Page MenuHomeFreeBSD
Differential D45686

include: ssp: fortify <sys/socket.h>
ClosedPublic
Actions

Authored by kevans on Jun 21 2024, 5:00 PM.
Tags
None
Referenced Files
F156571771: D45686.id140857.diff
Thu, May 14, 6:32 PM
F156571700: D45686.id140087.diff
Thu, May 14, 6:32 PM
F156571644: D45686.diff
Thu, May 14, 6:31 PM
Unknown Object (File)
Thu, May 14, 1:27 AM
Unknown Object (File)
Mon, Apr 27, 9:57 PM
Unknown Object (File)
Sat, Apr 25, 10:14 AM
Unknown Object (File)
Sun, Apr 19, 11:43 PM
Unknown Object (File)
Apr 6 2026, 4:49 AM
View All Files
Subscribers
glebius
imp

Details

Reviewers
kib
markj
Group Reviewers
Klara
Commits
rG1f155d48f878: include: ssp: fortify <sys/socket.h>
Summary

The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.

Sponsored by: Stormshield
Sponsored by: Klara, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Jun 21 2024, 5:00 PM
Herald added subscribers: glebius, imp. · View Herald TranscriptJun 21 2024, 5:00 PM
kevans requested review of this revision.Jun 21 2024, 5:00 PM
Harbormaster completed remote builds in B58295: Diff 140087.Jun 21 2024, 5:00 PM
kevans added a parent revision: D45685: include: ssp: fortify <sys/select.h>.Jun 21 2024, 5:00 PM
markj accepted this revision as: markj.Jun 24 2024, 5:00 PM
markj added inline comments.
lib/libc/tests/secure/generate-fortify-tests.lua
127

Is this check redundant? I'd expect new_socket() to check that if needed.

This revision is now accepted and ready to land.Jun 24 2024, 5:00 PM
kevans added a child revision: D45940: include: de-macro __ssp_overlap(), improve semantics and checking.Jul 9 2024, 7:51 PM
kevans marked an inline comment as done.Jul 9 2024, 8:16 PM
kevans added inline comments.
lib/libc/tests/secure/generate-fortify-tests.lua
127

Indeed, new_socket() already does plenty to ensure that it hasn't failed.

Closed by commit rG1f155d48f878: include: ssp: fortify <sys/socket.h> (authored by kevans). · Explain WhyJul 13 2024, 5:23 AM
This revision was automatically updated to reflect the committed changes.
kevans marked an inline comment as done.
kevans added a commit: rG1f155d48f878: include: ssp: fortify <sys/socket.h>.

Revision Contents
Changeset List

Diff 140857

View Options

include/ssp/Makefile

Loading...
View Options

include/ssp/socket.h

Loading...
View Options

lib/libc/sys/recv.c

Loading...
View Options

lib/libc/sys/recvfrom.c

Loading...
View Options

lib/libc/sys/recvmsg.c

Loading...
View Options

lib/libc/tests/secure/Makefile

Loading...
View Options

lib/libc/tests/secure/fortify_poll_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_random_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_select_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_socket_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_stdio_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_stdlib_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_string_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_strings_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_uio_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_unistd_test.c

Loading...
View Options

lib/libc/tests/secure/fortify_wchar_test.c

Loading...
View Options

lib/libc/tests/secure/generate-fortify-tests.lua

Loading...
View Options

lib/libsys/recvmmsg.c

Loading...
View Options

sys/sys/socket.h

Loading...