include: ssp: round out fortification of current set of headers - src

diff options


context:
space:
mode:

author	Kyle Evans <kevans@FreeBSD.org>	2024-07-13 05:16:10 +0000
committer	Kyle Evans <kevans@FreeBSD.org>	2024-07-13 05:16:24 +0000
commit	cf8e5289a110954600f135024d1515a77d0ae34d (patch)
tree	d5f4c089b01d4e3b089c0e294c453227766e05a7 /include/ssp
parent	c10d567ea022de8705fb23f8563c4726f2d09ca0 (diff)

Diffstat (limited to 'include/ssp')

-rw-r--r--

include/ssp/ssp.h

-rw-r--r--

include/ssp/stdio.h

-rw-r--r--

include/ssp/string.h

-rw-r--r--

include/ssp/strings.h

-rw-r--r--

include/ssp/unistd.h

5 files changed, 89 insertions, 8 deletions

diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h
index de109da4959e..6ebc23288391 100644
--- a/include/ssp/ssp.h
+++ b/include/ssp/ssp.h

@@ -67,21 +67,25 @@

#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)

#define __ssp_check(buf, len, bos) \

- if (bos(buf) != (size_t)-1 && len > bos(buf)) \

+ if (bos(buf) != (size_t)-1 && (size_t)len > bos(buf)) \

__chk_fail()

-#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \

+#define __ssp_redirect_raw_impl(rtype, fun, symbol, args) \

rtype __ssp_real_(fun) args __RENAME(symbol); \

__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \

-__ssp_inline rtype fun args { \

+__ssp_inline rtype fun args

+#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos, len) \

+__ssp_redirect_raw_impl(rtype, fun, symbol, args) { \

if (cond) \

- __ssp_check(__buf, __len, bos); \

+ __ssp_check(__buf, len, bos); \

return __ssp_real_(fun) call; \

}

#define __ssp_redirect(rtype, fun, args, call) \

- __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos)

+ __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos, __len)

#define __ssp_redirect0(rtype, fun, args, call) \

- __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)

+ __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0, __len)

#include <machine/_stdint.h>

diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h
index 4bca1de7d4f9..f7a390f315a4 100644
--- a/include/ssp/stdio.h
+++ b/include/ssp/stdio.h

@@ -37,6 +37,24 @@

#include <ssp/ssp.h>

__BEGIN_DECLS

+#if __SSP_FORTIFY_LEVEL > 0

+#if __POSIX_VISIBLE

+__ssp_redirect_raw(char *, ctermid, ctermid, (char *__buf), (__buf),

+ __buf != NULL, __ssp_bos, L_ctermid);

+#if __BSD_VISIBLE

+__ssp_redirect_raw(char *, ctermid_r, ctermid_r, (char *__buf), (__buf),

+ __buf != NULL, __ssp_bos, L_ctermid);

+#endif /* __BSD_VISIBLE */

+#endif /* __POSIX_VISIBLE */

+__ssp_redirect(size_t, fread, (void *__restrict __buf, size_t __len,

+ size_t __nmemb, FILE *__restrict __fp), (__buf, __len, __nmemb, __fp));

+__ssp_redirect(size_t, fread_unlocked, (void *__restrict __buf, size_t __len,

+ size_t __nmemb, FILE *__restrict __fp), (__buf, __len, __nmemb, __fp));

+__ssp_redirect(char *, gets_s, (char *__buf, rsize_t __len), (__buf, __len));

+__ssp_redirect_raw(char *, tmpnam, tmpnam, (char *__buf), (__buf), 1,

+ __ssp_bos, L_tmpnam);

+#endif

int __sprintf_chk(char *__restrict, int, size_t, const char *__restrict, ...)

__printflike(4, 5);

int __vsprintf_chk(char *__restrict, int, size_t, const char *__restrict,

diff --git a/include/ssp/string.h b/include/ssp/string.h
index ceb4ba2a2174..b9f2dceb1df5 100644
--- a/include/ssp/string.h
+++ b/include/ssp/string.h

@@ -45,7 +45,9 @@ char *__stpncpy_chk(char *, const char *, size_t, size_t);

char *__strcat_chk(char *, const char *, size_t);

char *__strcpy_chk(char *, const char *, size_t);

char *__strncat_chk(char *, const char *, size_t, size_t);

+size_t __strlcat_chk(char *, const char *, size_t, size_t);

char *__strncpy_chk(char *, const char *, size_t, size_t);

+size_t __strlcpy_chk(char *, const char *, size_t, size_t);

__END_DECLS

#if __SSP_FORTIFY_LEVEL > 0

@@ -110,8 +112,24 @@ __ssp_bos_icheck2_restrict(stpcpy, char *, const char *)

