aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog18
-rw-r--r--debug/Depend1
-rw-r--r--debug/Makefile3
-rw-r--r--debug/Versions1
-rw-r--r--debug/ptsname_r_chk.c29
-rw-r--r--debug/realpath_chk.c60
-rw-r--r--debug/tst-chk1.c65
-rw-r--r--debug/wctomb_chk.c36
-rw-r--r--include/bits/stdlib.h1
-rw-r--r--stdlib/Makefile2
-rw-r--r--stdlib/bits/stdlib.h75
-rw-r--r--stdlib/stdlib.h6
12 files changed, 295 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 069b140..4512343 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2005-07-12 Ulrich Drepper <drepper@redhat.com>
+
+ * stdlib/bits/stdlib.h: New file.
+ * stdlib/stdlib.h: Include <bits/stdlib.h> if fortification is
+ requested.
+ * Makefile (headers): Add bits/stdlib.h.
+ * include/bits/stdlib.h: New file.
+ * debug/Depend: New file.
+ * debug/ptsname_r_chk.c: New file.
+ * debug/realpath_chk.c: New file.
+ * debug/wctomb_chk.c: New file.
+ * debug/Makefile (routines): Add ptsname_r_chk, realpath_chk, and
+ wctomb_chk.
+ * debug/Versions: Export __ptsname_r_chk, __realpath_chk, and
+ __wctomb_chk.
+ * debug/tst-chk1.c: Add tests for __ptsname_r_chk, __realpath_chk, and
+ __wctomb_chk.
+
2005-07-12 Jakub Jelinek <jakub@redhat.com>
* sysdeps/unix/sysv/linux/ia64/has_cpuclock.c: Include not-cancel.h.
diff --git a/debug/Depend b/debug/Depend
new file mode 100644
index 0000000..f3e1156
--- /dev/null
+++ b/debug/Depend
@@ -0,0 +1 @@
+localedata
diff --git a/debug/Makefile b/debug/Makefile
index 6ec08dc..51a9c9d 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -31,7 +31,8 @@ routines = backtrace backtracesyms backtracesymsfd noophooks \
printf_chk fprintf_chk vprintf_chk vfprintf_chk \
gets_chk chk_fail readonly-area fgets_chk fgets_u_chk \
read_chk pread_chk pread64_chk recv_chk recvfrom_chk \
- readlink_chk getwd_chk getcwd_chk stack_chk_fail \
+ readlink_chk getwd_chk getcwd_chk realpath_chk ptsname_r_chk \
+ wctomb_chk stack_chk_fail \
$(static-only-routines)
static-only-routines := warning-nop stack_chk_fail_local
diff --git a/debug/Versions b/debug/Versions
index 051f4df..53fe6c0 100644
--- a/debug/Versions
+++ b/debug/Versions
@@ -23,6 +23,7 @@ libc {
__read_chk; __pread_chk; __pread64_chk;
__readlink_chk; __getcwd_chk; __getwd_chk;
__recv_chk; __recvfrom_chk;
+ __realpath_chk; __ptsname_r_chk; __wctomb_chk;
__stack_chk_fail;
}
diff --git a/debug/ptsname_r_chk.c b/debug/ptsname_r_chk.c
new file mode 100644
index 0000000..5f03592
--- /dev/null
+++ b/debug/ptsname_r_chk.c
@@ -0,0 +1,29 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <stdlib.h>
+
+
+int
+__ptsname_r_chk (int fd, char *buf, size_t buflen, size_t nreal)
+{
+ if (buflen > nreal)
+ __chk_fail ();
+
+ return __ptsname_r (fd, buf, buflen);
+}
diff --git a/debug/realpath_chk.c b/debug/realpath_chk.c
new file mode 100644
index 0000000..961aea0
--- /dev/null
+++ b/debug/realpath_chk.c
@@ -0,0 +1,60 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+
+char *
+__realpath_chk (const char *buf, char *resolved, size_t resolvedlen)
+{
+#ifdef PATH_MAX
+ if (resolvedlen < PATH_MAX)
+ __chk_fail ();
+
+ return __realpath (buf, resolved);
+#else
+ long int pathmax =__pathconf (buf, _PC_PATH_MAX);
+ if (pathmax != -1)
+ {
+ /* We do have a fixed limit. */
+ if (resolvedlen < pathmax)
+ __chk_fail ();
+
+ return __realpath (buf, resolved);
+ }
