 +8,7 @@ .if ${COMPILER_TYPE} != "gcc" MK_SSP= no +MK_FORTIFY= no PROG= loader.sym INTERNALPROG= Index: sys/boot/ficl/Makefile =================================================================== --- sys/boot/ficl/Makefile +++ sys/boot/ficl/Makefile @@ -1,6 +1,10 @@ # $FreeBSD$ # +.include + +MK_FORTIFY= no + FICLDIR?= ${.CURDIR} .if defined(FICL32) Index: sys/boot/i386/libi386/Makefile =================================================================== --- sys/boot/i386/libi386/Makefile +++ sys/boot/i386/libi386/Makefile @@ -1,5 +1,10 @@ # $FreeBSD$ # + +.include + +MK_FORTIFY= no + LIB= i386 INTERNALLIB= Index: sys/boot/i386/loader/Makefile =================================================================== --- sys/boot/i386/loader/Makefile +++ sys/boot/i386/loader/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no LOADER?= loader PROG= ${LOADER}.sym Index: sys/boot/libstand32/Makefile =================================================================== --- sys/boot/libstand32/Makefile +++ sys/boot/libstand32/Makefile @@ -10,6 +10,7 @@ .include MK_SSP= no +MK_FORTIFY= no LIBSTAND_SRC= ${.CURDIR}/../../../lib/libstand LIBC_SRC= ${LIBSTAND_SRC}/../libc Index: sys/boot/mips/beri/loader/Makefile =================================================================== --- sys/boot/mips/beri/loader/Makefile +++ sys/boot/mips/beri/loader/Makefile @@ -31,6 +31,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG?= loader Index: sys/boot/pc98/loader/Makefile =================================================================== --- sys/boot/pc98/loader/Makefile +++ sys/boot/pc98/loader/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= LOADER?= loader Index: sys/boot/powerpc/kboot/Makefile =================================================================== --- sys/boot/powerpc/kboot/Makefile +++ sys/boot/powerpc/kboot/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG= loader.kboot Index: sys/boot/powerpc/ofw/Makefile =================================================================== --- sys/boot/powerpc/ofw/Makefile +++ sys/boot/powerpc/ofw/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG= loader Index: sys/boot/powerpc/ps3/Makefile =================================================================== --- sys/boot/powerpc/ps3/Makefile +++ sys/boot/powerpc/ps3/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG= loader.ps3 Index: sys/boot/sparc64/loader/Makefile =================================================================== --- sys/boot/sparc64/loader/Makefile +++ sys/boot/sparc64/loader/Makefile @@ -2,6 +2,7 @@ .include MK_SSP= no +MK_FORTIFY= no MAN= PROG?= loader Index: sys/boot/zfs/Makefile =================================================================== --- sys/boot/zfs/Makefile +++ sys/boot/zfs/Makefile @@ -1,5 +1,9 @@ # $FreeBSD$ +.include + +MK_FORTIFY= no + LIB= zfsboot INTERNALLIB= Index: sys/sys/cdefs.h =================================================================== --- sys/sys/cdefs.h +++ sys/sys/cdefs.h @@ -554,6 +554,26 @@ #define __gnu_inline #endif +#if __has_attribute(error) || __GNUC_PREREQ__(4, 3) +#define __error_attr(msg) __attribute__((__error__(msg))) +#else +#define __error_attr(msg) +#endif + +/* FORTIFY_SOURCE related defines. */ +#if __GNUC_PREREQ__(4, 1) && defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ + defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 && !defined(lint) +#define __BSD_FORTIFY 1 +#if _FORTIFY_SOURCE >= 2 +#define __bos(s) __builtin_object_size((s), 1) +#else +#define __bos(s) __builtin_object_size((s), 0) +#endif +#define __bos0(s) __builtin_object_size((s), 0) +#define __FORTIFY_INLINE extern __inline __always_inline __gnu_inline +#endif /* !_FORTIFY_SOURCE */ +#define __FORTIFY_UNKNOWN_SIZE ((size_t) -1) + /* Compiler-dependent macros that rely on FreeBSD-specific extensions. */ #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 300001 && \ defined(__GNUC__) && !defined(__INTEL_COMPILER) Index: sys/sys/poll.h =================================================================== --- sys/sys/poll.h +++ sys/sys/poll.h @@ -117,6 +117,10 @@ #endif __END_DECLS +#ifdef __BSD_FORTIFY +#include +#endif + #endif /* !_KERNEL */ #endif /* !_SYS_POLL_H_ */ Index: sys/sys/select.h =================================================================== --- sys/sys/select.h +++ sys/sys/select.h @@ -103,6 +103,7 @@ int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); #endif __END_DECLS + #endif /* !