diff options
-rw-r--r-- | ChangeLog | 18 | ||||
-rw-r--r-- | debug/Depend | 1 | ||||
-rw-r--r-- | debug/Makefile | 3 | ||||
-rw-r--r-- | debug/Versions | 1 | ||||
-rw-r--r-- | debug/ptsname_r_chk.c | 29 | ||||
-rw-r--r-- | debug/realpath_chk.c | 60 | ||||
-rw-r--r-- | debug/tst-chk1.c | 65 | ||||
-rw-r--r-- | debug/wctomb_chk.c | 36 | ||||
-rw-r--r-- | include/bits/stdlib.h | 1 | ||||
-rw-r--r-- | stdlib/Makefile | 2 | ||||
-rw-r--r-- | stdlib/bits/stdlib.h | 75 | ||||
-rw-r--r-- | stdlib/stdlib.h | 6 |
12 files changed, 295 insertions, 2 deletions
@@ -1,3 +1,21 @@ +2005-07-12 Ulrich Drepper <drepper@redhat.com> + + * stdlib/bits/stdlib.h: New file. + * stdlib/stdlib.h: Include <bits/stdlib.h> if fortification is + requested. + * Makefile (headers): Add bits/stdlib.h. + * include/bits/stdlib.h: New file. + * debug/Depend: New file. + * debug/ptsname_r_chk.c: New file. + * debug/realpath_chk.c: New file. + * debug/wctomb_chk.c: New file. + * debug/Makefile (routines): Add ptsname_r_chk, realpath_chk, and + wctomb_chk. + * debug/Versions: Export __ptsname_r_chk, __realpath_chk, and + __wctomb_chk. + * debug/tst-chk1.c: Add tests for __ptsname_r_chk, __realpath_chk, and + __wctomb_chk. + 2005-07-12 Jakub Jelinek <jakub@redhat.com> * sysdeps/unix/sysv/linux/ia64/has_cpuclock.c: Include not-cancel.h. diff --git a/debug/Depend b/debug/Depend new file mode 100644 index 0000000..f3e1156 --- /dev/null +++ b/debug/Depend @@ -0,0 +1 @@ +localedata diff --git a/debug/Makefile b/debug/Makefile index 6ec08dc..51a9c9d 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -31,7 +31,8 @@ routines = backtrace backtracesyms backtracesymsfd noophooks \ printf_chk fprintf_chk vprintf_chk vfprintf_chk \ gets_chk chk_fail readonly-area fgets_chk fgets_u_chk \ read_chk pread_chk pread64_chk recv_chk recvfrom_chk \ - readlink_chk getwd_chk getcwd_chk stack_chk_fail \ + readlink_chk getwd_chk getcwd_chk realpath_chk ptsname_r_chk \ + wctomb_chk stack_chk_fail \ $(static-only-routines) static-only-routines := warning-nop stack_chk_fail_local diff --git a/debug/Versions b/debug/Versions index 051f4df..53fe6c0 100644 --- a/debug/Versions +++ b/debug/Versions @@ -23,6 +23,7 @@ libc { __read_chk; __pread_chk; __pread64_chk; __readlink_chk; __getcwd_chk; __getwd_chk; __recv_chk; __recvfrom_chk; + __realpath_chk; __ptsname_r_chk; __wctomb_chk; __stack_chk_fail; } diff --git a/debug/ptsname_r_chk.c b/debug/ptsname_r_chk.c new file mode 100644 index 0000000..5f03592 --- /dev/null +++ b/debug/ptsname_r_chk.c @@ -0,0 +1,29 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include <stdlib.h> + + +int +__ptsname_r_chk (int fd, char *buf, size_t buflen, size_t nreal) +{ + if (buflen > nreal) + __chk_fail (); + + return __ptsname_r (fd, buf, buflen); +} diff --git a/debug/realpath_chk.c b/debug/realpath_chk.c new file mode 100644 index 0000000..961aea0 --- /dev/null +++ b/debug/realpath_chk.c @@ -0,0 +1,60 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include <limits.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + + +char * +__realpath_chk (const char *buf, char *resolved, size_t resolvedlen) +{ +#ifdef PATH_MAX + if (resolvedlen < PATH_MAX) + __chk_fail (); + + return __realpath (buf, resolved); +#else + long int pathmax =__pathconf (buf, _PC_PATH_MAX); + if (pathmax != -1) + { + /* We do have a fixed limit. */ + if (resolvedlen < pathmax) + __chk_fail (); + + return __realpath (buf, resolved); + } + + /* Since there is no fixed limit we check whether the size is large + enough. */ + char *res = __realpath (buf, NULL); + if (res != NULL) + { + size_t actlen = strlen (res) + 1; + if (actlen > resolvedlen) + __chk_fail (); + + memcpy (resolved, res, actlen); + free (res); + res = resolved; + } + + return res; +#endif +} diff --git a/debug/tst-chk1.c b/debug/tst-chk1.c index 6389d11..ba50973 100644 --- a/debug/tst-chk1.c +++ b/debug/tst-chk1.c @@ -18,6 +18,7 @@ 02111-1307 USA. */ #include <fcntl.h> +#include <locale.h> #include <paths.h> #include <setjmp.h> #include <signal.h> @@ -791,5 +792,69 @@ do_test (void) if (rmdir (fname) != 0) FAIL (); + +#if PATH_MAX > 0 + char largebuf[PATH_MAX]; + char *realres = realpath (".", largebuf); +#endif +#if __USE_FORTIFY_LEVEL >= 1 + CHK_FAIL_START + char realbuf[1]; + realres = realpath (".", realbuf); + CHK_FAIL_END +#endif + + if (setlocale (LC_ALL, "de_DE.UTF-8") != NULL) + { + /* First a simple test. */ + char enough[MB_CUR_MAX]; + if (wctomb (enough, L'A') != 1) + { + puts ("first wctomb test failed"); + ret = 1; + } + +#if __USE_FORTIFY_LEVEL >= 1 + /* We know the wchar_t encoding is ISO 