secure

    ..

# $FreeBSD$

INCS= security.h _poll.h _socket.h _stat.h _stdio.h _string.h _strings.h _unistd.h

INCSDIR= ${INCLUDEDIR}/secure

.include <bsd.prog.mk>

/*

 * Copyright (C) 2008 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: eeb9f5e41662828989f3913d81ec23229a668434

 *

 * $FreeBSD$

 */

#ifndef _SYS_POLL_H_

#error "You should not use <secure/_poll.h> directly; include <sys/poll.h> instead."

#endif

#ifndef _SECURE_POLL_H_

#define _SECURE_POLL_H_

#include <secure/security.h>

__BEGIN_DECLS

int	__poll_chk(struct pollfd *, nfds_t, int, size_t);

int	__poll_real(struct pollfd *, nfds_t, int) __RENAME(poll);

__errordecl(__poll_too_small_error, "poll: pollfd array smaller than fd count");

int	__ppoll_chk(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *, size_t);

int	__ppoll_real(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *) __RENAME(ppoll);

__errordecl(__ppoll_too_small_error, "ppoll: pollfd array smaller than fd count");

#ifdef __BSD_FORTIFY

__FORTIFY_INLINE int

poll(struct pollfd *_fds, nfds_t _fd_count, int _timeout)

{

	size_t _bos = __bos(_fds);

#ifdef __clang__

	return (__poll_chk(_fds, _fd_count, _timeout, _bos));

#else

	if (_bos != __FORTIFY_UNKNOWN_SIZE) {

		if (!__builtin_constant_p(_fd_count))

			return (__poll_chk(_fds, _fd_count, _timeout, _bos));

		else if (_bos / sizeof(*_fds) < _fd_count)

			__poll_too_small_error();

	}

	return (__poll_real(_fds, _fd_count, _timeout));

#endif

}

#if __BSD_VISIBLE

__FORTIFY_INLINE int

ppoll(struct pollfd *_fds, nfds_t _fd_count, const struct timespec *_timeout, const sigset_t *_mask)

{

	size_t _bos = __bos(_fds);

#ifdef __clang__

	return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos));

#else

	if (_bos != __FORTIFY_UNKNOWN_SIZE) {

		if (!__builtin_constant_p(_fd_count))

			return (__ppoll_chk(_fds, _fd_count, _timeout, _mask, _bos));

		else if (_bos / sizeof(*_fds) < _fd_count)

			__ppoll_too_small_error();

	}

	return (__ppoll_real(_fds, _fd_count, _timeout, _mask));

#endif

}

#endif

#endif

__END_DECLS

#endif	/* !_SECURE_POLL_H_ */

/*

 * Copyright (C) 2008 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 

 *

 * $FreeBSD$

 */

#ifndef _SYS_SOCKET_H_

#error "You should not use <secure/_socket.h> directly; include <sys/socket.h> instead."

#endif

#ifndef _SECURE_SOCKET_H_

#define _SECURE_SOCKET_H_

#include <sys/_null.h>

#include <secure/security.h>

__BEGIN_DECLS

extern ssize_t	__recvfrom_chk(int, void *, size_t, size_t, int, struct sockaddr * __restrict, socklen_t * __restrict);

extern ssize_t	__recvfrom_real(int, void *, size_t, int, const struct sockaddr *, socklen_t *) __RENAME(recvfrom);

__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer");

#ifdef __BSD_FORTIFY

__FORTIFY_INLINE ssize_t

recvfrom(int _s, void *_buf, size_t _len, int _flags, struct sockaddr * __restrict _from, socklen_t * __restrict _fromlen)

{

	size_t _bos = __bos0(_buf);

#ifndef __clang__

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen));

	if (__builtin_constant_p(_len) && (_len <= _bos))

		return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen));

	if (__builtin_constant_p(_len) && (_len > _bos))

		__recvfrom_error();

#endif

	return (__recvfrom_chk(_s, _buf, _len, _bos, _flags, _from, _fromlen));

}

__FORTIFY_INLINE ssize_t

recv(int _s, void *_buf, size_t _len, int _flags)

{

	return recvfrom(_s, _buf, _len, _flags, NULL, 0);

}

#endif /* !__BSD_FORTIFY */

__END_DECLS

#endif /* !_SECURE_SOCKET_H */

/*-

 * Copyright (C) 2008 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: d807b9a12d3e49132b095df3d883618452033b51

 *

 * $FreeBSD$

 */

#ifndef _SYS_STAT_H_

#error "You should not use <secure/_stat.h> directly; include <sys/stat.h> instead."

