From b5cc329c4fb831ce99cd683caf3c5b5114c90010 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Mon, 18 Oct 2004 04:17:19 +0000 Subject: 2004-10-15 Jakub Jelinek * elf/dl-minimal.c (__chk_fail): New. Add rtld_hidden_def. * sysdeps/unix/sysv/linux/readonly-area.c: New file. * sysdeps/i386/i686/memmove.S (__memmove_chk): Add checking routine. * sysdeps/i386/i686/memcpy.S (__memcpy_chk): Likewise. * sysdeps/i386/i686/mempcpy.S (__mempcpy_chk): Likewise. * sysdeps/i386/i686/memset.S (__memset_chk): Likewise. * sysdeps/i386/i686/memmove-chk.S: New file. * sysdeps/i386/i686/memcpy-chk.S: Likewise. * sysdeps/i386/i686/mempcpy-chk.S: Likewise. * sysdeps/i386/i686/memset-chk.S: Likewise. * sysdeps/generic/strcat-chk.c (__strcat_chk): Don't __chk_fail if exactly fitting into buffer. * sysdeps/generic/strncat-chk.c (__strncat_chk): Likewise. * sysdeps/generic/readonly-area.c: New file. * sysdeps/generic/strncpy-chk.c (__strncpy_chk): Only test destlen once. * sysdeps/x86_64/memset.S (__memset_chk): Add checking routine. * sysdeps/x86_64/memcpy.S (__memcpy_chk): Likewise. * sysdeps/x86_64/mempcpy.S (__memcpy_chk): Define to __mempcpy_chk. * sysdeps/x86_64/memcpy-chk.S: New file. * sysdeps/x86_64/mempcpy-chk.S: Likewise. * sysdeps/x86_64/memset-chk.S: Likewise. * sysdeps/x86_64/strcpy-chk.S: Likewise. * sysdeps/x86_64/stpcpy-chk.S: Likewise. * argp/argp-xinl.c (__OPTIMIZE__): Define to 1 instead of nothing. * argp/argp-fs-xinl.c (__OPTIMIZE__): Likewise. * debug/tst-chk1.c: New test. * debug/tst-chk2.c: Likewise. * debug/tst-chk3.c: Likewise. * debug/test-strcpy_chk.c: Likewise. * debug/test-stpcpy_chk.c: Likewise. * debug/vsprintf_chk.c (__vsprintf_chk): If flags > 0, request _IO_FLAGS2_CHECK_PERCENT_N. Add libc_hidden_def. * debug/Makefile (routines): Add printf_chk, fprintf_chk, vprintf_chk, vfprintf_chk, gets_chk and readonly-area. (CFLAGS-*_chk.c): Set. (tests): Add tst-chk1, tst-chk2, tst-chk3, test-strcpy_chk and test-stpcpy_chk. * debug/vprintf_chk.c: New file. * debug/printf_chk.c: Likewise. * debug/vfprintf_chk.c: Likewise. * debug/fprintf_chk.c: Likewise. * debug/gets_chk.c: Likewise. * debug/chk_fail.c (__chk_fail): Add libc_hidden_def. * debug/snprintf_chk.c (__snprintf_chk): Fix order of arguments passed to __vsnprintf_chk. * debug/Versions (libc): Export __printf_chk, __fprintf_chk, __vprintf_chk, __vfprintf_chk and __gets_chk @GLIBC_2.3.4. * debug/vsnprintf_chk.c (__vsnprintf_chk): Don't call __vsnprintf, instead create a temporary file with _IO_strn_jumps jumptable. If flags > 0, request _IO_FLAGS2_CHECK_PERCENT_N. Add libc_hidden_def. * libio/Makefile (headers): Add bits/stdio2.h. * libio/stdio.h: Include if __USE_FORTIFY_LEVEL. (sprintf, snprintf, vsprintf, vsnprintf): Remove defines. * libio/strfile.h (_IO_strnfile): New type. (_IO_strn_jumps): New extern. * libio/vsnprintf.c (_IO_strnfile): Remove. (_IO_strn_jumps): Remove static. * libio/bits/stdio2.h: New file. * libio/vswprintf.c (_IO_strnfile): Rename type to... (_IO_wstrnfile): ...this. Adjust all uses. * libio/libio.h (_IO_FLAGS2_CHECK_PERCENT_N): Define. * stdio-common/vfprintf.c (STR_LEN): Define. (vfprintf): Add readonly_format variable. Handle _IO_FLAGS2_CHECK_PERCENT_N. (buffered_vfprintf): Copy _flags2. * include/stdio.h (__sprintf_chk, __snprintf_chk, __vsprintf_chk, __vsnprintf_chk, __printf_chk, __fprintf_chk, __vprintf_chk, __vfprintf_chk): New