+
+ /* Since there is no fixed limit we check whether the size is large
+ enough. */
+ char *res = __realpath (buf, NULL);
+ if (res != NULL)
+ {
+ size_t actlen = strlen (res) + 1;
+ if (actlen > resolvedlen)
+ __chk_fail ();
+
+ memcpy (resolved, res, actlen);
+ free (res);
+ res = resolved;
+ }
+
+ return res;
+#endif
+}
diff --git a/debug/tst-chk1.c b/debug/tst-chk1.c
index 6389d11..ba50973 100644
--- a/debug/tst-chk1.c
+++ b/debug/tst-chk1.c
@@ -18,6 +18,7 @@
02111-1307 USA. */
#include <fcntl.h>
+#include <locale.h>
#include <paths.h>
#include <setjmp.h>
#include <signal.h>
@@ -791,5 +792,69 @@ do_test (void)
if (rmdir (fname) != 0)
FAIL ();
+
+#if PATH_MAX > 0
+ char largebuf[PATH_MAX];
+ char *realres = realpath (".", largebuf);
+#endif
+#if __USE_FORTIFY_LEVEL >= 1
+ CHK_FAIL_START
+ char realbuf[1];
+ realres = realpath (".", realbuf);
+ CHK_FAIL_END
+#endif
+
+ if (setlocale (LC_ALL, "de_DE.UTF-8") != NULL)
+ {
+ /* First a simple test. */
+ char enough[MB_CUR_MAX];
+ if (wctomb (enough, L'A') != 1)
+ {
+ puts ("first wctomb test failed");
+ ret = 1;
+ }
+
+#if __USE_FORTIFY_LEVEL >= 1
+ /* We know the wchar_t encoding is ISO 10646. So pick a
+ character which has a multibyte representation which does not
+ fit. */
+ CHK_FAIL_START
+ char smallbuf[2];
+ if (wctomb (smallbuf, L'\x100') != 2)
+ {
+ puts ("second wctomb test failed");
+ ret = 1;
+ }
+ CHK_FAIL_END
+#endif
+ }
+ else
+ {
+ puts ("cannot set locale");
+ ret = 1;
+ }
+
+ fd = posix_openpt (O_RDWR);
+ if (fd != -1)
+ {
+ char enough[1000];
+ if (ptsname_r (fd, enough, sizeof (enough)) != 0)
+ {
+ puts ("first ptsname_r failed");
+ ret = 1;
+ }
+
+#if __USE_FORTIFY_LEVEL >= 1
+ CHK_FAIL_START
+ char smallbuf[2];
+ if (ptsname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0)
+ {
+ puts ("second ptsname_r somehow suceeded");
+ ret = 1;
+ }
+ CHK_FAIL_END
+#endif
+ }
+
return ret;
}
diff --git a/debug/wctomb_chk.c b/debug/wctomb_chk.c
new file mode 100644
index 0000000..d036634
--- /dev/null
+++ b/debug/wctomb_chk.c
@@ -0,0 +1,36 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <locale.h>
+#include <stdlib.h>
+#include <wcsmbs/wcsmbsload.h>
+
+
+extern mbstate_t __no_r_state attribute_hidden; /* Defined in mbtowc.c. */
+
+
+int
+__wctomb_chk (char *s, wchar_t wchar, size_t buflen)
+{
+ /* We do not have to implement the full wctomb semantics since we
+ know that S cannot be NULL when we come here. */
+ if (buflen < MB_CUR_MAX)
+ __chk_fail ();
+
+ return __wcrtomb (s, wchar, &__no_r_state);
+}
diff --git a/include/bits/stdlib.h b/include/bits/stdlib.h
new file mode 100644
index 0000000..8541e27
--- /dev/null
+++ b/include/bits/stdlib.h
@@ -0,0 +1 @@
+#include <stdlib/bits/stdlib.h>
diff --git a/stdlib/Makefile b/stdlib/Makefile
index fafe606..8416631 100644
--- a/stdlib/Makefile
+++ b/stdlib/Makefile
@@ -23,7 +23,7 @@ subdir := stdlib
headers := stdlib.h alloca.h monetary.h fmtmsg.h ucontext.h sys/ucontext.h \
inttypes.h stdint.h bits/wordsize.h bits/wchar.h \
- errno.h sys/errno.h bits/errno.h
+ errno.h sys/errno.h bits/errno.h bits/stdlib.h
routines := \
atof atoi atol atoll \
diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
new file mode 100644
index 0000000..e8286b0
--- /dev/null
+++ b/stdlib/bits/stdlib.h
@@ -0,0 +1,75 @@
+/* Checking macros for stdlib functions.
+ Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#ifndef _STDLIB_H
+# error "Never include <bits/stdlib.h> directly; use <stdlib.h> instead."
+#endif
+
+extern char *__realpath_chk (__const char *__restrict __name,
+ char *__restrict __resolved,
+ size_t __resolvedlen) __THROW __wur;
+extern char *__REDIRECT (__realpath_alias, (__const char *__restrict __name,
+ char *__restrict __resolved),
+ realpath) __THROW __wur;
+
+extern __always_inline __wur char *
+realpath (const char *__name, char *__resolved)
+{
+ if (__bos (__resolved) != (size_t) -1)
+ return __realpath_chk (__name, __resolved, __bos (__resolved));
+
+ return __realpath_alias (__name, __resolved);
+}
+
+
+extern int __ptsname_r_chk (int __fd, char *__buf, size_t __buflen,
+ size_t __nreal) __THROW __nonnull ((2));
+extern int __REDIRECT (__ptsname_r_alias, (int __fd, char *__buf,
+ size_t __buflen), ptsname_r)
+ __THROW __nonnull ((2));
+
+extern __always_inline int
+ptsname_r (int __fd, char *__buf, size_t __buflen)
+{
+ if (__bos (__buf) != (size_t) -1
+ && (!__builtin_constant_p (__buflen) || __buflen > __bos (__buf)))
+ return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf));
+ return __ptsname_r_alias (__fd, __buf, __buflen);
+}
+
+
+extern int __wctomb_chk (char *__s, wchar_t __wchar, size_t __buflen)
+ __THROW __wur;
+extern int __REDIRECT (__wctomb_alias, (char *__s, wchar_t __wchar), wctomb)
+ __THROW __wur;
+
+extern __always_inline __wur int
+wctomb (char *__s, wchar_t __wchar)
+{
+ /* We would have to include <limits.h> to get a definition of MB_LEN_MAX.
+ But this would only disturb the namespace. So we define our own
+ version here. */
+#define __STDLIB_MB_LEN_MAX 16
+#if defined MB_LEN_MAX && MB_LEN_MAX != __STDLIB_MB_LEN_MAX
+# error "Assumed value of MB_LEN_MAX wrong"
+#endif
+ if (__bos (__s) != (size_t) -1 && __STDLIB_MB_LEN_MAX > __bos (__s))
+ return __wctomb_chk (__s, __wchar, __bos (__s));
+ return __wctomb_alias (__s, __wchar);
+}
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
index 4a1571e..9e75e71 100644
--- a/stdlib/stdlib.h
+++ b/stdlib/stdlib.h
@@ -961,6 +961,12 @@ extern int getloadavg (double __loadavg[], int __nelem)
__THROW __nonnull ((1));
#endif
+
+/* Define some macros helping to catch buffer overflows. */
+#if __USE_FORTIFY_LEVEL > 0 && !defined __cplusplus
+# include <bits/stdlib.h>
+#endif
+
#endif /* don't just need malloc and calloc */
#undef __need_malloc_and_calloc