#endif

#ifndef _SECURE_STAT_H_

#define	_SECURE_STAT_H_

#include <secure/security.h>

__BEGIN_DECLS

extern mode_t __umask_chk(mode_t);

#ifndef __FORTIFY_UMASK_REAL

#define	__FORTIFY_UMASK_REAL	1

extern mode_t __umask_real(mode_t) __RENAME(umask);

#endif

__errordecl(__umask_invalid_mode, "umask called with invalid mode");

#ifdef __BSD_FORTIFY

__FORTIFY_INLINE mode_t

umask(mode_t _mode)

{

#ifndef __clang__

	if (__builtin_constant_p(_mode)) {

		if ((_mode & 0777) != _mode)

			__umask_invalid_mode();

		return (__umask_real(_mode));

	}

#endif

	return (__umask_chk(_mode));

}

#endif /* defined(__BSD_FORTIFY) */

__END_DECLS

#endif /* !_SECURE_STAT_H_ */

/*-

 * Copyright (c) 1990 The Regents of the University of California.

 * All rights reserved.

 *

 * This code is derived from software contributed to Berkeley by

 * Chris Torek.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * 3. Neither the name of the University nor the names of its contributors

 *    may be used to endorse or promote products derived from this software

 *    without specific prior written permission.

 *

 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 *	@(#)stdio.h	5.17 (Berkeley) 6/3/91

 *	$OpenBSD: stdio.h,v 1.35 2006/01/13 18:10:09 miod Exp $

 *	$NetBSD: stdio.h,v 1.18 1996/04/25 18:29:21 jtc Exp $

 *	bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299

 *	$FreeBSD$

 */

#ifndef _STDIO_H_

#error "You should not use <secure/_stdio.h> directly; include <stdio.h> instead."

#endif

#ifndef	_SECURE_STDIO_H_

#define	_SECURE_STDIO_H_

#include <secure/security.h>

#include <stdarg.h>

__BEGIN_DECLS

extern char	*__fgets_chk(char *, int, FILE *, size_t);

extern char	*__fgets_real(char *, int, FILE *) __RENAME(fgets);

__errordecl(__fgets_too_big_error, "fgets called with size bigger than buffer");

__errordecl(__fgets_too_small_error, "fgets called with size less than zero");

extern size_t	__fread_chk(void * __restrict, size_t, size_t, FILE * __restrict, size_t);

extern size_t	__fread_real(void * __restrict, size_t, size_t, FILE * __restrict) __RENAME(fread);

__errordecl(__fread_too_big_error, "fread called with size * count bigger than buffer");

__errordecl(__fread_overflow, "fread called with overflowing size * count");

extern size_t	__fwrite_chk(const void * __restrict, size_t, size_t, FILE * __restrict, size_t);

extern size_t	__fwrite_real(const void * __restrict, size_t, size_t, FILE * __restrict) __RENAME(fwrite);

__errordecl(__fwrite_too_big_error, "fwrite called with size * count bigger than buffer");

__errordecl(__fwrite_overflow, "fwrite called with overflowing size * count");

extern int	__sprintf_chk(char * __restrict, int, size_t, const char * __restrict, ...);

extern int	__sprintf_real(char * __restrict, const char * __restrict, ...) __RENAME(sprintf);

extern int	__vsprintf_chk(char * __restrict, int, size_t, const char * __restrict, __va_list);

extern int	__vsprintf_real(char * __restrict, const char * __restrict, __va_list) __RENAME(vsprintf);

#if __ISO_C_VISIBLE >= 1999

extern int	__snprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, ...);

extern int	__snprintf_real(char * __restrict, size_t, const char * __restrict, ...) __RENAME(snprintf) __printflike(3, 4);

extern int	__vsnprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, __va_list);

extern int	__vsnprintf_real(char * __restrict, size_t, const char * __restrict, __va_list) __RENAME(vsnprintf) __printflike(3, 0);