prototypes. (__vsprintf_chk, __vsnprintf_chk): Add libc_hidden_proto. * include/string.h (__memcpy_chk, __memmove_chk, __mempcpy_chk, __memset_chk, __strcpy_chk, __stpcpy_chk, __strncpy_chk, __strcat_chk, __strncat_chk): New prototypes. * include/bits/string3.h: New file. * include/sys/cdefs.h (__chk_fail): Add libc_hidden_proto and rtld_hidden_proto. * string/Makefile (headers): Add bits/string3.h. * string/bits/string3.h (bcopy, bzero): New defines. (memset, memcpy, memmove, strcpy, strncpy, strcat, strncat): Change macros so that inlines are used only if unknown destination size or side-effects in destination argument. (mempcpy, stpcpy): Likewise. Protect with #ifdef __USE_GNU. 2004-09-16 Ulrich Drepper * debug/Makefile (routines): Add *_chk. * debug/Versions (libc): Export __chk_fail, __memcpy_chk, __memmove_chk, __mempcpy_chk, __memset_chk, __stpcpy_chk, __strcat_chk, __strcpy_chk, __strncat_chk, __strncpy_chk, __sprintf_chk, __vsprintf_chk, __snprintf_chk, __vsnprintf_chk @GLIBC_2.3.4. * debug/chk_fail.c: New file. * debug/snprintf_chk.c: Likewise. * debug/sprintf_chk.c: Likewise. * debug/vsnprintf_chk.c: Likewise. * debug/vsprintf_chk.c: Likewise. * include/features.h (_FORTIFY_SOURCE): Document, handle. (__USE_FORTIFY_LEVEL): Define. (__GNUC_PREREQ): Move to earlier location. * include/sys/cdefs.h (__chk_fail): New prototype. * libio/bits/stdio.h (sprintf, vsprintf, snprintf, vsnprintf): Define if __USE_FORTIFY_LEVEL. * misc/sys/cdefs.h (__bos, __bos0): Define. * string/string.h: Include if __USE_FORTIFY_LEVEL. * bits/string/string3.h: New header. * sysdeps/generic/memcpy_chk.c: New file. * sysdeps/generic/memmove_chk.c: Likewise. * sysdeps/generic/mempcpy_chk.c: Likewise. * sysdeps/generic/memset_chk.c: Likewise. * sysdeps/generic/stpcpy_chk.c: Likewise. * sysdeps/generic/strcat_chk.c: Likewise. * sysdeps/generic/strcpy_chk.c: Likewise. * sysdeps/generic/strncat_chk.c: Likewise. * sysdeps/generic/strncpy_chk.c: Likewise. 2004-10-15 Jakub Jelinek * elf/dl-minimal.c (__chk_fail): New. Add rtld_hidden_def. * sysdeps/unix/sysv/linux/readonly-area.c: New file. * sysdeps/i386/i686/memmove.S (__memmove_chk): Add checking routine. * sysdeps/i386/i686/memcpy.S (__memcpy_chk): Likewise. * sysdeps/i386/i686/mempcpy.S (__mempcpy_chk): Likewise. * sysdeps/i386/i686/memset.S (__memset_chk): Likewise. * sysdeps/i386/i686/memmove-chk.S: New file. * sysdeps/i386/i686/memcpy-chk.S: Likewise. * sysdeps/i386/i686/mempcpy-chk.S: Likewise. * sysdeps/i386/i686/memset-chk.S: Likewise. * sysdeps/generic/strcat-chk.c (__strcat_chk): Don't __chk_fail if exactly fitting into buffer. * sysdeps/generic/strncat-chk.c (__strncat_chk): Likewise. * sysdeps/generic/readonly-area.c: New file. * sysdeps/generic/strncpy-chk.c (__strncpy_chk): Only test destlen once. * sysdeps/x86_64/memset.S (__memset_chk): Add checking routine. * sysdeps/x86_64/memcpy.S (__memcpy_chk): Likewise. * sysdeps/x86_64/mempcpy.S (__memcpy_chk): Define to __mempcpy_chk. * sysdeps/x86_64/memcpy-chk.S: New file. * sysdeps/x86_64/mempcpy-chk.S: Likewise. * sysdeps/x86_64/memset-chk.S: Likewise. * sysdeps/x86_64/strcpy-chk.S: Likewise. * sysdeps/x86_64/stpcpy-chk.S: Likewise. * argp/argp-xinl.c (__OPTIMIZE__): Define to 1 instead of nothing. * argp/argp-fs-xinl.c (__OPTIMIZE__): Likewise. * debug/tst-chk1.c: New test. * debug/tst-chk2.c: Likewise. * debug/tst-chk3.c: Likewise. * debug/test-strcpy_chk.c: Likewise. * debug/test-stpcpy_chk.c: Likewise. * debug/vsprintf_chk.c (__vsprintf_chk): If flags > 0, request _IO_FLAGS2_CHECK_PERCENT_N. Add libc_hidden_def. * debug/Makefile (routines): Add printf_chk, fprintf_chk, vprintf_chk, vfprintf_chk, gets_chk and readonly-area. (CFLAGS-*_chk.c): Set. (tests): Add tst-chk1, tst-chk2, tst-chk3, test-strcpy_chk and test-stpcpy_chk. * debug/vprintf_chk.c: New file. * debug/printf_chk.c: Likewise. * debug/vfprintf_chk.c: Likewise. * debug/fprintf_chk.c: Likewise. * debug/gets_chk.c: Likewise. * debug/chk_fail.c (__chk_fail): Add libc_hidden_def. * debug/snprintf_chk.c (__snprintf_chk): Fix order of arguments passed to __vsnprintf_chk. * debug/Versions (libc): Export __printf_chk, __fprintf_chk, __vprintf_chk, __vfprintf_chk and __gets_chk @GLIBC_2.3.4. * debug/vsnprintf_chk.c (__vsnprintf_chk): Don't call __vsnprintf, instead create a temporary file with _IO_strn_jumps jumptable. If flags > 0, request _IO_FLAGS2_CHECK_PERCENT_N. Add libc_hidden_def. * libio/Makefile (headers): Add bits/stdio2.h. * libio/stdio.h: Include if __USE_FORTIFY_LEVEL. (sprintf, snprintf, vsprintf, vsnprintf): Remove defines. * libio/strfile.h (_IO_strnfile): New type. (_IO_strn_jumps): New extern. * libio/vsnprintf.c (_IO_strnfile): Remove. (_IO_strn_jumps): Remove static. * libio/bits/stdio2.h: New file. * libio/vswprintf.c (_IO_strnfile): Rename type to... (_IO_wstrnfile): ...this. Adjust all uses. * libio/libio.h (_IO_FLAGS2_CHECK_PERCENT_N): Define. * stdio-common/vfprintf.c (STR_LEN): Define. (vfprintf): Add readonly_format variable. Handle _IO_FLAGS2_CHECK_PERCENT_N. (buffered_vfprintf): Copy _flags2. * include/stdio.h (__sprintf_chk, __snprintf_chk, __vsprintf_chk, __vsnprintf_chk, __printf_chk, __fprintf_chk, __vprintf_chk, __vfprintf_chk): New prototypes. (__vsprintf_chk, __vsnprintf_chk): Add libc_hidden_proto. * include/string.h (__memcpy_chk, __memmove_chk, __mempcpy_chk, __memset_chk, __strcpy_chk, __stpcpy_chk, __strncpy_chk, __strcat_chk, __strncat_chk): New prototypes. * include/bits/string3.h: New file. * include/sys/cdefs.h (__chk_fail): Add libc_hidden_proto and rtld_hidden_proto. * string/Makefile (headers): Add bits/string3.h. * string/bits/string3.h (bcopy, bzero): New defines. (memset, memcpy, memmove, strcpy, strncpy, strcat, strncat): Change macros so that inlines are used only if unknown destination size or side-effects in destination argument. (mempcpy, stpcpy): Likewise. Protect with #ifdef __USE_GNU. 2004-09-16 Ulrich Drepper * debug/Makefile (routines): Add *_chk. * debug/Versions (libc): Export __chk_fail, __memcpy_chk, __memmove_chk, __mempcpy_chk, __memset_chk, __stpcpy_chk, __strcat_chk, __strcpy_chk, __strncat_chk, __strncpy_chk, __sprintf_chk, __vsprintf_chk, __snprintf_chk, __vsnprintf_chk @GLIBC_2.3.4. * debug/chk_fail.c: New file. * debug/snprintf_chk.c: Likewise. * debug/sprintf_chk.c: Likewise. * debug/vsnprintf_chk.c: Likewise. * debug/vsprintf_chk.c: Likewise. * include/features.h (_FORTIFY_SOURCE): Document, handle. (__USE_FORTIFY_LEVEL): Define. (__GNUC_PREREQ): Move to earlier location. * include/sys/cdefs.h (__chk_fail): New prototype. * libio/bits/stdio.h (sprintf, vsprintf, snprintf, vsnprintf): Define if __USE_FORTIFY_LEVEL. * misc/sys/cdefs.h (__bos, __bos0): Define. * string/string.h: Include if __USE_FORTIFY_LEVEL. * bits/string/string3.h: New