diff options
| author | Florian Weimer <fweimer@redhat.com> | 2023-06-14 18:10:08 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2023-06-14 18:10:08 +0200 |
| commit | 454a20c8756c9c1d55419153255fc7692b3d2199 (patch) | |
| tree | a65ad84288a247995183089f4400e4fd080ecc9d /debug | |
| parent | 7ba426a1115318fc11f4355f3161f35817a06ba4 (diff) | |
| download | glibc-454a20c8756c9c1d55419153255fc7692b3d2199.tar glibc-454a20c8756c9c1d55419153255fc7692b3d2199.tar.gz glibc-454a20c8756c9c1d55419153255fc7692b3d2199.tar.bz2 glibc-454a20c8756c9c1d55419153255fc7692b3d2199.zip | |
Implement strlcpy and strlcat [BZ #178]
These functions are about to be added to POSIX, under Austin Group
issue 986.
The fortified strlcat implementation does not raise SIGABRT if the
destination buffer does not contain a null terminator, it just
inherits the non-failing regular strlcat behavior.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'debug')
| -rw-r--r-- | debug/Makefile | 2 | ||||
| -rw-r--r-- | debug/Versions | 4 | ||||
| -rw-r--r-- | debug/strlcat_chk.c | 31 | ||||
| -rw-r--r-- | debug/strlcpy_chk.c | 31 | ||||
| -rw-r--r-- | debug/tst-fortify.c | 31 |
5 files changed, 99 insertions, 0 deletions
diff --git a/debug/Makefile b/debug/Makefile index 096df27aeb..55e2aadec9 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -84,6 +84,8 @@ routines = \ stpncpy_chk \ strcat_chk \ strcpy_chk \ + strlcat_chk \ + strlcpy_chk \ strncat_chk \ strncpy_chk \ swprintf_chk \ diff --git a/debug/Versions b/debug/Versions index a6628db356..94dfa5f428 100644 --- a/debug/Versions +++ b/debug/Versions @@ -58,6 +58,10 @@ libc { GLIBC_2.25 { __explicit_bzero_chk; } + GLIBC_2.38 { + __strlcat_chk; + __strlcpy_chk; + } GLIBC_PRIVATE { __fortify_fail; } diff --git a/debug/strlcat_chk.c b/debug/strlcat_chk.c new file mode 100644 index 0000000000..888a62fad5 --- /dev/null +++ b/debug/strlcat_chk.c @@ -0,0 +1,31 @@ +/* Fortified version of strlcat. + Copyright (C) 2023 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <string.h> + +/* Check that the user-supplied size does not exceed the + compiler-determined size, and then forward to strlcat. */ +size_t +__strlcat_chk (char *__restrict s1, const char *__restrict s2, + size_t n, size_t s1len) +{ + if (__glibc_unlikely (s1len < n)) + __chk_fail (); + + return __strlcat (s1, s2, n); +} diff --git a/debug/strlcpy_chk.c b/debug/strlcpy_chk.c new file mode 100644 index 0000000000..768a3af686 --- /dev/null +++ b/debug/strlcpy_chk.c @@ -0,0 +1,31 @@ +/* Fortified version of strlcpy. + Copyright (C) 2023 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <string.h> + +/* Check that the user-supplied size does not exceed the + compiler-determined size, and then forward to strlcpy. */ +size_t +__strlcpy_chk (char *__restrict s1, const char *__restrict s2, + size_t n, size_t s1len) +{ + if (__glibc_unlikely (s1len < n)) + __chk_fail (); + + return __strlcpy (s1, s2, n); +} diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c index 9f962f2a75..0f823a85d0 100644 --- a/debug/tst-fortify.c +++ b/debug/tst-fortify.c @@ -535,6 +535,20 @@ do_test (void) strncpy (a.buf1 + (O + 6), "X", l0 + 4); CHK_FAIL_END + CHK_FAIL_START + strlcpy (a.buf1 + (O + 6), "X", 4); + CHK_FAIL_END + + CHK_FAIL_START + strlcpy (a.buf1 + (O + 6), "X", l0 + 4); + CHK_FAIL_END + + { + char *volatile buf2 = buf; + if (strlcpy (buf2, "a", sizeof (buf) + 1) != 1) + FAIL (); + } + # if !defined __cplusplus || defined __va_arg_pack CHK_FAIL_START sprintf (a.buf1 + (O + 7), "%d", num1); @@ -558,6 +572,23 @@ do_test (void) CHK_FAIL_START strncat (a.buf1, "ZYXWV", l0 + 3); CHK_FAIL_END + + memset (a.buf1, 0, sizeof (a.buf1)); + CHK_FAIL_START + strlcat (a.buf1 + (O + 6), "X", 4); + CHK_FAIL_END + + memset (a.buf1, 0, sizeof (a.buf1)); + CHK_FAIL_START + strlcat (a.buf1 + (O + 6), "X", l0 + 4); + CHK_FAIL_END + + { + buf[0] = '\0'; + char *volatile buf2 = buf; + if (strlcat (buf2, "a", sizeof (buf) + 1) != 1) + FAIL (); + } #endif |