__ssp_bos_icheck3_restrict(stpncpy, char *, const char *)

__ssp_bos_icheck2_restrict(strcpy, char *, const char *)

__ssp_bos_icheck2_restrict(strcat, char *, const char *)

+__ssp_redirect0(int, strerror_r, (int __errnum, char *__buf, size_t __len),

+ (__errnum, __buf, __len));

__ssp_bos_icheck3_restrict(strncpy, char *, const char *)

__ssp_bos_icheck3_restrict(strncat, char *, const char *)

+__ssp_redirect_raw_impl(void *, mempcpy, mempcpy,

+ (void *__restrict buf, const void *__restrict src, size_t len))

+ const size_t slen = __ssp_bos(buf);

+ if (len > slen)

+ __chk_fail();

+ if (__ssp_overlap(src, buf, len))

+ __chk_fail();

+ return (__ssp_real(mempcpy)(buf, src, len));

__END_DECLS

#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)

@@ -122,7 +140,11 @@ __END_DECLS

#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len)

#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src)

#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src)

+#define strlcpy(dst, src, dstlen) \

+ __strlcpy_chk(dst, src, dstlen, __ssp_bos(dst))

#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len)

+#define strlcat(dst, src, dstlen) \

+ __strlcat_chk(dst, src, dstlen, __ssp_bos(dst))

#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len)

#endif /* __SSP_FORTIFY_LEVEL > 0 */

diff --git a/include/ssp/strings.h b/include/ssp/strings.h
index 51b11a14ee87..79b70eba1c5c 100644
--- a/include/ssp/strings.h
+++ b/include/ssp/strings.h

@@ -63,5 +63,10 @@

#define bzero(dst, len) _ssp_bzero(__ssp_var(dstv), dst, __ssp_var(lenv), len)

+__BEGIN_DECLS

+__ssp_redirect(void, explicit_bzero, (void *__buf, size_t __len),

+ (__buf, __len));

+__END_DECLS

#endif /* __SSP_FORTIFY_LEVEL > 0 */

#endif /* _SSP_STRINGS_H_ */

diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h
index bcd3664116cc..7e9d72343dde 100644
--- a/include/ssp/unistd.h
+++ b/include/ssp/unistd.h

@@ -43,14 +43,46 @@ __BEGIN_DECLS

#define _FORTIFY_SOURCE_read read

#endif

-__ssp_redirect0(ssize_t, _FORTIFY_SOURCE_read, (int __fd, void *__buf,

+__ssp_inline size_t

+__ssp_gid_bos(const void *ptr)

+ size_t ptrsize = __ssp_bos(ptr);

+ if (ptrsize == (size_t)-1)

+ return (ptrsize);

+ return (ptrsize / sizeof(gid_t));

+__ssp_redirect_raw(int, getgrouplist, getgrouplist,

+ (const char *__name, gid_t __base, gid_t *__buf, int *__lenp),

+ (__name, __base, __buf, __lenp), 1, __ssp_gid_bos, *__lenp);

+__ssp_redirect_raw(int, getgroups, getgroups, (int __len, gid_t *__buf),

+ (__len, __buf), 1, __ssp_gid_bos, __len);

+__ssp_redirect(int, getloginclass, (char *__buf, size_t __len),

+ (__buf, __len));

+__ssp_redirect(ssize_t, _FORTIFY_SOURCE_read, (int __fd, void *__buf,

size_t __len), (__fd, __buf, __len));

+__ssp_redirect(ssize_t, pread, (int __fd, void *__buf, size_t __len,

+ off_t __offset), (__fd, __buf, __len, __offset));

__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \

char *__restrict __buf, size_t __len), (__path, __buf, __len));

+__ssp_redirect(ssize_t, readlinkat, (int __fd, const char *__restrict __path,

+ char *__restrict __buf, size_t __len), (__fd, __path, __buf, __len));

__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len),

- (__buf, __len), __buf != 0, __ssp_bos);

+ (__buf, __len), __buf != 0, __ssp_bos, __len);

+__ssp_redirect(int, getdomainname, (char *__buf, int __len), (__buf, __len));

+__ssp_redirect(int, getentropy, (void *__buf, size_t __len), (__buf, __len));

+__ssp_redirect(int, gethostname, (char *__buf, size_t __len), (__buf, __len));

+__ssp_redirect(int, getlogin_r, (char *__buf, size_t __len), (__buf, __len));

+__ssp_redirect(int, ttyname_r, (int __fd, char *__buf, size_t __len),

+ (__fd, __buf, __len));

__END_DECLS