#endif

#ifdef __BSD_FORTIFY

#if __ISO_C_VISIBLE >= 1999

__FORTIFY_INLINE __printflike(3, 0) int

vsnprintf(char *_dest, size_t _size, const char *_format, __va_list _ap)

{

	size_t _bos = __bos(_dest);

#ifndef __clang__

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__vsnprintf_real(_dest, _size, _format, _ap));

#endif

	return (__vsnprintf_chk(_dest, _size, 0, _bos, _format, _ap));

}

#endif /* __ISO_C_VISIBLE */

__FORTIFY_INLINE __printflike(2, 0) int

vsprintf(char *_dest, const char *_format, __va_list _ap)

{

	size_t _bos = __bos(_dest);

#ifndef __clang__

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__vsprintf_real(_dest, _format, _ap));

#endif

	return (__vsprintf_chk(_dest, 0, _bos, _format, _ap));

}

#if __ISO_C_VISIBLE >= 1999

#if !__has_builtin(__builtin_va_arg_pack) && !__GNUC_PREREQ__(4, 3)	/* defined(__clang__) */

#if !defined(snprintf) && !defined(__cplusplus)

#define	__wrap_snprintf(_dest, _size, ...)	__snprintf_chk(_dest, _size, 0, __bos(_dest), __VA_ARGS__)

#define	snprintf(...)	__wrap_snprintf(__VA_ARGS__)

#endif /* !snprintf */

#else /* __GNUC_PREREQ__(4, 3) */

__FORTIFY_INLINE __printflike(3, 4) int

snprintf(char *_dest, size_t _size, const char *_format, ...)

{

	size_t _bos = __bos(_dest);

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__snprintf_real(_dest, _size, _format,

		    __builtin_va_arg_pack()));

	return (__snprintf_chk(_dest, _size, 0, _bos, _format,

	    __builtin_va_arg_pack()));

}

#endif /* !__GNUC_PREREQ__(4, 3) */

#endif /* __ISO_C_VISIBLE */

#if !__has_builtin(__builtin_va_arg_pack) && !__GNUC_PREREQ__(4, 3)	/* defined(__clang__) */

#if !defined(sprintf) && !defined(__cplusplus)

#define	__wrap_sprintf(_dest, ...)	__sprintf_chk(_dest, 0, __bos(_dest), __VA_ARGS__)

#define	sprintf(...)	__wrap_sprintf(__VA_ARGS__)

#endif /* !sprintf */

#else /* __GNUC_PREREQ__(4, 3) */

__FORTIFY_INLINE __printflike(2, 3) int

sprintf(char *_dest, const char *_format, ...)

{

	size_t _bos = __bos(_dest);

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__sprintf_real(_dest, _format,

		    __builtin_va_arg_pack()));

	return (__sprintf_chk(_dest, 0, _bos, _format,

	    __builtin_va_arg_pack()));

}

#endif /* !__GNUC_PREREQ__(4, 3) */

__FORTIFY_INLINE char *

fgets(char *_buf, int _n, FILE *_stream)

{

	size_t _bos = __bos(_buf);

#ifndef __clang__

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always negative.

	 * Force a compiler error.

	 */

	if (__builtin_constant_p(_n) && (_n < 0))

		__fgets_too_small_error();

	/*

	 * Compiler doesn 't know destination size.

	 * Don' t call __fgets_chk.

	 */

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__fgets_real(_buf, _n, _stream));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size.

	 * Don 't call __fgets_chk.

	 */

	if (__builtin_constant_p(_n) && (_n <= (int)_bos))

		return (__fgets_real(_buf, _n, _stream));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always > the actual object size.

	 * Force a compiler error.