10646. So pick a + character which has a multibyte representation which does not + fit. */ + CHK_FAIL_START + char smallbuf[2]; + if (wctomb (smallbuf, L'\x100') != 2) + { + puts ("second wctomb test failed"); + ret = 1; + } + CHK_FAIL_END +#endif + } + else + { + puts ("cannot set locale"); + ret = 1; + } + + fd = posix_openpt (O_RDWR); + if (fd != -1) + { + char enough[1000]; + if (ptsname_r (fd, enough, sizeof (enough)) != 0) + { + puts ("first ptsname_r failed"); + ret = 1; + } + +#if __USE_FORTIFY_LEVEL >= 1 + CHK_FAIL_START + char smallbuf[2]; + if (ptsname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0) + { + puts ("second ptsname_r somehow suceeded"); + ret = 1; + } + CHK_FAIL_END +#endif + } + return ret; } diff --git a/debug/wctomb_chk.c b/debug/wctomb_chk.c new file mode 100644 index 0000000..d036634 --- /dev/null +++ b/debug/wctomb_chk.c @@ -0,0 +1,36 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include <locale.h> +#include <stdlib.h> +#include <wcsmbs/wcsmbsload.h> + + +extern mbstate_t __no_r_state attribute_hidden; /* Defined in mbtowc.c. */ + + +int +__wctomb_chk (char *s, wchar_t wchar, size_t buflen) +{ + /* We do not have to implement the full wctomb semantics since we + know that S cannot be NULL when we come here. */ + if (buflen < MB_CUR_MAX) + __chk_fail (); + + return __wcrtomb (s, wchar, &__no_r_state); +} diff --git a/include/bits/stdlib.h b/include/bits/stdlib.h new file mode 100644 index 0000000..8541e27 --- /dev/null +++ b/include/bits/stdlib.h @@ -0,0 +1 @@ +#include <stdlib/bits/stdlib.h> diff --git a/stdlib/Makefile b/stdlib/Makefile index fafe606..8416631 100644 --- a/stdlib/Makefile +++ b/stdlib/Makefile @@ -23,7 +23,7 @@ subdir := stdlib headers := stdlib.h alloca.h monetary.h fmtmsg.h ucontext.h sys/ucontext.h \ inttypes.h stdint.h bits/wordsize.h bits/wchar.h \ - errno.h sys/errno.h bits/errno.h + errno.h sys/errno.h bits/errno.h bits/stdlib.h routines := \ atof atoi atol atoll \ diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h new file mode 100644 index 0000000..e8286b0 --- /dev/null +++ b/stdlib/bits/stdlib.h @@ -0,0 +1,75 @@ +/* Checking macros for stdlib functions. + Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#ifndef _STDLIB_H +# error "Never include <bits/stdlib.h> directly; use <stdlib.h> instead." +#endif + +extern char *__realpath_chk (__const char *__restrict __name, + char *__restrict __resolved, + size_t __resolvedlen) __THROW __wur; +extern char *__REDIRECT (__realpath_alias, (__const char *__restrict __name, + char *__restrict __resolved), + realpath) __THROW __wur; + +extern __always_inline __wur char * +realpath (const char *__name, char *__resolved) +{ + if (__bos (__resolved) != (size_t) -1) + return __realpath_chk (__name, __resolved, __bos (__resolved)); + + return __realpath_alias (__name, __resolved); +} + + +extern int __ptsname_r_chk (int __fd, char *__buf, size_t __buflen, + size_t __nreal) __THROW __nonnull ((2)); +extern int __REDIRECT (__ptsname_r_alias, (int __fd, char *__buf, + size_t __buflen), ptsname_r) + __THROW __nonnull ((2)); + +extern __always_inline int +ptsname_r (int __fd, char *__buf, size_t __buflen) +{ + if (__bos (__buf) != (size_t) -1 + && (!__builtin_constant_p (__buflen) || __buflen > __bos (__buf))) + return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf)); + return __ptsname_r_alias (__fd, __buf, __buflen); +} + + +extern int __wctomb_chk (char *__s, wchar_t __wchar, size_t __buflen) + __THROW __wur; +extern int __REDIRECT (__wctomb_alias, (char *__s, wchar_t __wchar), wctomb) + __THROW __wur; + +extern __always_inline __wur int +wctomb (char *__s, wchar_t __wchar) +{ + /* We would have to include <limits.h> to get a definition of MB_LEN_MAX. + But this would only disturb the namespace. So we define our own + version here. */ +#define __STDLIB_MB_LEN_MAX 16 +#if defined MB_LEN_MAX && MB_LEN_MAX != __STDLIB_MB_LEN_MAX +# error "Assumed value of MB_LEN_MAX wrong" +#endif + if (__bos (__s) != (size_t) -1 && __STDLIB_MB_LEN_MAX > __bos (__s)) + return __wctomb_chk (__s, __wchar, __bos (__s)); + return __wctomb_alias (__s, __wchar); +} diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h index 4a1571e..9e75e71 100644 --- a/stdlib/stdlib.h +++ b/stdlib/stdlib.h @@ -961,6 +961,12 @@ extern int getloadavg (double __loadavg[], int __nelem) __THROW __nonnull ((1)); #endif + +/* Define some macros helping to catch buffer overflows. */ +#if __USE_FORTIFY_LEVEL > 0 && !defined __cplusplus +# include <bits/stdlib.h> +#endif + #endif /* don't just need malloc and calloc */ #undef __need_malloc_and_calloc |