Commit Graph

11 Commits

Author SHA1 Message Date
Christian Franke 497e6eb2c0 ssp: add support for _FORTIFY_SOURCE=3
If specified, use __builtin_dynamic_object_size() instead of
__builtin_object_size() if supported (GCC 12.0 or later).
This enables buffer overflow checks if the buffer size is non-const
but known during runtime.
Use new macro __ssp_bos_known() instead of the (bos(p) != (size_t)-1)
checks.  The latter is no longer a compile time constant in all cases.
This avoids the generation of unused code.

Signed-off-by: Christian Franke <christian.franke@t-online.de>
2024-01-29 14:03:37 +01:00
Yaakov Selkowitz 829820af6e ssp: fix wchar.h with -std=c99
https://sourceware.org/ml/newlib/2018/msg00261.html

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-03-14 10:46:32 -05:00
Yaakov Selkowitz b920561fe3 ssp: do not use __ssp_protected_ symbol prefixes
This is a NetBSD-specific detail which does not apply to Newlib, causing
linking issues in certain scenarios:

https://cygwin.com/ml/cygwin/2018-01/msg00189.html

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2018-01-26 11:51:15 -06:00
Yaakov Selkowitz 8f7c712bb8 ssp: add Object Size Checking for wchar.h, part 1
The following functions are also guarded in glibc:
fwprintf, swprintf, wprintf, vfwprintf, vswprintf, vwprintf.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-12-04 04:09:46 -06:00
Yaakov Selkowitz 8ba0bbb913 ssp: add Object Size Checking for unistd.h, part 2
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-12-01 03:41:49 -06:00
Yaakov Selkowitz 1e43e181c2 ssp: add Object Size Checking for stdlib.h
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-11-30 12:09:03 -06:00
Yaakov Selkowitz 6b02865d80 ssp: add Object Size Checking for unistd.h, part 1
The implementation is from NetBSD, with the addition of feature test macros
for readlink.  glibc also wraps the following functions:
confstr, getdomainname, getgroups, gethostname, getlogin_r, getwd, pread,
readlinkat, ttyname_r.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-11-29 11:25:44 -06:00
Yaakov Selkowitz 576093d46b ssp: add Object Size Checking for stdio.h, part 1
The implementation is mostly from NetBSD, except for switching fgets to
pure inline, and the addition of fgets_unlocked, fread, and fread_unlocked
for parity with glibc.  The following functions are also guarded in glibc:
asprintf, dprintf, fprintf, printf, vasprintf, vdprintf, vfprintf, vprintf.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-11-29 11:25:42 -06:00
Yaakov Selkowitz a997f98b2a ssp: add Object Size Checking for strings.h
The implementation is from NetBSD, with the addition of explicit_bzero
for parity with glibc.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-11-29 11:25:41 -06:00
Yaakov Selkowitz e4fc4d7bc4 ssp: add Object Size Checking for string.h
The implementation is from NetBSD, with the addition of mempcpy (a GNU
extension) for parity with glibc and libssp.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-11-29 11:25:40 -06:00
Yaakov Selkowitz 3e8fc7d9f2 ssp: add Object Size Checking common code
The Object Size Checking (-D_FORTIFY_SOURCE=*) functionality provides
wrappers around functions suspectible to buffer overflows.  While
independent from Stack Smashing Protection (-fstack-protector*), they
are often used and implemented together.

While GCC also provides an implementation in libssp, it is completely
broken (CVE-2016-4973, RHBZ#1324759) and seemingly unfixable, as there
is no reliable way for a preprocessor macro to trigger a link flag.
Therefore, adding this here is necessary to make it work.

Note that this does require building gcc with --disable-libssp and
gcc_cv_libc_provides_ssp=yes.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2017-11-29 11:25:39 -06:00