Index: include/secure/Makefile =================================================================== --- include/secure/Makefile +++ include/secure/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -INCS= security.h _poll.h _socket.h +INCS= security.h _poll.h _socket.h _stat.h INCSDIR= ${INCLUDEDIR}/secure .include Index: include/secure/_stat.h =================================================================== --- /dev/null +++ include/secure/_stat.h @@ -0,0 +1,70 @@ +/*- + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#ifndef _SYS_STAT_H_ +#error "You should not use directly; include instead." +#endif + +#ifndef _SECURE_STAT_H_ +#define _SECURE_STAT_H_ + +#include + +__BEGIN_DECLS + +extern mode_t __umask_chk(mode_t); +#ifndef __FORTIFY_UMASK_REAL +#define __FORTIFY_UMASK_REAL 1 +extern mode_t __umask_real(mode_t) __RENAME(umask); +#endif +__errordecl(__umask_invalid_mode, "umask called with invalid mode"); + +#ifdef __BSD_FORTIFY + +__FORTIFY_INLINE mode_t +umask(mode_t _mode) +{ +#ifndef __clang__ + if (__builtin_constant_p(_mode)) { + if ((_mode & 0777) != _mode) + __umask_invalid_mode(); + + return (__umask_real(_mode)); + } +#endif + return (__umask_chk(_mode)); +} +#endif /* defined(__BSD_FORTIFY) */ + +__END_DECLS + +#endif /* !_SECURE_STAT_H_ */ Index: lib/libc/secure/Makefile.inc =================================================================== --- lib/libc/secure/Makefile.inc +++ lib/libc/secure/Makefile.inc @@ -18,6 +18,7 @@ # but live in .h files under sys/sys SRCS+= \ __poll_chk.c \ - __recvfrom_chk.c + __recvfrom_chk.c \ + __umask_chk.c SYM_MAPS+= ${LIBC_SRCTOP}/secure/Symbol.map Index: lib/libc/secure/Symbol.map =================================================================== --- lib/libc/secure/Symbol.map +++ lib/libc/secure/Symbol.map @@ -22,6 +22,7 @@ __poll_chk; __ppoll_chk; __recvfrom_chk; + __umask_chk; __secure_fail; }; Index: lib/libc/secure/__umask_chk.c =================================================================== --- /dev/null +++ lib/libc/secure/__umask_chk.c @@ -0,0 +1,53 @@ +/*- + * Copyright (C) 2012 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * rev: d807b9a12d3e49132b095df3d883618452033b51 + * + * $FreeBSD$ + */ + +#undef _FORTIFY_SOURCE + +#include +#include +#include +#include +#include +#include "secure/_stat.h" + +/* + * Validate that umask is called with sane mode. + */ +mode_t +__umask_chk(mode_t mode) +{ + + if (__predict_false((mode & 0777) != mode)) + __fortify_chk_fail("umask: called with invalid mask"); + + return (umask(mode)); +} Index: sys/sys/stat.h =================================================================== --- sys/sys/stat.h +++ sys/sys/stat.h @@ -356,6 +356,11 @@ int mknodat(int, const char *, mode_t, dev_t); #endif __END_DECLS + +#ifdef __BSD_FORTIFY +#include +#endif + #endif /* !_KERNEL */ #endif /* !_SYS_STAT_H_ */