FreeBSD Bugzilla – Attachment 159854 Details for
Bug 202311
Request exp-run for FORTIFY_SOURCE
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
FORTIFY_SOURCE enabled by default (WIP)
D3043.7933.patch (text/plain), 152.09 KB, created by
Pedro F. Giffuni
on 2015-08-14 03:14:30 UTC
(
hide
)
Description:
FORTIFY_SOURCE enabled by default (WIP)
Filename:
MIME Type:
Creator:
Pedro F. Giffuni
Created:
2015-08-14 03:14:30 UTC
Size:
152.09 KB
patch
obsolete
>Index: etc/mtree/BSD.include.dist >=================================================================== >--- etc/mtree/BSD.include.dist (revision 286760) >+++ etc/mtree/BSD.include.dist (working copy) >@@ -321,6 +321,8 @@ > mac_partition > .. > .. >+ secure >+ .. > ssp > .. > sys >Index: gnu/usr.bin/binutils/libbfd/Makefile >=================================================================== >--- gnu/usr.bin/binutils/libbfd/Makefile (revision 286760) >+++ gnu/usr.bin/binutils/libbfd/Makefile (working copy) >@@ -2,6 +2,8 @@ > > .include "../Makefile.inc0" > >+MK_FORTIFY= no >+ > .PATH: ${SRCDIR}/bfd ${SRCDIR}/opcodes > > LIB= bfd >Index: gnu/usr.bin/binutils/objdump/Makefile >=================================================================== >--- gnu/usr.bin/binutils/objdump/Makefile (revision 286760) >+++ gnu/usr.bin/binutils/objdump/Makefile (working copy) >@@ -4,6 +4,8 @@ > > .PATH: ${SRCDIR}/binutils ${SRCDIR}/binutils/doc > >+MK_FORTIFY= no >+ > PROG= objdump > SRCS= objdump.c prdbg.c > CFLAGS+= -D_GNU_SOURCE >Index: include/Makefile >=================================================================== >--- include/Makefile (revision 286760) >+++ include/Makefile (working copy) >@@ -6,7 +6,7 @@ > .include <src.opts.mk> > > CLEANFILES= osreldate.h version vers.c >-SUBDIR= arpa protocols rpcsvc rpc xlocale >+SUBDIR= arpa protocols rpcsvc rpc secure xlocale > INCS= a.out.h ar.h assert.h bitstring.h complex.h cpio.h _ctype.h ctype.h \ > db.h \ > dirent.h dlfcn.h elf.h elf-hints.h err.h fmtmsg.h fnmatch.h fstab.h \ >Index: include/secure/Makefile >=================================================================== >--- include/secure/Makefile (revision 0) >+++ include/secure/Makefile (working copy) >@@ -0,0 +1,6 @@ >+# $FreeBSD$ >+ >+INCS= security.h _poll.h _socket.h _stat.h _stdio.h _string.h _strings.h _unistd.h >+INCSDIR= ${INCLUDEDIR}/secure >+ >+.include <bsd.prog.mk> >Index: include/secure/_poll.h >=================================================================== >--- include/secure/_poll.h (revision 0) >+++ include/secure/_poll.h (working copy) >@@ -0,0 +1,96 @@ >+/* >+ * Copyright (C) 2008 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 >+ * >+ * $FreeBSD$ >+ */ >+ >+#ifndef _SYS_POLL_H_ >+#error "You should not use <secure/_poll.h> directly; include <sys/poll.h> instead." >+#endif >+ >+#ifndef _SECURE_POLL_H_ >+#define _SECURE_POLL_H_ >+ >+#include <secure/security.h> >+ >+__BEGIN_DECLS >+ >+int __poll_chk(struct pollfd *, nfds_t, int, size_t); >+int __poll_real(struct pollfd *, nfds_t, int) __RENAME(poll); >+__errordecl(__poll_too_small_error, "poll: pollfd array smaller than fd count"); >+ >+int __ppoll_chk(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *, size_t); >+int __ppoll_real(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *) __RENAME(ppoll); >+__errordecl(__ppoll_too_small_error, "ppoll: pollfd array smaller than fd count"); >+ >+#ifdef __BSD_FORTIFY >+ >+__FORTIFY_INLINE int >+poll(struct pollfd *_fds, nfds_t _fd_count, int _timeout) >+{ >+ size_t _bos = __bos(_fds); >+ >+#ifdef __clang__ >+ return (__poll_chk(_fds, _fd_count, _timeout, _bos)); >+#else >+ if (_bos != __FORTIFY_UNKNOWN_SIZE) { >+ if (!__builtin_constant_p(_fd_count)) >+ return (__poll_chk(_fds, _fd_count, _timeout, _bos)); >+ else if (_bos / sizeof(*_fds) < _fd_count) >+ __poll_too_small_error(); >+ } >+ return (__poll_real(_fds, _fd_count, _timeout)); >+#endif >+} >+ >+#if __BSD_VISIBLE >+__FORTIFY_INLINE int >+ppoll(struct pollfd *_fds, nfds_t _fd_count, const struct timespec *_timeout, const sigset_t *_mask) >+{ >+ size_t _bos = __bos(_fds); >+ >+#ifdef __clang__ >+ return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos)); >+#else >+ if (_bos != __FORTIFY_UNKNOWN_SIZE) { >+ if (!__builtin_constant_p(_fd_count)) >+ return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos)); >+ else if (_bos / sizeof(*_fds) < _fd_count) >+ __ppoll_too_small_error(); >+ } >+ return (__ppoll_real(_fds, _fd_count, _timeout, _mask)); >+#endif >+} >+#endif >+ >+#endif >+ >+__END_DECLS >+ >+#endif /* !_SECURE_POLL_H_ */ >Index: include/secure/_socket.h >=================================================================== >--- include/secure/_socket.h (revision 0) >+++ include/secure/_socket.h (working copy) >@@ -0,0 +1,83 @@ >+/* >+ * Copyright (C) 2008 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 >+ * >+ * $FreeBSD$ >+ */ >+ >+ >+#ifndef _SYS_SOCKET_H_ >+#error "You should not use <secure/_socket.h> directly; include <sys/socket.h> instead." >+#endif >+ >+#ifndef _SECURE_SOCKET_H_ >+#define _SECURE_SOCKET_H_ >+ >+#include <sys/_null.h> >+#include <secure/security.h> >+ >+__BEGIN_DECLS >+ >+extern ssize_t __recvfrom_chk(int, void *, size_t, size_t, int, struct sockaddr * __restrict, socklen_t * __restrict); >+extern ssize_t __recvfrom_real(int, void *, size_t, int, const struct sockaddr *, socklen_t *) __RENAME(recvfrom); >+__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer"); >+ >+#ifdef __BSD_FORTIFY >+ >+__FORTIFY_INLINE ssize_t >+recvfrom(int _s, void *_buf, size_t _len, int _flags, struct sockaddr * __restrict _from, socklen_t * __restrict _fromlen) >+{ >+ size_t _bos = __bos0(_buf); >+ >+#ifndef __clang__ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen)); >+ >+ if (__builtin_constant_p(_len) && (_len <= _bos)) >+ return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen)); >+ >+ if (__builtin_constant_p(_len) && (_len > _bos)) >+ __recvfrom_error(); >+#endif >+ >+ return (__recvfrom_chk(_s, _buf, _len, _bos, _flags, _from, _fromlen)); >+} >+ >+ >+__FORTIFY_INLINE ssize_t >+recv(int _s, void *_buf, size_t _len, int _flags) >+{ >+ >+ return recvfrom(_s, _buf, _len, _flags, NULL, 0); >+} >+ >+#endif /* !__BSD_FORTIFY */ >+ >+__END_DECLS >+ >+#endif /* !_SECURE_SOCKET_H */ >Index: include/secure/_stat.h >=================================================================== >--- include/secure/_stat.h (revision 0) >+++ include/secure/_stat.h (working copy) >@@ -0,0 +1,70 @@ >+/*- >+ * Copyright (C) 2008 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#ifndef _SYS_STAT_H_ >+#error "You should not use <secure/_stat.h> directly; include <sys/stat.h> instead." >+#endif >+ >+#ifndef _SECURE_STAT_H_ >+#define _SECURE_STAT_H_ >+ >+#include <secure/security.h> >+ >+__BEGIN_DECLS >+ >+extern mode_t __umask_chk(mode_t); >+#ifndef __FORTIFY_UMASK_REAL >+#define __FORTIFY_UMASK_REAL 1 >+extern mode_t __umask_real(mode_t) __RENAME(umask); >+#endif >+__errordecl(__umask_invalid_mode, "umask called with invalid mode"); >+ >+#ifdef __BSD_FORTIFY >+ >+__FORTIFY_INLINE mode_t >+umask(mode_t _mode) >+{ >+#ifndef __clang__ >+ if (__builtin_constant_p(_mode)) { >+ if ((_mode & 0777) != _mode) >+ __umask_invalid_mode(); >+ >+ return (__umask_real(_mode)); >+ } >+#endif >+ return (__umask_chk(_mode)); >+} >+#endif /* defined(__BSD_FORTIFY) */ >+ >+__END_DECLS >+ >+#endif /* !_SECURE_STAT_H_ */ >Index: include/secure/_stdio.h >=================================================================== >--- include/secure/_stdio.h (revision 0) >+++ include/secure/_stdio.h (working copy) >@@ -0,0 +1,240 @@ >+/*- >+ * Copyright (c) 1990 The Regents of the University of California. >+ * All rights reserved. >+ * >+ * This code is derived from software contributed to Berkeley by >+ * Chris Torek. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * 3. Neither the name of the University nor the names of its contributors >+ * may be used to endorse or promote products derived from this software >+ * without specific prior written permission. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND >+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE >+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE >+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL >+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS >+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT >+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY >+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * @(#)stdio.h 5.17 (Berkeley) 6/3/91 >+ * $OpenBSD: stdio.h,v 1.35 2006/01/13 18:10:09 miod Exp $ >+ * $NetBSD: stdio.h,v 1.18 1996/04/25 18:29:21 jtc Exp $ >+ * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 >+ * $FreeBSD$ >+ */ >+ >+#ifndef _STDIO_H_ >+#error "You should not use <secure/_stdio.h> directly; include <stdio.h> instead." >+#endif >+ >+#ifndef _SECURE_STDIO_H_ >+#define _SECURE_STDIO_H_ >+ >+#include <secure/security.h> >+#include <stdarg.h> >+ >+__BEGIN_DECLS >+ >+extern char *__fgets_chk(char *, int, FILE *, size_t); >+extern char *__fgets_real(char *, int, FILE *) __RENAME(fgets); >+__errordecl(__fgets_too_big_error, "fgets called with size bigger than buffer"); >+__errordecl(__fgets_too_small_error, "fgets called with size less than zero"); >+extern size_t __fread_chk(void * __restrict, size_t, size_t, FILE * __restrict, size_t); >+extern size_t __fread_real(void * __restrict, size_t, size_t, FILE * __restrict) __RENAME(fread); >+__errordecl(__fread_too_big_error, "fread called with size * count bigger than buffer"); >+__errordecl(__fread_overflow, "fread called with overflowing size * count"); >+extern size_t __fwrite_chk(const void * __restrict, size_t, size_t, FILE * __restrict, size_t); >+extern size_t __fwrite_real(const void * __restrict, size_t, size_t, FILE * __restrict) __RENAME(fwrite); >+__errordecl(__fwrite_too_big_error, "fwrite called with size * count bigger than buffer"); >+__errordecl(__fwrite_overflow, "fwrite called with overflowing size * count"); >+extern int __sprintf_chk(char * __restrict, int, size_t, const char * __restrict, ...); >+extern int __sprintf_real(char * __restrict, const char * __restrict, ...) __RENAME(sprintf); >+extern int __vsprintf_chk(char * __restrict, int, size_t, const char * __restrict, __va_list); >+extern int __vsprintf_real(char * __restrict, const char * __restrict, __va_list) __RENAME(vsprintf); >+ >+#if __ISO_C_VISIBLE >= 1999 >+extern int __snprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, ...); >+extern int __snprintf_real(char * __restrict, size_t, const char * __restrict, ...) __RENAME(snprintf) __printflike(3, 4); >+extern int __vsnprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, __va_list); >+extern int __vsnprintf_real(char * __restrict, size_t, const char * __restrict, __va_list) __RENAME(vsnprintf) __printflike(3, 0); >+#endif >+ >+#ifdef __BSD_FORTIFY >+ >+#if __ISO_C_VISIBLE >= 1999 >+__FORTIFY_INLINE __printflike(3, 0) int >+vsnprintf(char *_dest, size_t _size, const char *_format, __va_list _ap) >+{ >+ size_t _bos = __bos(_dest); >+ >+#ifndef __clang__ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__vsnprintf_real(_dest, _size, _format, _ap)); >+#endif >+ >+ return (__vsnprintf_chk(_dest, _size, 0, _bos, _format, _ap)); >+} >+#endif /* __ISO_C_VISIBLE */ >+ >+__FORTIFY_INLINE __printflike(2, 0) int >+vsprintf(char *_dest, const char *_format, __va_list _ap) >+{ >+ size_t _bos = __bos(_dest); >+ >+#ifndef __clang__ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__vsprintf_real(_dest, _format, _ap)); >+#endif >+ >+ return (__vsprintf_chk(_dest, 0, _bos, _format, _ap)); >+} >+ >+ >+#if __ISO_C_VISIBLE >= 1999 >+#if !__has_builtin(__builtin_va_arg_pack) && !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ >+#if !defined(snprintf) && !defined(__cplusplus) >+#define __wrap_snprintf(_dest, _size, ...) __snprintf_chk(_dest, _size, 0, __bos(_dest), __VA_ARGS__) >+#define snprintf(...) __wrap_snprintf(__VA_ARGS__) >+#endif /* !snprintf */ >+#else /* __GNUC_PREREQ__(4, 3) */ >+__FORTIFY_INLINE __printflike(3, 4) int >+snprintf(char *_dest, size_t _size, const char *_format, ...) >+{ >+ size_t _bos = __bos(_dest); >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__snprintf_real(_dest, _size, _format, >+ __builtin_va_arg_pack())); >+ >+ return (__snprintf_chk(_dest, _size, 0, _bos, _format, >+ __builtin_va_arg_pack())); >+} >+#endif /* !