	 */

	if (__builtin_constant_p(_n) && (_n > (int)_bos))

		__fgets_too_big_error();

#endif

	return (__fgets_chk(_buf, _n, _stream, _bos));

}

__FORTIFY_INLINE size_t

fread(void * __restrict _ptr, size_t _size, size_t _nmemb, FILE * __restrict _stream)

{

	size_t _bos = __bos0(_ptr);

#ifndef __clang__

	size_t _total;

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__fread_real(_ptr, _size, _nmemb, _stream));

	if (__builtin_constant_p(_size) && __builtin_constant_p(_nmemb)) {

		if (__size_mul_overflow(_size, _nmemb, &_total))

			__fread_overflow();

		if (_total > _bos)

			__fread_too_big_error();

		return (__fread_real(_ptr, _size, _nmemb, _stream));

	}

#endif

	return (__fread_chk(_ptr, _size, _nmemb, _stream, _bos));

}

__FORTIFY_INLINE size_t

fwrite(const void * __restrict _ptr, size_t _size, size_t _nmemb, FILE * __restrict _stream)

{

	size_t _bos = __bos0(_ptr);

#ifndef __clang__

	size_t _total;

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return __fwrite_real(_ptr, _size, _nmemb, _stream);

	if (__builtin_constant_p(_size) && __builtin_constant_p(_nmemb)) {

		if (__size_mul_overflow(_size, _nmemb, &_total))

			__fwrite_overflow();

		if (_total > _bos)

			__fwrite_too_big_error();

		return (__fwrite_real(_ptr, _size, _nmemb, _stream));

	}

#endif

	return (__fwrite_chk(_ptr, _size, _nmemb, _stream, _bos));

}

#endif /* defined(__BSD_FORTIFY) */

__END_DECLS

#endif /* !_SECURE_STDIO_H_ */

/*-

 * Copyright (c) 2015 Olivér Pintér

 * Copyright (C) 2008 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6

 *

 * $FreeBSD$

 */

#ifndef _STRING_H_

#error "You should not use <secure/_string.h> directly; include <string.h> instead."

#endif

#ifndef _SECURE_STRING_H_

#define	_SECURE_STRING_H_

#include <secure/security.h>

__BEGIN_DECLS

extern void 	*__memccpy_chk(void *, const void *, int, size_t, size_t);

extern void	*__memccpy_real(void *, const void *, int, size_t) __RENAME(memccpy);

extern void	*__memchr_chk(const void *, int, size_t, size_t);

extern void	*__memchr_real(const void *, int, size_t) __RENAME(memchr);

extern void	*__memcpy_chk(void *, const void *, size_t, size_t);

extern void	*__memcpy_real(void *, const void *, size_t) __RENAME(memcpy);

__errordecl(__memchr_buf_size_error, "memchr called with size bigger than buffer");

extern void	*__memmove_chk(void *, const void *, size_t, size_t);

extern void	*__memmove_real(void *, const void *, size_t) __RENAME(memmove);

extern void	*__memrchr_chk(const void *, int, size_t, size_t);

extern void	*__memrchr_real(const void *, int, size_t) __RENAME(memrchr);

__errordecl(__memrchr_buf_size_error, "memrchr called with size bigger than buffer");

extern void	*__memset_chk(void *, int, size_t, size_t);

extern void	*__memset_real(void *, int, size_t) __RENAME(memset);

extern char	*__strcat_chk(char *__restrict, const char *__restrict, size_t);

extern char	*__strcat_real(char *__restrict, const char *__restrict) __RENAME(strcat);

extern char	*__strncat_chk(char *__restrict, const char *__restrict, size_t, size_t);

extern char	*__strncat_real(char *__restrict, const char *__restrict, size_t) __RENAME(strncat);

extern char	*__stpcpy_chk(char *, const char *, size_t);

extern char	*__stpcpy_real(char *, const char *) __RENAME(stpcpy);

extern char	*__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t);

extern char	*__stpncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t);

extern char	*__stpncpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(stpncpy);

extern char	*__strcpy_chk(char *, const char *, size_t);

extern char	*__strcpy_real(char *, const char *) __RENAME(strcpy);

extern char	*__strncpy_chk(char *, const char *, size_t, size_t);

extern char	*__strncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t);

extern char	*__strncpy_real(char *, const char *, size_t) __RENAME(strncpy);

extern size_t	 __strlcpy_chk(char *, const char *, size_t, size_t);

extern size_t	 __strlcpy_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcpy);

extern size_t	 __strlcat_chk(char * __restrict, const char * __restrict, size_t, size_t);

extern size_t	 __strlcat_real(char * __restrict, const char * __restrict, size_t) __RENAME(strlcat);

extern size_t	 __strlen_chk(const char *, size_t);

extern size_t	 __strlen_real(const char *) __RENAME(strlen);

extern char	*__strchr_chk(const char *, int, size_t);

extern char	*__strchr_real(const char *, int) __RENAME(strchr);

extern char	*__strchrnul_chk(const char *, int, size_t);

extern char	*__strchrnul_real(const char *, int) __RENAME(strchrnul);

extern char	*__strrchr_chk(const char *, int, size_t);

extern char	*__strrchr_real(const char *, int) __RENAME(strrchr);

