include: ssp: round out fortification of current set of headers
Needs ReviewPublic
Actions

Authored by kevans on Fri, Jun 21, 4:59 PM.

Details

Reviewers

kib
markj
olce

Group Reviewers

Klara

Summary

ssp/ssp.h needed some improvements:

len isn't always a size_t, it may need casted
In some cases we may want to use a len that isn't specified as a parameter (e.g., L_ctermid), so __ssp_redirect() should be more flexible.
In other cases we may want additional checking, so pull all of the declaration bits out of __ssp_redirect_raw() so that some functions can implement the body themselves.

strlcat/strlcpy should be the last of the fortified functions that get
their own __*_chk symbols, and these cases are only done to be
consistent with the rest of the str*() set.

Sponsored by: Stormshield
Sponsored by: Klara, Inc.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 58365
Build 55253: arc lint + arc unit

Event Timeline

kevans created this revision.Fri, Jun 21, 4:59 PM

Herald added a subscriber: imp. · View Herald TranscriptFri, Jun 21, 4:59 PM

kevans requested review of this revision.Fri, Jun 21, 4:59 PM

Harbormaster completed remote builds in B58288: Diff 140080.Fri, Jun 21, 4:59 PM

kevans added a parent revision: D45678: libc: tests: add testing infrastructure for _FORTIFY_SOURCE.Fri, Jun 21, 4:59 PM

kevans added a child revision: D45680: include: ssp: fortify poll/ppoll from <poll.h>.

Fix libc build without FORTIFY_SOURCE enabled

Harbormaster completed remote builds in B58298: Diff 140096.Sat, Jun 22, 2:31 AM

markj accepted this revision as: markj.Mon, Jun 24, 4:51 PM

markj added inline comments.

lib/libc/secure/strlcat_chk.c
47	We know that `n <= dbufsize`, and the loop predicate checks `n-- != 0` so this condition is always false.
lib/libc/secure/strlcpy_chk.c
27–28	Do you want to check `dbufsize > 0` here?
28	Do you actually need to undef?
lib/libc/stdio/fread.c
50–51	This line is too long.

This revision is now accepted and ready to land.Mon, Jun 24, 4:51 PM

kevans mentioned this in D45678: libc: tests: add testing infrastructure for _FORTIFY_SOURCE.Tue, Jun 25, 5:24 AM

Reduce __strlcpy_chk to size check + strlcpy(), address review feedback

This revision now requires review to proceed.Wed, Jun 26, 7:07 PM

Herald added a reviewer: olce. · View Herald TranscriptWed, Jun 26, 7:07 PM

Harbormaster completed remote builds in B58365: Diff 140278.Wed, Jun 26, 7:07 PM

kevans added inline comments.Wed, Jun 26, 7:07 PM

lib/libc/secure/strlcpy_chk.c
27–28	Looking at it again, I'm not sure it actually makes sense to inline `strlcpy` like this anyways... `n` passed in is supposed to cover room for the NUL terminator, so it should be sufficient to just __bos it up front then call into the real `strlcpy`