__GNUC_PREREQ__(4, 3) */ >+#endif /* __ISO_C_VISIBLE */ >+ >+#if !__has_builtin(__builtin_va_arg_pack) && !__GNUC_PREREQ__(4, 3) /* defined(__clang__) */ >+#if !defined(sprintf) && !defined(__cplusplus) >+#define __wrap_sprintf(_dest, ...) __sprintf_chk(_dest, 0, __bos(_dest), __VA_ARGS__) >+#define sprintf(...) __wrap_sprintf(__VA_ARGS__) >+#endif /* !sprintf */ >+#else /* __GNUC_PREREQ__(4, 3) */ >+__FORTIFY_INLINE __printflike(2, 3) int >+sprintf(char *_dest, const char *_format, ...) >+{ >+ size_t _bos = __bos(_dest); >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__sprintf_real(_dest, _format, >+ __builtin_va_arg_pack())); >+ >+ return (__sprintf_chk(_dest, 0, _bos, _format, >+ __builtin_va_arg_pack())); >+} >+ >+#endif /* !__GNUC_PREREQ__(4, 3) */ >+ >+__FORTIFY_INLINE char * >+fgets(char *_buf, int _n, FILE *_stream) >+{ >+ size_t _bos = __bos(_buf); >+ >+#ifndef __clang__ >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always negative. >+ * Force a compiler error. >+ */ >+ if (__builtin_constant_p(_n) && (_n < 0)) >+ __fgets_too_small_error(); >+ /* >+ * Compiler doesn 't know destination size. >+ * Don' t call __fgets_chk. >+ */ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__fgets_real(_buf, _n, _stream)); >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. >+ * Don 't call __fgets_chk. >+ */ >+ if (__builtin_constant_p(_n) && (_n <= (int)_bos)) >+ return (__fgets_real(_buf, _n, _stream)); >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always > the actual object size. >+ * Force a compiler error. >+ */ >+ if (__builtin_constant_p(_n) && (_n > (int)_bos)) >+ __fgets_too_big_error(); >+#endif >+ return (__fgets_chk(_buf, _n, _stream, _bos)); >+} >+ >+ >+__FORTIFY_INLINE size_t >+fread(void * __restrict _ptr, size_t _size, size_t _nmemb, FILE * __restrict _stream) >+{ >+ size_t _bos = __bos0(_ptr); >+#ifndef __clang__ >+ size_t _total; >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__fread_real(_ptr, _size, _nmemb, _stream)); >+ >+ if (__builtin_constant_p(_size) && __builtin_constant_p(_nmemb)) { >+ if (__size_mul_overflow(_size, _nmemb, &_total)) >+ __fread_overflow(); >+ >+ if (_total > _bos) >+ __fread_too_big_error(); >+ >+ return (__fread_real(_ptr, _size, _nmemb, _stream)); >+ } >+#endif >+ >+ return (__fread_chk(_ptr, _size, _nmemb, _stream, _bos)); >+} >+ >+ >+__FORTIFY_INLINE size_t >+fwrite(const void * __restrict _ptr, size_t _size, size_t _nmemb, FILE * __restrict _stream) >+{ >+ size_t _bos = __bos0(_ptr); >+#ifndef __clang__ >+ size_t _total; >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return __fwrite_real(_ptr, _size, _nmemb, _stream); >+ >+ if (__builtin_constant_p(_size) && __builtin_constant_p(_nmemb)) { >+ if (__size_mul_overflow(_size, _nmemb, &_total)) >+ __fwrite_overflow(); >+ >+ if (_total > _bos) >+ __fwrite_too_big_error(); >+ >+ return (__fwrite_real(_ptr, _size, _nmemb, _stream)); >+ } >+#endif >+ >+ return (__fwrite_chk(_ptr, _size, _nmemb, _stream, _bos)); >+} >+ >+#endif /* defined(__BSD_FORTIFY) */ >+ >+__END_DECLS >+ >+#endif /* !_SECURE_STDIO_H_ */ >Index: include/secure/_string.h >=================================================================== >--- include/secure/_string.h (revision 0) >+++ include/secure/_string.h (working copy) >@@ -0,0 +1,448 @@ >+/*- >+ * Copyright (c) 2015 Olivér Pintér >+ * Copyright (C) 2008 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 >+ * >+ * $FreeBSD$ >+ */ >+ >+#ifndef _STRING_H_ >+#error "You should not use <secure/_string.h> directly; include <string.h> instead." >+#endif >+ >+#ifndef _SECURE_STRING_H_ >+#define _SECURE_STRING_H_ >+ >+#include <secure/security.h> >+ >+__BEGIN_DECLS >+ >+extern void *__memccpy_chk(void *, const void *, int, size_t, size_t); >+extern void *__memccpy_real(void *, const void *, int, size_t) __RENAME(memccpy); >+extern void *__memchr_chk(const void *, int, size_t, size_t); >+extern void *__memchr_real(const void *, int, size_t) __RENAME(memchr); >+extern void *__memcpy_chk(void *, const void *, size_t, size_t); >+extern void *__memcpy_real(void *, const void *, size_t) __RENAME(memcpy); >+__errordecl(__memchr_buf_size_error, "memchr called with size bigger than buffer"); >+extern void *__memmove_chk(void *, const void *, size_t, size_t); >+extern void *__memmove_real(void *, const void *, size_t) __RENAME(memmove); >+extern void *__memrchr_chk(const void *, int, size_t, size_t); >+extern void *__memrchr_real(const void *, int, size_t) __RENAME(memrchr); >+__errordecl(__memrchr_buf_size_error, "memrchr called with size bigger than buffer"); >+extern void *__memset_chk(void *, int, size_t, size_t); >+extern void *__memset_real(void *, int, size_t) __RENAME(memset); >+extern char *__strcat_chk(char *__restrict, const char *__restrict, size_t); >+extern char *__strcat_real(char *__restrict, const char *__restrict) __RENAME(strcat); >+extern char *__strncat_chk(char *__restrict, const char *__restrict, size_t, size_t); >+extern char *__strncat_real(char *__restrict, const char *__restrict, size_t) __RENAME(strncat); >+extern char *__stpcpy_chk(char *, const char *, size_t); >+extern char *__stpcpy_real(char *, const char *) __RENAME(stpcpy); >+extern char *__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t); >+extern char *__stpncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); >+extern char *__stpncpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(stpncpy); >+extern char *__strcpy_chk(char *, const char *, size_t); >+extern char *__strcpy_real(char *, const char *) __RENAME(strcpy); >+extern char *__strncpy_chk(char *, const char *, size_t, size_t); >+extern char *__strncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); >+extern char *__strncpy_real(char *, const char *, size_t) __RENAME(strncpy); >+extern size_t __strlcpy_chk(char *, const char *, size_t, size_t); >+extern size_t __strlcpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcpy); >+extern size_t __strlcat_chk(char * __restrict, const char * __restrict, size_t, size_t); >+extern size_t __strlcat_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcat); >+extern size_t __strlen_chk(const char *, size_t); >+extern size_t __strlen_real(const char *) __RENAME(strlen); >+extern char *__strchr_chk(const char *, int, size_t); >+extern char *__strchr_real(const char *, int) __RENAME(strchr); >+extern char *__strchrnul_chk(const char *, int, size_t); >+extern char *__strchrnul_real(const char *, int) __RENAME(strchrnul); >+extern char *__strrchr_chk(const char *, int, size_t); >+extern char *__strrchr_real(const char *, int) __RENAME(strrchr); >+ >+#ifdef __BSD_FORTIFY >+ >+#if __XSI_VISIBLE >= 600 >+__FORTIFY_INLINE void * >+memccpy(void * __restrict _d, const void * __restrict _s, int _c, size_t _n) >+{ >+ size_t _bos = __bos0(_d); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__memccpy_real(_d, _s, _c, _n)); >+#endif >+ >+ return (__memccpy_chk(_d, _s, _c, _n, _bos)); >+} >+#endif /* __XSI_VISIBLE */ >+ >+ >+__FORTIFY_INLINE void * >+memchr(const void *_s, int _c, size_t _n) >+{ >+ size_t _bos = __bos(_s); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__memchr_real(_s, _c, _n)); >+ >+ if (__builtin_constant_p(_n) && (_n > _bos)) >+ __memchr_buf_size_error(); >+ >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. Don't call __memchr_chk. >+ */ >+ if (__builtin_constant_p(_n) && (_n <= _bos)) >+ return (__memchr_real(_s, _c, _n)); >+#endif >+ >+ return (__memchr_chk(_s, _c, _n, _bos)); >+} >+ >+ >+#if __BSD_VISIBLE >+__FORTIFY_INLINE void * >+memrchr(const void *_s, int _c, size_t _n) >+{ >+ size_t _bos = __bos(_s); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__memrchr_real(_s, _c, _n)); >+ >+ if (__builtin_constant_p(_n) && (_n > _bos)) >+ (__memrchr_buf_size_error()); >+ >+ if (__builtin_constant_p(_n) && (_n <= _bos)) >+ return __memrchr_real(_s, _c, _n); >+#endif >+ >+ return (__memrchr_chk(_s, _c, _n, _bos)); >+} >+#endif /* __BSD_VISIBLE */ >+ >+ >+__FORTIFY_INLINE void * >+memcpy(void * __restrict _d, const void * __restrict _s, size_t _n) >+{ >+ size_t _bos = __bos0(_d); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__memcpy_real(_d, _s, _n)); >+#endif >+ >+ return (__memcpy_chk(_d, _s, _n, _bos)); >+} >+ >+ >+__FORTIFY_INLINE void * >+memmove(void *_d, const void *_s, size_t _n) >+{ >+ size_t _bos = __bos0(_d); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__memmove_real(_d, _s, _n)); >+#endif >+ >+ return (__memmove_chk(_d, _s, _n, _bos)); >+} >+ >+ >+#if __POSIX_VISIBLE >= 200809 >+__FORTIFY_INLINE char * >+stpcpy(char * __restrict _d, const char * __restrict _s) >+{ >+ size_t _bos = __bos(_d); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__stpcpy_real(_d, _s)); >+#endif >+ >+ return (__stpcpy_chk(_d, _s, _bos)); >+} >+#endif /* __POSIX_VISIBLE */ >+ >+ >+__FORTIFY_INLINE char * >+strcpy(char * __restrict _d, const char * __restrict _s) >+{ >+ size_t _bos = __bos(_d); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strcpy_real(_d, _s)); >+#endif >+ >+ return (__strcpy_chk(_d, _s, _bos)); >+} >+ >+ >+#if __POSIX_VISIBLE >= 200809 >+__FORTIFY_INLINE char * >+stpncpy(char * __restrict _d, const char * __restrict _s, size_t _n) >+{ >+ size_t _d_bos = __bos(_d); >+ size_t _s_bos = __bos(_s); >+#ifndef __clang__ >+ size_t _slen; >+ >+ if (_d_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__stpncpy_real(_d, _s, _n)); >+ >+ if (_s_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__stpncpy_chk(_d, _s, _n, _d_bos)); >+ >+ if (__builtin_constant_p(_n) && (_n <= _s_bos)) >+ return (__stpncpy_chk(_d, _s, _n, _d_bos)); >+ >+ _slen = __builtin_strlen(_s); >+ if (__builtin_constant_p(_slen)) >+ return (__stpncpy_chk(_d, _s, _n, _d_bos)); >+#endif >+ >+ return (__stpncpy_chk2(_d, _s, _n, _d_bos, _s_bos)); >+} >+#endif /* __POSIX_VISIBLE */ >+ >+ >+__FORTIFY_INLINE char * >+strncpy(char * __restrict _d, const char * __restrict _s, size_t _n) >+{ >+ size_t _d_bos = __bos(_d); >+ size_t _s_bos = __bos(_s); >+#ifndef __clang__ >+ size_t _slen; >+ >+ if (_d_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__strncpy_real(_d, _s, _n)); >+ >+ if (_s_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__strncpy_chk(_d, _s, _n, _d_bos)); >+ >+ if (__builtin_constant_p(_n) && (_n <= _s_bos)) >+ return (__strncpy_chk(_d, _s, _n, _d_bos)); >+ >+ _slen = __builtin_strlen(_s); >+ if (__builtin_constant_p(_slen)) >+ return (__strncpy_chk(_d, _s, _n, _d_bos)); >+#endif >+ >+ return (__strncpy_chk2(_d, _s, _n, _d_bos, _s_bos)); >+} >+ >+ >+__FORTIFY_INLINE char * >+strcat(char * __restrict _d, const char * __restrict _s) >+{ >+ size_t _bos = __bos(_d); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strcat_real(_d, _s)); >+#endif >+ >+ return (__strcat_chk(_d, _s, _bos)); >+} >+ >+ >+__FORTIFY_INLINE char * >+strncat(char * __restrict _d, const char * __restrict _s, size_t _n) >+{ >+ size_t _bos = __bos(_d); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strncat_real(_d, _s, _n)); >+#endif >+ >+ return (__strncat_chk(_d, _s, _n, _bos)); >+} >+ >+ >+__FORTIFY_INLINE void * >+memset(void *_s, int _c, size_t _n) >+{ >+ size_t _bos = __bos(_s); >+ >+#ifndef __clang__ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__memset_real(_s, _c, _n)); >+#endif >+ >+ return (__memset_chk(_s, _c, _n, _bos)); >+} >+ >+ >+#if __BSD_VISIBLE >+__FORTIFY_INLINE size_t >+strlcpy(char * __restrict _d, const char * __restrict _s, size_t _n) >+{ >+ size_t _bos = __bos(_d); >+ >+#ifndef __clang__ >+ /* Compiler doesn't know destination size. Don't call __strlcpy_chk. */ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strlcpy_real(_d, _s, _n)); >+ >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. Don't call __strlcpy_chk. >+ */ >+ if (__builtin_constant_p(_n) && (_n <= _bos)) >+ return (__strlcpy_real(_d, _s, _n)); >+#endif >+ >+ return (__strlcpy_chk(_d, _s, _n, _bos)); >+} >+#endif /* __BSD_VISIBLE */ >+ >+ >+#if __BSD_VISIBLE >+__FORTIFY_INLINE size_t >+strlcat(char * __restrict _d, const char * __restrict _s, size_t _n) >+{ >+ size_t _bos = __bos(_d); >+ >+#ifndef __clang__ >+ /* Compiler doesn't know destination size. Don't call __strlcat_chk. */ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strlcat_real(_d, _s, _n)); >+ >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. Don't call __strlcat_chk. >+ */ >+ if (__builtin_constant_p(_n) && (_n <= _bos)) >+ return (__strlcat_real(_d, _s, _n)); >+#endif >+ >+ return (__strlcat_chk(_d, _s, _n, _bos)); >+} >+#endif /* __BSD_VISIBLE */ >+ >+ >+__FORTIFY_INLINE size_t >+strlen(const char *_s) >+{ >+ size_t _bos = __bos(_s); >+#ifndef __clang__ >+ size_t _slen; >+ >+ /* Compiler doesn't know destination size. Don't call __strlen_chk. */ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strlen_real(_s)); >+ >+ _slen = __builtin_strlen(_s); >+ if (__builtin_constant_p(_slen)) >+ return (_slen); >+#endif >+ >+ return (__strlen_chk(_s, _bos)); >+} >+ >+__FORTIFY_INLINE char * >+strchr(const char *_s, int _c) >+{ >+ size_t _bos = __bos(_s); >+#ifndef __clang__ >+ size_t _slen; >+ >+ /* Compiler doesn't know destination size. Don't call __strchr_chk. */ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strchr_real(_s, _c)); >+ >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. Don't call __strlchr_chk. >+ */ >+ _slen = __builtin_strlen(_s); >+ if (__builtin_constant_p(_slen) && (_slen < _bos)) >+ return (__strchr_real(_s, _c)); >+#endif >+ >+ return (__strchr_chk(_s, _c, _bos)); >+} >+ >+ >+#if __BSD_VISIBLE >+__FORTIFY_INLINE char * >+strchrnul(const char *_s, int _c) >+{ >+ size_t _bos = __bos(_s); >+#ifndef __clang__ >+ size_t _slen; >+ >+ /* Compiler doesn't know destination size. Don't call __strchr_chk. */ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strchrnul_real(_s, _c)); >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. Don't call __strlchrnul_chk. >+ */ >+ _slen = __builtin_strlen(_s); >+ if (__builtin_constant_p(_slen) && (_slen < _bos)) >+ return (__strchrnul_real(_s, _c)); >+#endif >+ >+ return (__strchrnul_chk(_s, _c, _bos)); >+} >+#endif >+ >+ >+__FORTIFY_INLINE char * >+strrchr(const char *_s, int _c) >+{ >+ size_t _bos = __bos(_s); >+#ifndef __clang__ >+ size_t _slen; >+ >+ /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ >+ if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strrchr_real(_s, _c)); >+ >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. Don't call __strlen_chk. >+ */ >+ _slen = __strlen_real(_s); >+ if (__builtin_constant_p(_slen) && (_slen < _bos)) >+ return (__strrchr_real(_s, _c)); >+#endif >+ >+ return (__strrchr_chk(_s, _c, _bos)); >+} >+ >+ >+#endif /* defined(__BSD_FORTIFY) */ >+ >+__END_DECLS >+ >+#endif /* !_SECURE_STRING_H */ >Index: include/secure/_strings.h >=================================================================== >--- include/secure/_strings.h (revision 0) >+++ include/secure/_strings.h (working copy) >@@ -0,0 +1,112 @@ >+/*- >+ * Copyright (C) 2015 Olivér Pintér >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * $FreeBSD$ >+ */ >+ >+#ifndef _STRINGS_H_ >+#error "You should not use <secure/_strings.h> directly; include <sys/strings.h> instead." >+#endif >+ >+#ifndef _SECURE_STRINGS_H_ >+#define _SECURE_STRINGS_H_ >+ >+#include <secure/security.h> >+ >+__BEGIN_DECLS >+ >+extern void *__bcopy_chk(void *, const void *, size_t, size_t) __RENAME(__memmove_chk); >+extern void __bcopy_real(const void *, void *, size_t) __RENAME(bcopy); >+extern void *__bzero_chk(void *, int, size_t, size_t) __RENAME(__memset_chk); >+extern void __bzero_real(void *, size_t) __RENAME(bzero); >+extern char *__rindex_chk(const char *, int, size_t); >+extern char *__rindex_real(const char *, int) __RENAME(rindex); >+ >+#ifdef __BSD_FORTIFY >+#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 >+__FORTIFY_INLINE void >+bcopy(const void *_s, void *_d, size_t _l) >+{ >+ size_t _bos = __bos0(_d); >+ >+#ifndef __clang__ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ __bcopy_real(_s, _d, _l); >+#endif >+ >+ (void)(__bcopy_chk(_d, _s, _l, _bos)); >+} >+#endif >+ >+ >+#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 >+__FORTIFY_INLINE void >+bzero(void *_s, size_t _n) >+{ >+ size_t _bos = __bos(_s); >+ >+#ifndef __clang__ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ __bzero_real(_s, _n); >+#endif >+ >+ (void)(__bzero_chk(_s, '\0', _n, _bos)); >+} >+#endif >+ >+ >+#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112 >+__FORTIFY_INLINE char * >+rindex(const char *_s, int _c) >+{ >+ size_t _bos = __bos(_s); >+#ifndef __clang__ >+ size_t _slen; >+ >+ /* Compiler doesn't know destination size. Don't call __strrchr_chk. */ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__rindex_real(_s, _c)); >+ >+ /* >+ * Compiler can prove, at compile time, that the passed in size >+ * is always <= the actual object size. Don't call __rindex_chk. >+ */ >+ _slen = __builtin_strlen(_s); >+ if (__builtin_constant_p(_slen) && (_slen < _bos)) >+ return (__rindex_real(_s, _c)); >+#endif >+ >+ return (__rindex_chk(_s, _c, _bos)); >+} >+#endif >+ >+ >+#endif /* !__BSD_FORTIFY */ >+ >+__END_DECLS >+ >+#endif /* !defined(_SECURE_STRINGS_H_) */ >Index: include/secure/_unistd.h >=================================================================== >--- include/secure/_unistd.h (revision 0) >+++ include/secure/_unistd.h (working copy) >@@ -0,0 +1,200 @@ >+/*- >+ * Copyright (c) 2015 Olivér Pintér >+ * Copyright (C) 2008 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6 >+ * >+ * $FreeBSD$ >+ */ >+ >+#ifndef _UNISTD_H_ >+#error "You should not use <secure/_unistd.h> directly; include <unistd.h> instead." >+#endif >+ >+#ifndef _SECURE_UNISTD_H_ >+#define _SECURE_UNISTD_H_ >+ >+#include <sys/limits.h> >+#include <secure/security.h> >+ >+__BEGIN_DECLS >+ >+extern char *__getcwd_chk(char*, size_t, size_t); >+extern char *__getcwd_real(char*, size_t) __RENAME(getcwd); >+__errordecl(__getcwd_dest_size_error, "getcwd called with size bigger than destination"); >+extern ssize_t __pread_chk(int, void *, size_t, off_t, size_t); >+extern ssize_t __pread_real(int, void *, size_t, off_t) __RENAME(pread); >+__errordecl(__pread_dest_size_error, "pread called with size bigger than destination"); >+__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX"); >+extern ssize_t __read_chk(int, void *, size_t, size_t); >+extern ssize_t __read_real(int, void *, size_t) __RENAME(read); >+__errordecl(__read_dest_size_error, "read called with size bigger than destination"); >+__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX"); >+extern ssize_t __readlink_chk(const char *, char *, size_t, size_t); >+extern ssize_t __readlink_real(const char *, char *, size_t) __RENAME(readlink); >+__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination"); >+__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX"); >+extern ssize_t __readlinkat_chk(int, const char *, char *, size_t, size_t); >+extern ssize_t __readlinkat_real(int, const char *, char *, size_t) __RENAME(readlinkat); >+__errordecl(__readlinkat_dest_size_error, "readlinkat called with size bigger than destination"); >+__errordecl(__readlinkat_size_toobig_error, "readlinkat called with size > SSIZE_MAX"); >+ >+#ifdef __BSD_FORTIFY >+ >+__FORTIFY_INLINE >+char * >+getcwd(char *_buf, size_t _size) >+{ >+ size_t _bos = __bos(_buf); >+ >+#ifdef __clang__ >+ /* >+ * Work around LLVM's incorrect __builtin_object_size implementation >+ * here to avoid needing the workaround in the __getcwd_chk ABI >+ * forever. >+ * >+ * https://llvm.org/bugs/show_bug.cgi?id=23277 >+ */ >+ if (_buf == NULL) >+ _bos = __FORTIFY_UNKNOWN_SIZE; >+#else >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__getcwd_real(_buf, _size)); >+ if (__builtin_constant_p(_size) && (_size > _bos)) >+ __getcwd_dest_size_error(); >+ if (__builtin_constant_p(_size) && (_size <= _bos)) >+ return (__getcwd_real(_buf, _size)); >+#endif >+ >+ return (__getcwd_chk(_buf, _size, _bos)); >+} >+ >+ >+/* 1003.1-2008 */ >+#if __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE >+__FORTIFY_INLINE ssize_t >+pread(int _fd, void *_buf, size_t _count, off_t _offset) >+{ >+ size_t _bos = __bos0(_buf); >+ >+#ifndef __clang__ >+ if (__builtin_constant_p(_count) && (_count > SSIZE_MAX)) >+ __pread_count_toobig_error(); >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__pread_real(_fd, _buf, _count, _offset)); >+ >+ if (__builtin_constant_p(_count) && (_count > _bos)) >+ __pread_dest_size_error(); >+ >+ if (__builtin_constant_p(_count) && (_count <= _bos)) >+ return (__pread_real(_fd, _buf, _count, _offset)); >+#endif >+ >+ return (__pread_chk(_fd, _buf, _count, _offset, _bos)); >+} >+#endif /* __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE */ >+ >+ >+__FORTIFY_INLINE ssize_t >+read(int _fd, void *_buf, size_t _count) >+{ >+ size_t _bos = __bos0(_buf); >+ >+#ifndef __clang__ >+ if (__builtin_constant_p(_count) && (_count > SSIZE_MAX)) >+ __read_count_toobig_error(); >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__read_real(_fd, _buf, _count)); >+ >+ if (__builtin_constant_p(_count) && (_count > _bos)) >+ __read_dest_size_error(); >+ >+ if (__builtin_constant_p(_count) && (_count <= _bos)) >+ return (__read_real(_fd, _buf, _count)); >+#endif >+ >+ return (__read_chk(_fd, _buf, _count, _bos)); >+} >+ >+ >+/* 1003.1-2001 */ >+#if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE >+__FORTIFY_INLINE ssize_t >+readlink(const char *_path, char *_buf, size_t _size) >+{ >+ size_t _bos = __bos(_buf); >+ >+#ifndef __clang__ >+ if (__builtin_constant_p(_size) && (_size > SSIZE_MAX)) >+ __readlink_size_toobig_error(); >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__readlink_real(_path, _buf, _size)); >+ >+ if (__builtin_constant_p(_size) && (_size > _bos)) >+ __readlink_dest_size_error(); >+ >+ if (__builtin_constant_p(_size) && (_size <= _bos)) >+ return (__readlink_real(_path, _buf, _size)); >+#endif >+ >+ return (__readlink_chk(_path, _buf, _size, _bos)); >+} >+#endif /* __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE */ >+ >+ >+#if __POSIX_VISIBLE >= 200809 >+__FORTIFY_INLINE ssize_t >+readlinkat(int _dirfd, const char *_path, char *_buf, size_t _size) >+{ >+ size_t _bos = __bos(_buf); >+ >+#ifndef __clang__ >+ if (__builtin_constant_p(_size) && (_size > SSIZE_MAX)) >+ (__readlinkat_size_toobig_error()); >+ >+ if (_bos == __FORTIFY_UNKNOWN_SIZE) >+ return (__readlinkat_real(_dirfd, _path, _buf, _size)); >+ >+ if (__builtin_constant_p(_size) && (_size > _bos)) >+ __readlinkat_dest_size_error(); >+ >+ if (__builtin_constant_p(_size) && (_size <= _bos)) >+ return (__readlinkat_real(_dirfd, _path, _buf, _size)); >+#endif >+ >+ return (__readlinkat_chk(_dirfd, _path, _buf, _size, _bos)); >+} >+#endif /* __POSIX_VISIBLE >= 200809 */ >+ >+#endif /* defined(__BSD_FORTIFY) */ >+ >+__END_DECLS >+ >+#endif /* !_SECURE_UNISTD_H_ */ >Index: include/secure/security.h >=================================================================== >--- include/secure/security.h (revision 0) >+++ include/secure/security.h (working copy) >@@ -0,0 +1,86 @@ >+/*- >+ * Copyright (c) 2015 Olivér Pintér >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND >+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE >+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE >+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL >+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS >+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT >+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY >+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * $FreeBSD$ >+ */ >+ >+#ifndef _SECURE_SECURITY_ >+#define _SECURE_SECURITY_ >+ >+#include <sys/cdefs.h> >+#include <sys/types.h> >+ >+#ifndef __clang__ >+#if __GNUC_PREREQ__(4, 3) >+#define __errordecl(name, msg) extern void name(void) __error_attr(msg) >+#else >+#define __errordecl(name, msg) \ >+static void name(void) __dead2; \ >+static void name(void) \ >+{ \ >+ \ >+ __fortify_chk_fail(msg); \ >+} >+#endif /* __GNUC_PREREQ(4, 3) */ >+#else /* !__clang__ */ >+#define __errordecl(name, msg) >+#endif /* !