header. * sysdeps/generic/memcpy_chk.c: New file. * sysdeps/generic/memmove_chk.c: Likewise. * sysdeps/generic/mempcpy_chk.c: Likewise. * sysdeps/generic/memset_chk.c: Likewise. * sysdeps/generic/stpcpy_chk.c: Likewise. * sysdeps/generic/strcat_chk.c: Likewise. * sysdeps/generic/strcpy_chk.c: Likewise. * sysdeps/generic/strncat_chk.c: Likewise. * sysdeps/generic/strncpy_chk.c: Likewise. --- include/bits/string3.h | 1 + include/features.h | 40 ++++++++++++++++++++++++++-------------- include/stdio.h | 14 ++++++++++++++ include/string.h | 28 +++++++++++++++++++++++++++- include/sys/cdefs.h | 8 ++++++++ 5 files changed, 76 insertions(+), 15 deletions(-) create mode 100644 include/bits/string3.h (limited to 'include') diff --git a/include/bits/string3.h b/include/bits/string3.h new file mode 100644 index 0000000000..1ddd981a90 --- /dev/null +++ b/include/bits/string3.h @@ -0,0 +1 @@ +#include diff --git a/include/features.h b/include/features.h index 59ae3c4d13..8b03e165f9 100644 --- a/include/features.h +++ b/include/features.h @@ -41,6 +41,8 @@ _GNU_SOURCE All of the above, plus GNU extensions. _REENTRANT Select additionally reentrant object. _THREAD_SAFE Same as _REENTRANT, often used by other systems. + _FORTIFY_SOURCE If set to numeric value > 0 additional security + measures are defined, according to level. The `-ansi' switch to the GNU C compiler defines __STRICT_ANSI__. If none of these are defined, the default is to have _SVID_SOURCE, @@ -69,6 +71,7 @@ __USE_MISC Define things common to BSD and System V Unix. __USE_GNU Define GNU extensions. __USE_REENTRANT Define reentrant/thread-safe *_r functions. + __USE_FORTIFY_LEVEL Additional security measures used, according to level. __FAVOR_BSD Favor 4.3BSD things in cases of conflict. The macros `__GNU_LIBRARY__', `__GLIBC__', and `__GLIBC_MINOR__' are @@ -101,6 +104,7 @@ #undef __USE_MISC #undef __USE_GNU #undef __USE_REENTRANT +#undef __USE_FORTIFY_LEVEL #undef __FAVOR_BSD #undef __KERNEL_STRICT_NAMES @@ -113,6 +117,20 @@ /* Always use ISO C things. */ #define __USE_ANSI 1 +/* Convenience macros to test the versions of glibc and gcc. + Use them like this: + #if __GNUC_PREREQ (2,8) + ... code requiring gcc 2.8 or later ... + #endif + Note - they won't work for gcc1 or glibc1, since the _MINOR macros + were not defined then. */ +#if defined __GNUC__ && defined __GNUC_MINOR__ +# define __GNUC_PREREQ(maj, min) \ + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) +#else +# define __GNUC_PREREQ(maj, min) 0 +#endif + /* If _BSD_SOURCE was defined by the user, favor BSD over POSIX. */ #if defined _BSD_SOURCE && \ @@ -244,6 +262,14 @@ # define __USE_REENTRANT 1 #endif +#if _FORTIFY_SOURCE > 0 && __GNUC_PREREQ (4, 1) && __OPTIMIZE__ > 0 +# if _FORTIFY_SOURCE == 1 +# define __USE_FORTIFY_LEVEL 1 +# elif _FORTIFY_SOURCE > 1 +# define __USE_FORTIFY_LEVEL 2 +# endif +#endif + /* We do support the IEC 559 math functionality, real and complex. */ #define __STDC_IEC_559__ 1 #define __STDC_IEC_559_COMPLEX__ 1 @@ -265,20 +291,6 @@ #define __GLIBC__ 2 #define __GLIBC_MINOR__ 3 -/* Convenience macros to test the versions of glibc and gcc. - Use them like this: - #if __GNUC_PREREQ (2,8) - ... code requiring gcc 2.8 or later ... - #endif - Note - they won't work for gcc1 or glibc1, since the _MINOR macros - were not defined then. */ -#if defined __GNUC__ && defined __GNUC_MINOR__ -# define __GNUC_PREREQ(maj, min) \ - ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) -#else -# define __GNUC_PREREQ(maj, min) 0 -#endif - #define __GLIBC_PREREQ(maj, min) \ ((__GLIBC__ << 16) + __GLIBC_MINOR__ >= ((maj) << 16) + (min)) diff --git a/include/stdio.h b/include/stdio.h index b871abc15e..05a91b4cb3 100644 --- a/include/stdio.h +++ b/include/stdio.h @@ -27,6 +27,18 @@ extern int __vsscanf (__const char *__restrict __s, _G_va_list __arg) __attribute__ ((__format__ (__scanf__, 2, 0))); +extern int __sprintf_chk (char *, int, size_t, const char *, ...) __THROW; +extern int __snprintf_chk (char *, size_t, int, size_t, const char *, ...) + __THROW; +extern int __vsprintf_chk (char *, int, size_t, const char *, + _G_va_list) __THROW; +extern int __vsnprintf_chk (char *, size_t, int, size_t, const char *, + _G_va_list) __THROW; +extern int __printf_chk (int, const char *, ...); +extern int __fprintf_chk (FILE *, int, const char *, ...); +extern int __vprintf_chk (int, const char *, _G_va_list); +extern int __vfprintf_chk (FILE *, int, const char *, _G_va_list); + /* Prototypes for compatibility functions. */ extern FILE *__new_tmpfile (void); extern FILE *__old_tmpfile (void); @@ -109,6 +121,8 @@ libc_hidden_proto (fgets_unlocked) libc_hidden_proto (fputs_unlocked) libc_hidden_proto (open_memstream) libc_hidden_proto (__libc_fatal) +libc_hidden_proto (__vsprintf_chk) +libc_hidden_proto (__vsnprintf_chk) # if !defined NOT_IN_libc && defined SHARED && defined DO_VERSIONING \ && defined HAVE_VISIBILITY_ATTRIBUTE && !defined HAVE_BROKEN_ALIAS_ATTRIBUTE\ diff --git a/include/string.h b/include/string.h index afc6adfbda..738dd8e27c 100644 --- a/include/string.h +++ b/include/string.h @@ -3,7 +3,7 @@ #include extern void *__memccpy (void *__dest, __const void *__src, - int __c, size_t __n); + int __c, size_t __n); extern size_t __strnlen (__const char *__string, size_t __maxlen) __attribute_pure__; @@ -114,4 +114,30 @@ libc_hidden_builtin_proto (ffs) # endif # endif +extern void *__memcpy_chk (void *__restrict __dest, + const void *__restrict __src, size_t __len, + size_t __destlen) __THROW; +extern void *__memmove_chk (void *__dest, const void *__src, size_t __len, + size_t __destlen) __THROW; +extern void *__mempcpy_chk (void *__restrict __dest, + const void *__restrict __src, size_t __len, + size_t __destlen) __THROW; +extern void *__memset_chk (void *__dest, int __ch, size_t __len, + size_t __destlen) __THROW; +extern char *__strcpy_chk (char *__restrict __dest, + const char *__restrict __src, + size_t __destlen) __THROW; +extern char *__stpcpy_chk (char *__restrict __dest, + const char *__restrict __src, + size_t __destlen) __THROW; +extern char *__strncpy_chk (char *__restrict __dest, + const char *__restrict __src, + size_t __len, size_t __destlen) __THROW; +extern char *__strcat_chk (char *__restrict __dest, + const char *__restrict __src, + size_t __destlen) __THROW; +extern char *__strncat_chk (char *__restrict __dest, + const char *__restrict __src, + size_t __len, size_t __destlen) __THROW; + #endif diff --git a/include/sys/cdefs.h b/include/sys/cdefs.h index 200abb4f02..8ba980477d 100644 --- a/include/sys/cdefs.h +++ b/include/sys/cdefs.h @@ -1 +1,9 @@ +#ifndef _SYS_CDEFS_H + #include + +extern void __chk_fail (void) __attribute__ ((__noreturn__)); +libc_hidden_proto (__chk_fail) +rtld_hidden_proto (__chk_fail) + +#endif -- cgit v1.2.3-70-g09d2