_KERNEL */ #endif /* _SYS_SELECT_H_ */ Index: sys/sys/socket.h =================================================================== --- sys/sys/socket.h +++ sys/sys/socket.h @@ -630,6 +630,10 @@ int socketpair(int, int, int, int *); __END_DECLS +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_KERNEL */ #ifdef _KERNEL Index: sys/sys/stat.h =================================================================== --- sys/sys/stat.h +++ sys/sys/stat.h @@ -356,6 +356,11 @@ int mknodat(int, const char *, mode_t, dev_t); #endif __END_DECLS + +#if defined(__BSD_FORTIFY) +#include +#endif + #endif /* !_KERNEL */ #endif /* !_SYS_STAT_H_ */ Index: tools/build/options/WITHOUT_FORTIFY =================================================================== --- /dev/null +++ tools/build/options/WITHOUT_FORTIFY @@ -0,0 +1,4 @@ +.\" $FreeBSD$ +Set to not build world with FORTIFY_SOURCE. + +FORTIFY_SOURCE feature provides primitive support for detecting buffer overflows in various functions which operates on memory areas and strings. A limited set of buffer overflows can be detected with this feature, but it provides an additional level of validation for some functions which are potentially an origin of buffer overflow flaws. Index: tools/hbsd/build_hbsd_kernel.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_kernel.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_kernel_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_kernel_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT -DNO_CLEAN KERNCONF=GENERIC buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_libc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_libc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-libc-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-libc-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}/lib/libc; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_libc_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_libc_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-libc-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-libc-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}/lib/libc; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_world.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_world.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC buildworld buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/build_hbsd_world_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/build_hbsd_world_nc.csh @@ -0,0 +1,47 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv SRCCONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" +set __MAKE_CONF = "/dev/null" +set SRCCONF = "/dev/null" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC buildworld buildkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/install_hbsd_world.csh =================================================================== --- /dev/null +++ tools/hbsd/install_hbsd_world.csh @@ -0,0 +1,44 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_ROOT KERNCONF=GENERIC installworld installkernel) |& tee -a ${_log} +touch ${_check_toolchain} Index: tools/hbsd/install_hbsd_world_nc.csh =================================================================== --- /dev/null +++ tools/hbsd/install_hbsd_world_nc.csh @@ -0,0 +1,44 @@ +#!/bin/csh + +setenv TARGET amd64 +setenv MAKEOBJDIRPREFIX /var/tmp/${TARGET}-objdir +setenv __MAKE_CONF /dev/null +setenv DESTDIR /tmp/${TARGET}-kernel +@ __freebsd_mk_jobs = `sysctl -n kern.smp.cpus` + 1 +set current_dir = `pwd` +set _current_dir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\2|g'` +set _current_realdir = `echo ${current_dir} | sed -e 's|\(.*/\)\(.*\.git\)\(/.*\)*|\1/\2|g'` +set _check_toolchain = "${MAKEOBJDIRPREFIX}/___kernel-toolchain_DONE" +set _date=`date "+%Y%m%d%H%M%S"` +set _log="/tmp/${TARGET}-cc-log-${_current_dir}-${_date}" +set _log_last="/tmp/${TARGET}-cc-log-${_current_dir}.last" + +if ( "`sysctl -n security.bsd.hardlink_check_uid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_uid=0" + exit +endif + +if ( "`sysctl -n security.bsd.hardlink_check_gid`" == "1" ) then + echo "build will fail, due to hard security checks" + echo "sysctl security.bsd.hardlink_check_gid=0" + exit +endif + +if ( (${_current_dir} != "hardenedBSD.git")) then + if ((${_current_dir} != "opBSD.git")) then + set _current_dir = "hardenedBSD.git" + endif +endif + +echo "build source dir: ${_current_dir}" +sleep 1 + +if ( ! -d $MAKEOBJDIRPREFIX ) then + mkdir $MAKEOBJDIRPREFIX +endif + +ln -sf ${_log} ${_log_last} + +(cd /usr/data/source/git/opBSD/${_current_dir}; make -j$__freebsd_mk_jobs -DNO_CLEAN -DNO_ROOT KERNCONF=GENERIC installworld installkernel) |& tee -a ${_log} +touch ${_check_toolchain}