__clang__ */ >+ >+#define __RENAME(x) __asm__(#x) >+ >+#if __has_builtin(__builtin_umul_overflow) || __GNUC_PREREQ__(5, 0) >+#if __LP64__ >+#define __size_mul_overflow(a, b, result) __builtin_umull_overflow(a, b, result) >+#else >+#define __size_mul_overflow(a, b, result) __builtin_umul_overflow(a, b, result) >+#endif >+#else >+static __inline __always_inline int >+__size_mul_overflow(__SIZE_TYPE__ a, __SIZE_TYPE__ b, __SIZE_TYPE__ *result) >+{ >+ static const __SIZE_TYPE__ mul_no_overflow = 1UL << (sizeof(__SIZE_TYPE__) * 4); >+ >+ *result = a * b; >+ >+ return (a >= mul_no_overflow || b >= mul_no_overflow) && a > 0 && (__SIZE_TYPE__)-1 / a < b; >+} >+#endif >+ >+__BEGIN_DECLS >+ >+/* Common fail function. */ >+void __secure_fail(const char *msg) __dead2 __nonnull(1); >+ >+/* SSP related fail functions. */ >+void __chk_fail(void) __dead2; >+void __stack_chk_fail(void) __dead2; >+ >+/* FORTIFY_SOURCE related fail function. */ >+void __fortify_chk_fail(const char* msg) __dead2 __nonnull(1); >+int __fortify_chk_overlap(const void *a, const void *b, size_t len); >+ >+__END_DECLS >+ >+#endif /* !_SECURE_SECURITY_ */ >Index: include/stdio.h >=================================================================== >--- include/stdio.h (revision 286760) >+++ include/stdio.h (working copy) >@@ -521,4 +521,9 @@ > #endif /* __cplusplus */ > > __END_DECLS >+ >+#if defined(__BSD_FORTIFY) >+#include <secure/_stdio.h> >+#endif >+ > #endif /* !_STDIO_H_ */ >Index: include/string.h >=================================================================== >--- include/string.h (revision 286760) >+++ include/string.h (working copy) >@@ -141,4 +141,8 @@ > #endif > __END_DECLS > >+#if defined(__BSD_FORTIFY) >+#include <secure/_string.h> >+#endif >+ > #endif /* _STRING_H_ */ >Index: include/strings.h >=================================================================== >--- include/strings.h (revision 286760) >+++ include/strings.h (working copy) >@@ -68,4 +68,8 @@ > #endif > __END_DECLS > >+#if defined(__BSD_FORTIFY) >+#include <secure/_strings.h> >+#endif >+ > #endif /* _STRINGS_H_ */ >Index: include/unistd.h >=================================================================== >--- include/unistd.h (revision 286760) >+++ include/unistd.h (working copy) >@@ -589,4 +589,8 @@ > #endif /* __BSD_VISIBLE */ > __END_DECLS > >+#if defined(__BSD_FORTIFY) >+#include <secure/_unistd.h> >+#endif >+ > #endif /* !_UNISTD_H_ */ >Index: lib/libc/gen/getcwd.c >=================================================================== >--- lib/libc/gen/getcwd.c (revision 286760) >+++ lib/libc/gen/getcwd.c (working copy) >@@ -30,6 +30,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)getcwd.c 8.5 (Berkeley) 2/7/95"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/secure/Makefile.inc >=================================================================== >--- lib/libc/secure/Makefile.inc (revision 286760) >+++ lib/libc/secure/Makefile.inc (working copy) >@@ -1,12 +1,52 @@ >-# $FreeBSD$ >-# >-# libc sources related to security >- >+# secure sources > .PATH: ${LIBC_SRCTOP}/secure > > # Sources common to both syscall interfaces: > SRCS+= \ >+ fortify_source.c \ >+ secure_common.c \ > stack_protector.c \ > stack_protector_compat.c > >+# Sources which contains FORTIFY_SOURCE functions: >+SRCS+= \ >+ __fgets_chk.c \ >+ __fread_chk.c \ >+ __fwrite_chk.c \ >+ __getcwd_chk.c \ >+ __memccpy_chk.c \ >+ __memchr_chk.c \ >+ __memcpy_chk.c \ >+ __memmove_chk.c \ >+ __memrchr_chk.c \ >+ __memset_chk.c \ >+ __pread_chk.c \ >+ __read_chk.c \ >+ __readlink_chk.c \ >+ __readlinkat_chk.c \ >+ __stpcpy_chk.c \ >+ __stpncpy_chk.c \ >+ __strcat_chk.c \ >+ __strchr_chk.c \ >+ __strchrnul_chk.c \ >+ __strcpy_chk.c \ >+ __strlcat_chk.c \ >+ __strlcpy_chk.c \ >+ __strlen_chk.c \ >+ __strncat_chk.c \ >+ __strncpy_chk.c \ >+ __strrchr_chk.c \ >+ __vsnprintf_chk.c \ >+ __vsprintf_chk.c >+ >+# Sources which contains FORTIFY_SOURCE functions, >+# but live in .h files under sys/sys >+SRCS+= \ >+ __poll_chk.c \ >+ __recvfrom_chk.c \ >+ __umask_chk.c >+ > SYM_MAPS+= ${LIBC_SRCTOP}/secure/Symbol.map >+ >+MAN+= __builtin_object_size.3 >+ >Index: lib/libc/secure/Symbol.map >=================================================================== >--- lib/libc/secure/Symbol.map (revision 286760) >+++ lib/libc/secure/Symbol.map (working copy) >@@ -12,3 +12,57 @@ > __stack_chk_fail; > __stack_chk_guard; > }; >+ >+FBSD_1.1 { >+}; >+ >+FBSD_1.2 { >+}; >+ >+FBSD_1.3 { >+}; >+ >+FBSD_1.4 { >+ __fgets_chk; >+ __fortify_chk_fail; >+ __fread_chk; >+ __fwrite_chk; >+ __getcwd_chk; >+ __memccpy_chk; >+ __memchr_chk; >+ __memcpy_chk; >+ __memmove_chk; >+ __memrchr_chk; >+ __memset_chk; >+ __poll_chk; >+ __ppoll_chk; >+ __pread_chk; >+ __read_chk; >+ __readlink_chk; >+ __readlinkat_chk; >+ __recvfrom_chk; >+ __rindex_chk; >+ __snprintf_chk; >+ __sprintf_chk; >+ __stpcpy_chk; >+ __stpncpy_chk; >+ __stpncpy_chk2; >+ __strcat_chk; >+ __strchr_chk; >+ __strchrnul_chk; >+ __strcpy_chk; >+ __strlcat_chk; >+ __strlcpy_chk; >+ __strlen_chk; >+ __strncat_chk; >+ __strncpy_chk; >+ __strncpy_chk2; >+ __strrchr_chk; >+ __umask_chk; >+ __vsnprintf_chk; >+ __vsprintf_chk; >+ __secure_fail; >+}; >+ >+FBSDprivate_1.0 { >+}; >Index: lib/libc/secure/__builtin_object_size.3 >=================================================================== >--- lib/libc/secure/__builtin_object_size.3 (revision 0) >+++ lib/libc/secure/__builtin_object_size.3 (working copy) >@@ -0,0 +1,101 @@ >+.\" $NetBSD: __builtin_object_size.3,v 1.10 2012/07/19 06:44:12 wiz Exp $ >+.\" >+.\" Copyright (c) 2007 The NetBSD Foundation, Inc. >+.\" All rights reserved. >+.\" >+.\" This code is derived from software contributed to The NetBSD Foundation >+.\" by Christos Zoulas. >+.\" >+.\" Redistribution and use in source and binary forms, with or without >+.\" modification, are permitted provided that the following conditions >+.\" are met: >+.\" 1. Redistributions of source code must retain the above copyright >+.\" notice, this list of conditions and the following disclaimer. >+.\" 2. Redistributions in binary form must reproduce the above copyright >+.\" notice, this list of conditions and the following disclaimer in the >+.\" documentation and/or other materials provided with the distribution. >+.\" >+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS >+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED >+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS >+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE >+.\" POSSIBILITY OF SUCH DAMAGE. >+.\" >+.\" >+.Dd July 18, 2012 >+.Dt __BUILTIN_OBJECT_SIZE 3 >+.Os >+.Sh NAME >+.Nm __builtin_object_size >+.Nd return the size of the given object >+.Sh SYNOPSIS >+.Ft size_t >+.Fn __builtin_object_size "void *ptr" "int type" >+.Sh DESCRIPTION >+The >+.Fn __builtin_object_size >+function is a >+.Xr gcc 1 >+built-in function that returns the size of the >+.Fa ptr >+object if known at compile time and the object does not have any side >+effects. >+.Sh RETURN VALUES >+If the size of the object is not known or it has side effects the >+.Fn __builtin_object_size >+function returns: >+.Bl -tag -width (size_t)\-1 -offset indent >+.It Dv (size_t)\-1 >+for >+.Fa type >+.Dv 0 >+and >+.Dv 1 . >+.It Dv (size_t)0 >+for >+.Fa type >+.Dv 2 >+and >+.Dv 3 . >+.El >+.Pp >+If the size of the object is known, then the >+.Fn __builtin_object_size >+function returns the maximum size of all the objects that the compiler >+knows that they can be pointed to by >+.Fa ptr >+when >+.Fa type >+.Dv \*[Am] 2 == 0 , >+and the minimum size when >+.Fa type >+.Dv \*[Am] 2 != 0 . >+.Sh SEE ALSO >+.Xr gcc 1 , >+.Xr __builtin_return_address 3 , >+.Xr attribute 3 , >+.Xr ssp 3 >+.Sh HISTORY >+The >+.Fn __builtin_object_size >+appeared in >+.Tn GCC 4.1 . >+.Sh CAVEATS >+This is a non-standard, compiler-specific extension. >+.Pp >+Note that currently the object size calculation pass is only done at -O1 >+or above, meaning that this function always returns \-1 when the optimizer >+is off. >+.Pp >+There are some discussions about always doing the object size pass, but >+the issue is that without the optimization pass data sizes are not going >+to be correct. >+.Pp >+For that reason currently code fortification (size-checked replacement >+functions) is disabled when optimization is off. >Index: lib/libc/secure/__fgets_chk.c >=================================================================== >--- lib/libc/secure/__fgets_chk.c (revision 0) >+++ lib/libc/secure/__fgets_chk.c (working copy) >@@ -0,0 +1,56 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 >+ * >+ * $FreeBSD$ >+ */ >+ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <stdio.h> >+#include <stdlib.h> >+#include "secure/_stdio.h" >+ >+char * >+__fgets_chk(char *buf, int n, FILE *stream, size_t bos) >+{ >+ >+ if (bos == __FORTIFY_UNKNOWN_SIZE) >+ return (fgets(buf, n, stream)); >+ >+ if (n < 0) >+ __fortify_chk_fail("fgets: buffer size < 0"); >+ >+ if (((size_t)n) > bos) >+ __fortify_chk_fail("fgets: prevented write past end of buffer"); >+ >+ return (fgets(buf, n, stream)); >+} >Index: lib/libc/secure/__fread_chk.c >=================================================================== >--- lib/libc/secure/__fread_chk.c (revision 0) >+++ lib/libc/secure/__fread_chk.c (working copy) >@@ -0,0 +1,56 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: fed2659869ec41a93f655be8058568ddab419e01 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <stdio.h> >+#include "secure/_stdio.h" >+ >+size_t >+__fread_chk(void *__restrict ptr, size_t size, size_t nmemb, FILE * __restrict stream, size_t bos) >+{ >+ size_t total; >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (fread(ptr, size, nmemb, stream)); >+ >+ if (__predict_false(__size_mul_overflow(size, nmemb, &total))) { >+ //overflow: trigger the error path in fread >+ return (fread(ptr, size, nmemb, stream)); >+ } >+ if (__predict_false(total > bos)) >+ __fortify_chk_fail("fread: prevented write past end of buffer"); >+ >+ return (fread(ptr, size, nmemb, stream)); >+} >Index: lib/libc/secure/__fwrite_chk.c >=================================================================== >--- lib/libc/secure/__fwrite_chk.c (revision 0) >+++ lib/libc/secure/__fwrite_chk.c (working copy) >@@ -0,0 +1,56 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: fed2659869ec41a93f655be8058568ddab419e01 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <stdio.h> >+#include "secure/_stdio.h" >+ >+size_t >+__fwrite_chk(const void * __restrict ptr, size_t size, size_t nmemb, FILE * __restrict stream, size_t bos) >+{ >+ size_t total; >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (fwrite(ptr, size, nmemb, stream)); >+ >+ if (__predict_false(__size_mul_overflow(size, nmemb, &total))) { >+ // overflow: trigger the error path in fwrite >+ return (fwrite(ptr, size, nmemb, stream)); >+ } >+ >+ if (__predict_false(total > bos)) >+ __fortify_chk_fail("fwrite: prevented read past end of buffer"); >+ >+ return (fwrite(ptr, size, nmemb, stream)); >+} >Index: lib/libc/secure/__getcwd_chk.c >=================================================================== >--- lib/libc/secure/__getcwd_chk.c (revision 0) >+++ lib/libc/secure/__getcwd_chk.c (working copy) >@@ -0,0 +1,51 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 7e919daeaad62515ebbbf7b06badc77625a14d90 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <unistd.h> >+#include "secure/_unistd.h" >+ >+char * >+__getcwd_chk(char* buf, size_t size, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (getcwd(buf, size)); >+ >+ if (__predict_false(size > bos)) >+ __fortify_chk_fail("getcwd: prevented write past end of buffer"); >+ >+ return (getcwd(buf, size)); >+} >Index: lib/libc/secure/__memccpy_chk.c >=================================================================== >--- lib/libc/secure/__memccpy_chk.c (revision 0) >+++ lib/libc/secure/__memccpy_chk.c (working copy) >@@ -0,0 +1,66 @@ >+/*- >+ * Copyright (C) 2015 Oliver Pinter >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+void * >+__memccpy_chk(void *dest, const void *src, int c, size_t n, size_t bos) >+{ >+ void *ret; >+ size_t len; >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (memccpy(dest, src, c, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("memccpy: prevented write past end of buffer"); >+ >+ /* >+ * If n was copied, then return NULL, otherwise >+ * a pointer to the byte after the copy of c in the string >+ * dest is returned. >+ * >+ * See the memccpy(3) manpage for more details. >+ */ >+ ret = memccpy(dest, src, c, n); >+ if (ret != NULL) >+ len = ret - dest; >+ >+ if (__predict_false(__fortify_chk_overlap(dest, src, len))) >+ __fortify_chk_fail("memccpy: prevented overlapping strings"); >+ >+ return (ret); >+} >Index: lib/libc/secure/__memchr_chk.c >=================================================================== >--- lib/libc/secure/__memchr_chk.c (revision 0) >+++ lib/libc/secure/__memchr_chk.c (working copy) >@@ -0,0 +1,52 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include "secure/_string.h" >+ >+void * >+__memchr_chk(const void *s, int c, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (memchr(s, c, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail( >+ "memchr: prevented read past end of buffer"); >+ >+ return (memchr(s, c, n)); >+} >Index: lib/libc/secure/__memcpy_chk.c >=================================================================== >--- lib/libc/secure/__memcpy_chk.c (revision 0) >+++ lib/libc/secure/__memcpy_chk.c (working copy) >@@ -0,0 +1,57 @@ >+/*- >+ * Copyright (C) 2015 Oliver Pinter >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+void * >+__memcpy_chk(void *d, const void *s, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (memcpy(d, s, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("memcpy: prevented write past end of buffer"); >+ >+ /* See the memcpy(3) for more details. */ >+ if (__predict_false(__fortify_chk_overlap(d, s, n))) >+ __fortify_chk_fail("memcpy: prevented overlaping strings"); >+ >+ return (memcpy(d, s, n)); >+} >Index: lib/libc/secure/__memmove_chk.c >=================================================================== >--- lib/libc/secure/__memmove_chk.c (revision 0) >+++ lib/libc/secure/__memmove_chk.c (working copy) >@@ -0,0 +1,56 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+void * >+__memmove_chk(void *d, const void *s, size_t n, size_t bos) >+{ >+ >+ /* >+ * Compiler doesn 't know dination size. >+ * Fallback to the original function. >+ */ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (memmove(d, s, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("memmove: prevented write past end of buffer"); >+ >+ return (memmove(d, s, n)); >+} >Index: lib/libc/secure/__memrchr_chk.c >=================================================================== >--- lib/libc/secure/__memrchr_chk.c (revision 0) >+++ lib/libc/secure/__memrchr_chk.c (working copy) >@@ -0,0 +1,51 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include "secure/_string.h" >+ >+void * >+__memrchr_chk(const void *s, int c, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (memrchr(s, c, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("memrchr: prevented read past end of buffer"); >+ >+ return (memrchr(s, c, n)); >+} >Index: lib/libc/secure/__memset_chk.c >=================================================================== >--- lib/libc/secure/__memset_chk.c (revision 0) >+++ lib/libc/secure/__memset_chk.c (working copy) >@@ -0,0 +1,52 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+void * >+__memset_chk(void *d, int c, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return memset(d, c, n); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("memset: prevented write past end of buffer"); >+ >+ return memset(d, c, n); >+} >Index: lib/libc/secure/__poll_chk.c >=================================================================== >--- lib/libc/secure/__poll_chk.c (revision 0) >+++ lib/libc/secure/__poll_chk.c (working copy) >@@ -0,0 +1,64 @@ >+/* >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <sys/poll.h> >+#include "secure/_poll.h" >+ >+int >+__poll_chk(struct pollfd *fds, nfds_t fd_count, int timeout, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (poll(fds, fd_count, timeout)); >+ >+ if (__predict_false(bos / sizeof(*fds) < fd_count)) >+ __fortify_chk_fail("poll: pollfd array smaller than fd count"); >+ >+ return (poll(fds, fd_count, timeout)); >+} >+ >+int >+__ppoll_chk(struct pollfd *fds, nfds_t fd_count, const struct timespec *timeout, const sigset_t *mask, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (ppoll(fds, fd_count, timeout, mask)); >+ >+ if (__predict_false(bos / sizeof(*fds) < fd_count)) >+ __fortify_chk_fail("ppoll: pollfd array smaller than fd count"); >+ >+ return (ppoll(fds, fd_count, timeout, mask)); >+} >Index: lib/libc/secure/__pread_chk.c >=================================================================== >--- lib/libc/secure/__pread_chk.c (revision 0) >+++ lib/libc/secure/__pread_chk.c (working copy) >@@ -0,0 +1,55 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <sys/limits.h> >+#include <secure/security.h> >+#include <unistd.h> >+#include "secure/_unistd.h" >+ >+ssize_t >+__pread_chk(int fd, void *buf, size_t count, off_t offset, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (pread(fd, buf, count, offset)); >+ >+ if (__predict_false(count > bos)) >+ __fortify_chk_fail("pread: prevented write past end of buffer"); >+ >+ if (__predict_false(count > SSIZE_MAX)) >+ __fortify_chk_fail("pread: count > SSIZE_MAX"); >+ >+ return (pread(fd, buf, count, offset)); >+} >Index: lib/libc/secure/__read_chk.c >=================================================================== >--- lib/libc/secure/__read_chk.c (revision 0) >+++ lib/libc/secure/__read_chk.c (working copy) >@@ -0,0 +1,55 @@ >+/*- >+ * Copyright (C) 2013 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * rev: a8993c994e45ec2dc00dcef15910560e22d67be9 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <sys/limits.h> >+#include <secure/security.h> >+#include <unistd.h> >+#include "secure/_unistd.h" >+ >+ssize_t >+__read_chk(int fd, void *buf, size_t count, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (read(fd, buf, count)); >+ >+ if (__predict_false(count > bos)) >+ __fortify_chk_fail("read: prevented write past end of buffer"); >+ >+ if (__predict_false(count > SSIZE_MAX)) >+ __fortify_chk_fail("read: count > SSIZE_MAX"); >+ >+ return (read(fd, buf, count)); >+} >Index: lib/libc/secure/__readlink_chk.c >=================================================================== >--- lib/libc/secure/__readlink_chk.c (revision 0) >+++ lib/libc/secure/__readlink_chk.c (working copy) >@@ -0,0 +1,55 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <sys/limits.h> >+#include <secure/security.h> >+#include <unistd.h> >+#include "secure/_unistd.h" >+ >+ssize_t >+__readlink_chk(const char *path, char *buf, size_t size, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (readlink(path, buf, size)); >+ >+ if (__predict_false(size > bos)) >+ __fortify_chk_fail("readlink: prevented write past end of buffer"); >+ >+ if (__predict_false(size > SSIZE_MAX)) >+ __fortify_chk_fail("readlink: size > SSIZE_MAX"); >+ >+ return (readlink(path, buf, size)); >+} >Index: lib/libc/secure/__readlinkat_chk.c >=================================================================== >--- lib/libc/secure/__readlinkat_chk.c (revision 0) >+++ lib/libc/secure/__readlinkat_chk.c (working copy) >@@ -0,0 +1,55 @@ >+/*- >+ * Copyright (C) 2015 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <sys/limits.h> >+#include <secure/security.h> >+#include <unistd.h> >+#include "secure/_unistd.h" >+ >+ssize_t >+__readlinkat_chk(int dirfd, const char *path, char *buf, size_t size, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (readlinkat(dirfd, path, buf, size)); >+ >+ if (__predict_false(size > bos)) >+ __fortify_chk_fail("readlinkat: prevented write past end of buffer"); >+ >+ if (__predict_false(size > SSIZE_MAX)) >+ __fortify_chk_fail("readlinkat: size > SSIZE_MAX"); >+ >+ return (readlinkat(dirfd, path, buf, size)); >+} >Index: lib/libc/secure/__recvfrom_chk.c >=================================================================== >--- lib/libc/secure/__recvfrom_chk.c (revision 0) >+++ lib/libc/secure/__recvfrom_chk.c (working copy) >@@ -0,0 +1,53 @@ >+/*- >+ * Copyright (C) 2013 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <sys/socket.h> >+#include <secure/security.h> >+#include "secure/_socket.h" >+ >+ssize_t >+__recvfrom_chk(int s, void *buf, size_t len, size_t bos, >+ int flags, struct sockaddr * __restrict from, >+ socklen_t * __restrict fromlen) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (recvfrom(s, buf, len, flags, from, fromlen)); >+ >+ if (__predict_false(len > bos)) >+ __fortify_chk_fail("recvfrom: prevented write past end of buffer"); >+ >+ return (recvfrom(s, buf, len, flags, from, fromlen)); >+} >Index: lib/libc/secure/__stpcpy_chk.c >=================================================================== >--- lib/libc/secure/__stpcpy_chk.c (revision 0) >+++ lib/libc/secure/__stpcpy_chk.c (working copy) >@@ -0,0 +1,59 @@ >+/*- >+ * Copyright (C) 2014 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+char * >+__stpcpy_chk(char *dest, const char *src, size_t bos) >+{ >+ /* TODO:optimize so we don't scan src twice. */ >+ size_t src_len; >+ >+ /* >+ * Compiler doesn 't know destination size. >+ * Fallback to the original function. >+ */ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (stpcpy(dest, src)); >+ >+ src_len = strlen(src) + 1; >+ if (__predict_false(src_len > bos)) >+ __fortify_chk_fail("stpcpy: prevented write past end of buffer"); >+ >+ return (stpcpy(dest, src)); >+} >Index: lib/libc/secure/__stpncpy_chk.c >=================================================================== >--- lib/libc/secure/__stpncpy_chk.c (revision 0) >+++ lib/libc/secure/__stpncpy_chk.c (working copy) >@@ -0,0 +1,98 @@ >+/*- >+ * Copyright (C) 2014 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+char * >+__stpncpy_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (stpncpy(d, s, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("stpncpy: prevented write past end of buffer"); >+ >+ return stpncpy(d, s, n); >+} >+ >+/* >+ * __stpncpy_chk2 >+ * >+ * This is a variant of __stpncpy_chk, but it also checks to make >+ * sure we don't read beyond the end of "s". The code for this is >+ * based on the original version of stpncpy, but modified to check >+ * how much we read from "s" at the end of the copy operation. >+ */ >+char * >+__stpncpy_chk2(char *__restrict d, const char *__restrict s, size_t n, size_t d_bos, size_t s_bos) >+{ >+ char *_d; >+ const char *_s = s; >+ size_t s_copy_len ; >+ >+ if (__predict_false(d_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (stpncpy(d, s, n)); >+ >+ if (__predict_false(s_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__stpncpy_chk(d, s, n, d_bos)); >+ >+ if (__predict_false(n > d_bos)) >+ __fortify_chk_fail("stpncpy: prevented write past end of buffer"); >+ >+ if (n != 0) { >+ _d = d; >+ >+ do { >+ if ((*_d++ = *_s++) == 0) { >+ /* NUL pad the remaining n-1 bytes */ >+ while (--n != 0) >+ *_d++ = 0; >+ break; >+ } >+ } while (--n != 0); >+ >+ s_copy_len = (size_t)(_s - s); >+ >+ if (__predict_false(s_copy_len > s_bos)) >+ __fortify_chk_fail("stpncpy: prevented read past end of buffer"); >+ } >+ >+ return (d); >+} >Index: lib/libc/secure/__strcat_chk.c >=================================================================== >--- lib/libc/secure/__strcat_chk.c (revision 0) >+++ lib/libc/secure/__strcat_chk.c (working copy) >@@ -0,0 +1,66 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+char * >+__strcat_chk(char *__restrict d, const char *__restrict s, size_t bos) >+{ >+ char *save = d; >+ size_t d_len; >+ >+ /* >+ * Compiler doesn 't know destination size. >+ * Fallback to the original function. >+ */ >+ if (bos == __FORTIFY_UNKNOWN_SIZE) >+ return (strcat(d, s)); >+ >+ d_len = __strlen_chk(d, bos); >+ >+ d += d_len; >+ bos -= d_len; >+ >+ while ((*d++ = *s++) != '\0') { >+ bos--; >+ if (__predict_false(bos == 0)) >+ __fortify_chk_fail("strcat: prevented write past end of buffer"); >+ } >+ >+ return (save); >+} >Index: lib/libc/secure/__strchr_chk.c >=================================================================== >--- lib/libc/secure/__strchr_chk.c (revision 0) >+++ lib/libc/secure/__strchr_chk.c (working copy) >@@ -0,0 +1,56 @@ >+/*- >+ * Copyright (c) 1990 The Regents of the University of California. >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * 3. Neither the name of the University nor the names of its contributors >+ * may be used to endorse or promote products derived from this software >+ * without specific prior written permission. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND >+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE >+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE >+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL >+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS >+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT >+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY >+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include "secure/_string.h" >+ >+char * >+__strchr_chk(const char *p, int ch, size_t bos) >+{ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strchr(p, ch)); >+ >+ for (;; ++p, bos--) { >+ if (__predict_false(bos == 0)) >+ __fortify_chk_fail("strchr: prevented read past end of buffer"); >+ if (*p == (char)(ch)) >+ return ((char *)(p)); >+ if (*p == '\0') >+ return (NULL); >+ } >+ /* NOTREACHED */ >+} >Index: lib/libc/secure/__strchrnul_chk.c >=================================================================== >--- lib/libc/secure/__strchrnul_chk.c (revision 0) >+++ lib/libc/secure/__strchrnul_chk.c (working copy) >@@ -0,0 +1,59 @@ >+/*- >+ * Copyright (c) 2015 Pinter Oliver >+ * Copyright (c) 1990 The Regents of the University of California. >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * 3. Neither the name of the University nor the names of its contributors >+ * may be used to endorse or promote products derived from this software >+ * without specific prior written permission. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND >+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE >+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE >+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL >+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS >+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT >+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY >+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include "secure/_string.h" >+ >+char * >+__strchrnul_chk(const char *p, int ch, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strchrnul(p, ch)); >+ >+ for (;; ++p, bos--) { >+ if (__predict_false(bos == 0)) >+ __fortify_chk_fail( >+ "strchrnul: prevented read past end of buffer"); >+ if (*p == (char)(ch)) >+ return ((char *)(p)); >+ if (*p == '\0') >+ return ((char *)(p)); >+ } >+ /* NOTREACHED */ >+} >Index: lib/libc/secure/__strcpy_chk.c >=================================================================== >--- lib/libc/secure/__strcpy_chk.c (revision 0) >+++ lib/libc/secure/__strcpy_chk.c (working copy) >@@ -0,0 +1,59 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+char * >+__strcpy_chk(char *d, const char *s, size_t bos) >+{ >+ /* TODO: optimize so we don't scan s twice. */ >+ size_t s_len; >+ >+ /* >+ * Compiler doesn 't know destination size. >+ * Fallback to the original function. >+ */ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strcpy(d, s)); >+ >+ s_len = strlen(s) + 1; >+ if (__predict_false(s_len > bos)) >+ __fortify_chk_fail("strcpy: prevented write past end of buffer"); >+ >+ return (strcpy(d, s)); >+} >Index: lib/libc/secure/__strlcat_chk.c >=================================================================== >--- lib/libc/secure/__strlcat_chk.c (revision 0) >+++ lib/libc/secure/__strlcat_chk.c (working copy) >@@ -0,0 +1,52 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+size_t >+__strlcat_chk(char *d, const char *s, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strlcat(d, s, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("strlcat: prevented write past end of buffer"); >+ >+ return (strlcat(d, s, n)); >+} >Index: lib/libc/secure/__strlcpy_chk.c >=================================================================== >--- lib/libc/secure/__strlcpy_chk.c (revision 0) >+++ lib/libc/secure/__strlcpy_chk.c (working copy) >@@ -0,0 +1,52 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+size_t >+__strlcpy_chk(char *d, const char *s, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strlcpy(d, s, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail("strlcpy: prevented write past end of buffer"); >+ >+ return (strlcpy(d, s, n)); >+} >Index: lib/libc/secure/__strlen_chk.c >=================================================================== >--- lib/libc/secure/__strlen_chk.c (revision 0) >+++ lib/libc/secure/__strlen_chk.c (working copy) >@@ -0,0 +1,67 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+/* >+ * This test is designed to detect code such as: >+ * >+ * int main() { >+ * char buf[10]; >+ * memcpy(buf, "1234567890", sizeof(buf)); >+ * size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE >+ * printf("%d\n", len); >+ * return 0; >+ * } >+ * >+ * or anytime strlen reads beyond an object boundary. >+ */ >+size_t >+__strlen_chk(const char *s, size_t bos) >+{ >+ size_t ret; >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strlen(s)); >+ >+ ret = strlen(s); >+ if (__predict_false(ret >= bos)) >+ __fortify_chk_fail("strlen: prevented read past end of buffer"); >+ >+ return (ret); >+} >Index: lib/libc/secure/__strncat_chk.c >=================================================================== >--- lib/libc/secure/__strncat_chk.c (revision 0) >+++ lib/libc/secure/__strncat_chk.c (working copy) >@@ -0,0 +1,70 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+char * >+__strncat_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) >+{ >+ size_t d_len; >+ char *_d; >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strncat(d, s, n)); >+ >+ if (n == 0) >+ return (d); >+ >+ d_len = __strlen_chk(d, bos); >+ _d = d + d_len; >+ bos -= d_len; >+ >+ while (*s != '\0') { >+ *_d++ = *s++; >+ n--; >+ bos--; >+ >+ if (__predict_false(bos == 0)) >+ __fortify_chk_fail("strncat: prevented write past end of buffer"); >+ if (n == 0) >+ break; >+ } >+ *_d = '\0'; >+ >+ return (d); >+} >Index: lib/libc/secure/__strncpy_chk.c >=================================================================== >--- lib/libc/secure/__strncpy_chk.c (revision 0) >+++ lib/libc/secure/__strncpy_chk.c (working copy) >@@ -0,0 +1,97 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include <stdlib.h> >+#include "secure/_string.h" >+ >+char * >+__strncpy_chk(char *__restrict d, const char *__restrict s, size_t n, size_t bos) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strncpy(d, s, n)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail( >+ "strncpy: prevented write past end of buffer"); >+ >+ return (strncpy(d, s, n)); >+} >+ >+/* >+ * __strncpy_chk2 >+ * >+ * This is a variant of __strncpy_chk, but it also checks to make >+ * sure we don't read beyond the end of "src". The code for this is >+ * based on the original version of strncpy, but modified to check >+ * how much we read from "src" at the end of the copy operation. >+ */ >+char * >+__strncpy_chk2(char *__restrict d, const char *__restrict s, size_t n, size_t d_bos, size_t s_bos) >+{ >+ size_t s_copy_len; >+ >+ if (__predict_false(d_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strncpy(d, s, n)); >+ >+ if (__predict_false(s_bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (__strncpy_chk(d, s, n, d_bos)); >+ >+ if (__predict_false(n > d_bos)) >+ __fortify_chk_fail("strncpy: prevented write past end of buffer"); >+ >+ if (n != 0) { >+ char *_d = d; >+ const char *_s = s; >+ >+ do { >+ if ((*_d++ = *_s++) == 0) { >+ /* NUL pad the remaining n-1 bytes */ >+ while (--n != 0) >+ *_d++ = 0; >+ break; >+ } >+ } while (--n != 0); >+ >+ s_copy_len = (size_t)(_s - s); >+ >+ if (__predict_false(s_copy_len > s_bos)) >+ __fortify_chk_fail("strncpy: prevented read past end of buffer"); >+ } >+ >+ return (d); >+} >Index: lib/libc/secure/__strrchr_chk.c >=================================================================== >--- lib/libc/secure/__strrchr_chk.c (revision 0) >+++ lib/libc/secure/__strrchr_chk.c (working copy) >@@ -0,0 +1,62 @@ >+/*- >+ * Copyright (c) 1988 Regents of the University of California. >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * 3. Neither the name of the University nor the names of its contributors >+ * may be used to endorse or promote products derived from this software >+ * without specific prior written permission. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND >+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE >+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE >+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL >+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS >+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT >+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY >+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <string.h> >+#include "secure/_string.h" >+ >+char * >+__strrchr_chk(const char *p, int ch, size_t bos) >+{ >+ char *save; >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (strrchr(p, ch)); >+ >+ for (save = NULL;; ++p, bos--) { >+ if (bos == 0) >+ __fortify_chk_fail( >+ "strrchr: prevented read past end of buffer"); >+ if (*p == (char)ch) >+ save = (char *)p; >+ if (!*p) >+ return (save); >+ } >+ /* NOTREACHED */ >+} >+ >+__weak_reference(__strrchr_chk, __rindex_chk); >+ >Index: lib/libc/secure/__umask_chk.c >=================================================================== >--- lib/libc/secure/__umask_chk.c (revision 0) >+++ lib/libc/secure/__umask_chk.c (working copy) >@@ -0,0 +1,53 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <sys/types.h> >+#include <sys/stat.h> >+#include <stdlib.h> >+#include "secure/_stat.h" >+ >+/* >+ * Validate that umask is called with sane mode. >+ */ >+mode_t >+__umask_chk(mode_t mode) >+{ >+ >+ if (__predict_false((mode & 0777) != mode)) >+ __fortify_chk_fail("umask: called with invalid mask"); >+ >+ return (umask(mode)); >+} >Index: lib/libc/secure/__vsnprintf_chk.c >=================================================================== >--- lib/libc/secure/__vsnprintf_chk.c (revision 0) >+++ lib/libc/secure/__vsnprintf_chk.c (working copy) >@@ -0,0 +1,76 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <stdio.h> >+#include <stdlib.h> >+#include <stdarg.h> >+#include "secure/_stdio.h" >+ >+int >+__vsnprintf_chk(char *d, size_t n, int flags, size_t bos, const char *fmt, va_list va) >+{ >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (vsnprintf(d, n, fmt, va)); >+ >+ if (__predict_false(n > bos)) >+ __fortify_chk_fail( >+ "vsnprintf: prevented write past end of buffer"); >+ >+ return (vsnprintf(d, n, fmt, va)); >+} >+ >+ >+int >+__snprintf_chk(char *d, size_t n, int flags, size_t bos, const char *fmt, ...) >+{ >+ va_list va; >+ int result; >+ >+ if (bos == __FORTIFY_UNKNOWN_SIZE) { >+ va_start(va, fmt); >+ result = vsnprintf(d, n, fmt, va); >+ va_end(va); >+ >+ return (result); >+ } >+ >+ va_start(va, fmt); >+ result = __vsnprintf_chk(d, n, flags, bos, fmt, va); >+ va_end(va); >+ >+ return (result); >+} >Index: lib/libc/secure/__vsprintf_chk.c >=================================================================== >--- lib/libc/secure/__vsprintf_chk.c (revision 0) >+++ lib/libc/secure/__vsprintf_chk.c (working copy) >@@ -0,0 +1,78 @@ >+/*- >+ * Copyright (C) 2012 The Android Open Source Project >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * * Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * * Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in >+ * the documentation and/or other materials provided with the >+ * distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS >+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT >+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS >+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE >+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, >+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS >+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED >+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, >+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT >+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * bionic rev: d807b9a12d3e49132b095df3d883618452033b51 >+ * >+ * $FreeBSD$ >+ */ >+ >+#undef _FORTIFY_SOURCE >+ >+#include <sys/cdefs.h> >+#include <secure/security.h> >+#include <stdio.h> >+#include <stdlib.h> >+#include <stdarg.h> >+#include "secure/_stdio.h" >+ >+int >+__vsprintf_chk(char * __restrict d, int flags, size_t bos, const char * __restrict fmt, __va_list va) >+{ >+ int result; >+ >+ if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE)) >+ return (vsprintf(d, fmt, va)); >+ >+ result = vsnprintf(d, bos, fmt, va); >+ if ((size_t)result >= bos) >+ __fortify_chk_fail( >+ "vsprintf: prevented write past end of buffer"); >+ >+ return (result); >+} >+ >+ >+int >+__sprintf_chk(char * __restrict d, int flags, size_t bos, const char * __restrict fmt, ...) >+{ >+ va_list va; >+ int result; >+ >+ if (bos == __FORTIFY_UNKNOWN_SIZE) { >+ va_start(va, fmt); >+ result = vsprintf(d, fmt, va); >+ va_end(va); >+ >+ return (result); >+ } >+ >+ va_start(va, fmt); >+ result = __vsprintf_chk(d, flags, bos, fmt, va); >+ va_end(va); >+ >+ return (result); >+} >Index: lib/libc/secure/fortify_source.c >=================================================================== >--- lib/libc/secure/fortify_source.c (revision 0) >+++ lib/libc/secure/fortify_source.c (working copy) >@@ -0,0 +1,47 @@ >+/*- >+ * Copyright (c) 2015 Olivér Pintér <op@FreeBSD.org> >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND >+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE >+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE >+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL >+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS >+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT >+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY >+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF >+ * SUCH DAMAGE. >+ * >+ * $FreeBSD$ >+ */ >+ >+#include <sys/cdefs.h> >+#include <sys/param.h> >+#include <sys/sysctl.h> >+#include <sys/types.h> >+#include "secure/security.h" >+ >+void >+__fortify_chk_fail(const char* msg) >+{ >+ >+ __secure_fail(msg); >+} >+ >+int >+__fortify_chk_overlap(const void *a, const void *b, size_t len) >+{ >+ >+ return ((a <= b && b <= a + len) || (b <= a && a <= b + len)); >+} >Index: lib/libc/secure/secure_common.c >=================================================================== >--- lib/libc/secure/secure_common.c (revision 0) >+++ lib/libc/secure/secure_common.c (working copy) >@@ -0,0 +1,75 @@ >+/* $NetBSD: stack_protector.c,v 1.4 2006/11/22 17:23:25 christos Exp $ */ >+/* $OpenBSD: stack_protector.c,v 1.10 2006/03/31 05:34:44 deraadt Exp $ */ >+/* >+ * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED >+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE >+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, >+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR >+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) >+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, >+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN >+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE >+ * POSSIBILITY OF SUCH DAMAGE. >+ * >+ */ >+ >+#include <sys/cdefs.h> >+__FBSDID("$FreeBSD$"); >+ >+#include <sys/param.h> >+#include <sys/sysctl.h> >+#include <sys/types.h> >+#include <errno.h> >+#include <link.h> >+#include <signal.h> >+#include <string.h> >+#include <syslog.h> >+#include <unistd.h> >+#include "libc_private.h" >+ >+static void __fail(const char *) __dead2; >+ >+/*ARGSUSED*/ >+static void >+__fail(const char *msg) >+{ >+ struct sigaction sa; >+ sigset_t mask; >+ >+ /* Immediately block all signal handlers from running code */ >+ (void)sigfillset(&mask); >+ (void)sigdelset(&mask, SIGABRT); >+ (void)sigprocmask(SIG_BLOCK, &mask, NULL); >+ >+ /* This may fail on a chroot jail... */ >+ syslog(LOG_CRIT, "%s", msg); >+ >+ (void)memset(&sa, 0, sizeof(sa)); >+ (void)sigemptyset(&sa.sa_mask); >+ sa.sa_flags = 0; >+ sa.sa_handler = SIG_DFL; >+ (void)sigaction(SIGABRT, &sa, NULL); >+ (void)kill(getpid(), SIGABRT); >+ _exit(127); >+} >+ >+void >+__secure_fail(const char *msg) >+{ >+ >+ __fail(msg); >+} >Index: lib/libc/secure/stack_protector.c >=================================================================== >--- lib/libc/secure/stack_protector.c (revision 286760) >+++ lib/libc/secure/stack_protector.c (working copy) >@@ -33,12 +33,8 @@ > #include <sys/param.h> > #include <sys/sysctl.h> > #include <sys/types.h> >-#include <errno.h> >+#include <secure/security.h> > #include <link.h> >-#include <signal.h> >-#include <string.h> >-#include <syslog.h> >-#include <unistd.h> > #include "libc_private.h" > > extern int __sysctl(const int *name, u_int namelen, void *oldp, >@@ -46,9 +42,7 @@ > > long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0}; > static void __guard_setup(void) __attribute__((__constructor__, __used__)); >-static void __fail(const char *); >-void __stack_chk_fail(void); >-void __chk_fail(void); >+void __stack_chk_fail(void) __dead2; > > /*LINTED used*/ > static void >@@ -76,40 +70,18 @@ > } > } > >-/*ARGSUSED*/ >-static void >-__fail(const char *msg) >-{ >- struct sigaction sa; >- sigset_t mask; >- >- /* Immediately block all signal handlers from running code */ >- (void)sigfillset(&mask); >- (void)sigdelset(&mask, SIGABRT); >- (void)sigprocmask(SIG_BLOCK, &mask, NULL); >- >- /* This may fail on a chroot jail... */ >- syslog(LOG_CRIT, "%s", msg); >- >- (void)memset(&sa, 0, sizeof(sa)); >- (void)sigemptyset(&sa.sa_mask); >- sa.sa_flags = 0; >- sa.sa_handler = SIG_DFL; >- (void)sigaction(SIGABRT, &sa, NULL); >- (void)kill(getpid(), SIGABRT); >- _exit(127); >-} >- > void > __stack_chk_fail(void) > { >- __fail("stack overflow detected; terminated"); >+ >+ __secure_fail("stack overflow detected; terminated"); > } > > void > __chk_fail(void) > { >- __fail("buffer overflow detected; terminated"); >+ >+ __secure_fail("buffer overflow detected; terminated"); > } > > #ifndef PIC >Index: lib/libc/stdio/fgets.c >=================================================================== >--- lib/libc/stdio/fgets.c (revision 286760) >+++ lib/libc/stdio/fgets.c (working copy) >@@ -33,6 +33,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)fgets.c 8.2 (Berkeley) 12/22/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/stdio/fread.c >=================================================================== >--- lib/libc/stdio/fread.c (revision 286760) >+++ lib/libc/stdio/fread.c (working copy) >@@ -33,6 +33,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)fread.c 8.2 (Berkeley) 12/11/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/stdio/fwrite.c >=================================================================== >--- lib/libc/stdio/fwrite.c (revision 286760) >+++ lib/libc/stdio/fwrite.c (working copy) >@@ -33,6 +33,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)fwrite.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/stdio/gets.c >=================================================================== >--- lib/libc/stdio/gets.c (revision 286760) >+++ lib/libc/stdio/gets.c (working copy) >@@ -33,6 +33,7 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)gets.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/stdio/snprintf.c >=================================================================== >--- lib/libc/stdio/snprintf.c (revision 286760) >+++ lib/libc/stdio/snprintf.c (working copy) >@@ -38,6 +38,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)snprintf.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/stdio/sprintf.c >=================================================================== >--- lib/libc/stdio/sprintf.c (revision 286760) >+++ lib/libc/stdio/sprintf.c (working copy) >@@ -38,6 +38,7 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)sprintf.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/stdio/vsnprintf.c >=================================================================== >--- lib/libc/stdio/vsnprintf.c (revision 286760) >+++ lib/libc/stdio/vsnprintf.c (working copy) >@@ -38,6 +38,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)vsnprintf.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/bzero.c >=================================================================== >--- lib/libc/string/bzero.c (revision 286760) >+++ lib/libc/string/bzero.c (working copy) >@@ -1,3 +1,4 @@ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/memccpy.c >=================================================================== >--- lib/libc/string/memccpy.c (revision 286760) >+++ lib/libc/string/memccpy.c (working copy) >@@ -30,6 +30,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)memccpy.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/memchr.c >=================================================================== >--- lib/libc/string/memchr.c (revision 286760) >+++ lib/libc/string/memchr.c (working copy) >@@ -33,6 +33,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)memchr.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/memset.c >=================================================================== >--- lib/libc/string/memset.c (revision 286760) >+++ lib/libc/string/memset.c (working copy) >@@ -33,6 +33,7 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)memset.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/stpncpy.c >=================================================================== >--- lib/libc/string/stpncpy.c (revision 286760) >+++ lib/libc/string/stpncpy.c (working copy) >@@ -24,6 +24,7 @@ > * SUCH DAMAGE. > */ > >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/strchr.c >=================================================================== >--- lib/libc/string/strchr.c (revision 286760) >+++ lib/libc/string/strchr.c (working copy) >@@ -30,6 +30,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)index.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/strchrnul.c >=================================================================== >--- lib/libc/string/strchrnul.c (revision 286760) >+++ lib/libc/string/strchrnul.c (working copy) >@@ -25,6 +25,7 @@ > * > */ > >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/strlcat.c >=================================================================== >--- lib/libc/string/strlcat.c (revision 286760) >+++ lib/libc/string/strlcat.c (working copy) >@@ -16,6 +16,7 @@ > * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > */ > >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/strlcpy.c >=================================================================== >--- lib/libc/string/strlcpy.c (revision 286760) >+++ lib/libc/string/strlcpy.c (working copy) >@@ -16,6 +16,7 @@ > * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > */ > >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/strlen.c >=================================================================== >--- lib/libc/string/strlen.c (revision 286760) >+++ lib/libc/string/strlen.c (working copy) >@@ -24,6 +24,7 @@ > * SUCH DAMAGE. > */ > >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/string/strrchr.c >=================================================================== >--- lib/libc/string/strrchr.c (revision 286760) >+++ lib/libc/string/strrchr.c (working copy) >@@ -30,6 +30,8 @@ > #if defined(LIBC_SCCS) && !defined(lint) > static char sccsid[] = "@(#)rindex.c 8.1 (Berkeley) 6/4/93"; > #endif /* LIBC_SCCS and not lint */ >+ >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/sys/read.c >=================================================================== >--- lib/libc/sys/read.c (revision 286760) >+++ lib/libc/sys/read.c (working copy) >@@ -30,6 +30,7 @@ > * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > */ > >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libc/sys/readv.c >=================================================================== >--- lib/libc/sys/readv.c (revision 286760) >+++ lib/libc/sys/readv.c (working copy) >@@ -30,6 +30,7 @@ > * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > */ > >+#undef _FORTIFY_SOURCE > #include <sys/cdefs.h> > __FBSDID("$FreeBSD$"); > >Index: lib/libsqlite3/Makefile >=================================================================== >--- lib/libsqlite3/Makefile (revision 286760) >+++ lib/libsqlite3/Makefile (working copy) >@@ -7,6 +7,8 @@ > > SRCS= sqlite3.c > >+MK_FORTIFY= no >+ > SQLITE= ${.CURDIR}/../../contrib/sqlite3 > .PATH: ${SQLITE} > >Index: lib/libstand/Makefile >=================================================================== >--- lib/libstand/Makefile (revision 286760) >+++ lib/libstand/Makefile (working copy) >@@ -8,6 +8,7 @@ > > MK_PROFILE= no > MK_SSP= no >+MK_FORTIFY= no > > .include <src.opts.mk> > >Index: lib/libstand/stand.h >=================================================================== >--- lib/libstand/stand.h (revision 286760) >+++ lib/libstand/stand.h (working copy) >@@ -61,6 +61,12 @@ > #ifndef STAND_H > #define STAND_H > >+#undef _FORTIFY_SOURCE >+/* >+ * Yes, this second one is a big hack. >+ */ >+#undef __BSD_FORTIFY >+ > #include <sys/types.h> > #include <sys/cdefs.h> > #include <sys/stat.h> >Index: lib/libthr/Makefile >=================================================================== >--- lib/libthr/Makefile (revision 286760) >+++ lib/libthr/Makefile (working copy) >@@ -12,6 +12,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > > LIB=thr > SHLIB_MAJOR= 3 >Index: libexec/rtld-elf/Makefile >=================================================================== >--- libexec/rtld-elf/Makefile (revision 286760) >+++ libexec/rtld-elf/Makefile (working copy) >@@ -6,6 +6,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > > PROG?= ld-elf.so.1 > SRCS= rtld_start.S \ >Index: rescue/librescue/Makefile >=================================================================== >--- rescue/librescue/Makefile (revision 286760) >+++ rescue/librescue/Makefile (working copy) >@@ -4,6 +4,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > > # Certain library entries have hard-coded references to > # /bin, /sbin, etc, that require those entries to be >Index: rescue/rescue/Makefile >=================================================================== >--- rescue/rescue/Makefile (revision 286760) >+++ rescue/rescue/Makefile (working copy) >@@ -5,6 +5,7 @@ > > MAN= > MK_SSP= no >+MK_FORTIFY= no > > PROG= rescue > BINDIR?=/rescue >Index: share/mk/bsd.opts.mk >=================================================================== >--- share/mk/bsd.opts.mk (revision 286760) >+++ share/mk/bsd.opts.mk (working copy) >@@ -51,6 +51,7 @@ > __DEFAULT_YES_OPTIONS = \ > ASSERT_DEBUG \ > DOCCOMPRESS \ >+ FORTIFY \ > INCLUDES \ > INSTALLLIB \ > KERBEROS \ >Index: share/mk/bsd.sys.mk >=================================================================== >--- share/mk/bsd.sys.mk (revision 286760) >+++ share/mk/bsd.sys.mk (working copy) >@@ -153,6 +153,11 @@ > CFLAGS+= ${SSP_CFLAGS} > .endif # SSP && !ARM && !MIPS > >+.if ${MK_FORTIFY} != "no" >+FORTIFY_CFLAGS?= -D_FORTIFY_SOURCE=1 >+CFLAGS+= ${FORTIFY_CFLAGS} >+.endif # FORTIFY >+ > # Allow user-specified additional warning flags, plus compiler specific flag overrides. > # Unless we've overriden this... > .if ${MK_WARNS} != "no" >Index: sys/boot/arm/uboot/Makefile >=================================================================== >--- sys/boot/arm/uboot/Makefile (revision 286760) >+++ sys/boot/arm/uboot/Makefile (working copy) >@@ -2,6 +2,8 @@ > > .include <src.opts.mk> > >+MK_FORTIFY= no >+ > FILES= ubldr ubldr.bin > > NEWVERSWHAT= "U-Boot loader" ${MACHINE_ARCH} >Index: sys/boot/arm64/Makefile >=================================================================== >--- sys/boot/arm64/Makefile (revision 286760) >+++ sys/boot/arm64/Makefile (working copy) >@@ -1,3 +1,7 @@ > # $FreeBSD$ > >+.include <src.opts.mk> >+ >+MK_FORTIFY= no >+ > .include <bsd.subdir.mk> >Index: sys/boot/common/Makefile >=================================================================== >--- sys/boot/common/Makefile (revision 286760) >+++ sys/boot/common/Makefile (working copy) >@@ -2,6 +2,8 @@ > > .include <src.opts.mk> > >+MK_FORTIFY= no >+ > MAN+= loader.8 > .if ${MK_ZFS} != "no" > MAN+= zfsloader.8 >Index: sys/boot/efi/boot1/Makefile >=================================================================== >--- sys/boot/efi/boot1/Makefile (revision 286760) >+++ sys/boot/efi/boot1/Makefile (working copy) >@@ -8,6 +8,7 @@ > .if ${COMPILER_TYPE} != "gcc" > > MK_SSP= no >+MK_FORTIFY= no > > PROG= loader.sym > INTERNALPROG= >Index: sys/boot/efi/fdt/Makefile >=================================================================== >--- sys/boot/efi/fdt/Makefile (revision 286760) >+++ sys/boot/efi/fdt/Makefile (working copy) >@@ -2,6 +2,8 @@ > > .include <src.opts.mk> > >+MK_FORTIFY= no >+ > .PATH: ${.CURDIR}/../../common > > LIB= efi_fdt >Index: sys/boot/efi/libefi/Makefile >=================================================================== >--- sys/boot/efi/libefi/Makefile (revision 286760) >+++ sys/boot/efi/libefi/Makefile (working copy) >@@ -1,5 +1,9 @@ > # $FreeBSD$ > >+.include <src.opts.mk> >+ >+MK_FORTIFY= no >+ > LIB= efi > INTERNALLIB= > >Index: sys/boot/efi/loader/Makefile >=================================================================== >--- sys/boot/efi/loader/Makefile (revision 286760) >+++ sys/boot/efi/loader/Makefile (working copy) >@@ -8,6 +8,7 @@ > .if ${COMPILER_TYPE} != "gcc" > > MK_SSP= no >+MK_FORTIFY= no > > PROG= loader.sym > INTERNALPROG= >Index: sys/boot/fdt/Makefile >=================================================================== >--- sys/boot/fdt/Makefile (revision 286760) >+++ sys/boot/fdt/Makefile (working copy) >@@ -1,5 +1,9 @@ > # $FreeBSD$ > >+.include <src.opts.mk> >+ >+MK_FORTIFY= no >+ > .PATH: ${.CURDIR}/../../contrib/libfdt/ > > LIB= fdt >Index: sys/boot/ficl/Makefile >=================================================================== >--- sys/boot/ficl/Makefile (revision 286760) >+++ sys/boot/ficl/Makefile (working copy) >@@ -1,6 +1,10 @@ > # $FreeBSD$ > # > >+.include <bsd.opts.mk> >+ >+MK_FORTIFY= no >+ > FICLDIR?= ${.CURDIR} > > .if defined(FICL32) >Index: sys/boot/i386/libi386/Makefile >=================================================================== >--- sys/boot/i386/libi386/Makefile (revision 286760) >+++ sys/boot/i386/libi386/Makefile (working copy) >@@ -1,5 +1,10 @@ > # $FreeBSD$ > # >+ >+.include <bsd.opts.mk> >+ >+MK_FORTIFY= no >+ > LIB= i386 > INTERNALLIB= > >Index: sys/boot/i386/loader/Makefile >=================================================================== >--- sys/boot/i386/loader/Makefile (revision 286760) >+++ sys/boot/i386/loader/Makefile (working copy) >@@ -2,6 +2,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > > LOADER?= loader > PROG= ${LOADER}.sym >Index: sys/boot/libstand32/Makefile >=================================================================== >--- sys/boot/libstand32/Makefile (revision 286760) >+++ sys/boot/libstand32/Makefile (working copy) >@@ -10,6 +10,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > > LIBSTAND_SRC= ${.CURDIR}/../../../lib/libstand > LIBC_SRC= ${LIBSTAND_SRC}/../libc >Index: sys/boot/mips/beri/loader/Makefile >=================================================================== >--- sys/boot/mips/beri/loader/Makefile (revision 286760) >+++ sys/boot/mips/beri/loader/Makefile (working copy) >@@ -31,6 +31,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > MAN= > > PROG?= loader >Index: sys/boot/pc98/loader/Makefile >=================================================================== >--- sys/boot/pc98/loader/Makefile (revision 286760) >+++ sys/boot/pc98/loader/Makefile (working copy) >@@ -2,6 +2,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > MAN= > > LOADER?= loader >Index: sys/boot/powerpc/kboot/Makefile >=================================================================== >--- sys/boot/powerpc/kboot/Makefile (revision 286760) >+++ sys/boot/powerpc/kboot/Makefile (working copy) >@@ -2,6 +2,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > MAN= > > PROG= loader.kboot >Index: sys/boot/powerpc/ofw/Makefile >=================================================================== >--- sys/boot/powerpc/ofw/Makefile (revision 286760) >+++ sys/boot/powerpc/ofw/Makefile (working copy) >@@ -2,6 +2,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > MAN= > > PROG= loader >Index: sys/boot/powerpc/ps3/Makefile >=================================================================== >--- sys/boot/powerpc/ps3/Makefile (revision 286760) >+++ sys/boot/powerpc/ps3/Makefile (working copy) >@@ -2,6 +2,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > MAN= > > PROG= loader.ps3 >Index: sys/boot/powerpc/uboot/Makefile >=================================================================== >--- sys/boot/powerpc/uboot/Makefile (revision 286760) >+++ sys/boot/powerpc/uboot/Makefile (working copy) >@@ -1,6 +1,7 @@ > # $FreeBSD$ > > .include <src.opts.mk> >+MK_FORTIFY= no > > PROG= ubldr > NEWVERSWHAT= "U-Boot loader" ${MACHINE_ARCH} >Index: sys/boot/sparc64/loader/Makefile >=================================================================== >--- sys/boot/sparc64/loader/Makefile (revision 286760) >+++ sys/boot/sparc64/loader/Makefile (working copy) >@@ -2,6 +2,7 @@ > > .include <src.opts.mk> > MK_SSP= no >+MK_FORTIFY= no > MAN= > > PROG?= loader >Index: sys/boot/zfs/Makefile >=================================================================== >--- sys/boot/zfs/Makefile (revision 286760) >+++ sys/boot/zfs/Makefile (working copy) >@@ -1,5 +1,9 @@ > # $FreeBSD$ > >+.include <bsd.opts.mk> >+ >+MK_FORTIFY= no >+ > LIB= zfsboot > INTERNALLIB= > >Index: sys/sys/cdefs.h >=================================================================== >--- sys/sys/cdefs.h (revision 286760) >+++ sys/sys/cdefs.h (working copy) >@@ -545,6 +545,26 @@ > #define __gnu_inline > #endif > >+#if __has_attribute(error) || __GNUC_PREREQ__(4, 3) >+#define __error_attr(msg) __attribute__((__error__(msg))) >+#else >+#define __error_attr(msg) >+#endif >+ >+/* FORTIFY_SOURCE related defines. */ >+#if __GNUC_PREREQ__(4, 1) && defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ >+ defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 && !defined(lint) >+#define __BSD_FORTIFY 1 >+#if _FORTIFY_SOURCE >= 2 >+#define __bos(s) __builtin_object_size((s), 1) >+#else >+#define __bos(s) __builtin_object_size((s), 0) >+#endif >+#define __bos0(s) __builtin_object_size((s), 0) >+#define __FORTIFY_INLINE extern __inline __always_inline __gnu_inline >+#endif /* !_FORTIFY_SOURCE */ >+#define __FORTIFY_UNKNOWN_SIZE ((size_t) -1) >+ > /* Compiler-dependent macros that rely on FreeBSD-specific extensions. */ > #if defined(__FreeBSD_cc_version) && __FreeBSD_cc_version >= 300001 && \ > defined(__GNUC__) && !defined(__INTEL_COMPILER) >Index: sys/sys/poll.h >=================================================================== >--- sys/sys/poll.h (revision 286760) >+++ sys/sys/poll.h (working copy) >@@ -117,6 +117,10 @@ > #endif > __END_DECLS > >+#ifdef __BSD_FORTIFY >+#include <secure/_poll.h> >+#endif >+ > #endif /* !_KERNEL */ > > #endif /* !_SYS_POLL_H_ */ >Index: sys/sys/select.h >=================================================================== >--- sys/sys/select.h (revision 286760) >+++ sys/sys/select.h (working copy) >@@ -103,6 +103,7 @@ > int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); > #endif > __END_DECLS >+ > #endif /* !_KERNEL */ > > #endif /* _SYS_SELECT_H_ */ >Index: sys/sys/socket.h >=================================================================== >--- sys/sys/socket.h (revision 286760) >+++ sys/sys/socket.h (working copy) >@@ -630,6 +630,10 @@ > int socketpair(int, int, int, int *); > __END_DECLS > >+#ifdef __BSD_FORTIFY >+#include <secure/_socket.h> >+#endif >+ > #endif /* !_KERNEL */ > > #ifdef _KERNEL >Index: sys/sys/stat.h >=================================================================== >--- sys/sys/stat.h (revision 286760) >+++ sys/sys/stat.h (working copy) >@@ -356,6 +356,11 @@ > int mknodat(int, const char *, mode_t, dev_t); > #endif > __END_DECLS >+ >+#ifdef __BSD_FORTIFY >+#include <secure/_stat.h> >+#endif >+ > #endif /* !_KERNEL */ > > #endif /* !_SYS_STAT_H_ */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159854">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202311
:
159850
|
159854
|
159874