#ifdef __BSD_FORTIFY

#if __XSI_VISIBLE >= 600

__FORTIFY_INLINE void *

memccpy(void * __restrict _d, const void * __restrict _s, int _c, size_t _n)

{

	size_t _bos = __bos0(_d);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__memccpy_real(_d, _s, _c, _n));

#endif

	return (__memccpy_chk(_d, _s, _c, _n, _bos));

}

#endif /* __XSI_VISIBLE */

__FORTIFY_INLINE void *

memchr(const void *_s, int _c, size_t _n)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__memchr_real(_s, _c, _n));

	if (__builtin_constant_p(_n) && (_n > _bos))

		__memchr_buf_size_error();

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size. Don't call __memchr_chk.

	 */

	if (__builtin_constant_p(_n) && (_n <= _bos))

		return (__memchr_real(_s, _c, _n));

#endif

	return (__memchr_chk(_s, _c, _n, _bos));

}

#if __BSD_VISIBLE

__FORTIFY_INLINE void *

memrchr(const void *_s, int _c, size_t _n)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__memrchr_real(_s, _c, _n));

	if (__builtin_constant_p(_n) && (_n > _bos))

		(__memrchr_buf_size_error());

	if (__builtin_constant_p(_n) && (_n <= _bos))

		return __memrchr_real(_s, _c, _n);

#endif

	return (__memrchr_chk(_s, _c, _n, _bos));

}

#endif /* __BSD_VISIBLE */

__FORTIFY_INLINE void *

memcpy(void * __restrict _d, const void * __restrict _s, size_t _n)

{

	size_t _bos = __bos0(_d);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__memcpy_real(_d, _s, _n));

#endif

	return (__memcpy_chk(_d, _s, _n, _bos));

}

__FORTIFY_INLINE void *

memmove(void *_d, const void *_s, size_t _n)

{

	size_t _bos = __bos0(_d);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__memmove_real(_d, _s, _n));

#endif

	return (__memmove_chk(_d, _s, _n, _bos));

}

#if __POSIX_VISIBLE >= 200809

__FORTIFY_INLINE char *

stpcpy(char * __restrict _d, const char * __restrict _s)

{

	size_t _bos = __bos(_d);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__stpcpy_real(_d, _s));

#endif

	return (__stpcpy_chk(_d, _s, _bos));

}

#endif /* __POSIX_VISIBLE */

__FORTIFY_INLINE char *

strcpy(char * __restrict _d, const char * __restrict _s)

{

	size_t _bos = __bos(_d);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strcpy_real(_d, _s));

#endif

	return (__strcpy_chk(_d, _s, _bos));

}

#if __POSIX_VISIBLE >= 200809

__FORTIFY_INLINE char *

stpncpy(char * __restrict _d, const char * __restrict _s, size_t _n)

{

	size_t _d_bos = __bos(_d);

	size_t _s_bos = __bos(_s);

#ifndef __clang__

	size_t _slen;

	if (_d_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__stpncpy_real(_d, _s, _n));

	if (_s_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__stpncpy_chk(_d, _s, _n, _d_bos));

	if (__builtin_constant_p(_n) && (_n <= _s_bos))

		return (__stpncpy_chk(_d, _s, _n, _d_bos));

	_slen = __builtin_strlen(_s);

	if (__builtin_constant_p(_slen))

		return (__stpncpy_chk(_d, _s, _n, _d_bos));

#endif

	return (__stpncpy_chk2(_d, _s, _n, _d_bos, _s_bos));

}

#endif /* __POSIX_VISIBLE */

__FORTIFY_INLINE char *

strncpy(char * __restrict _d, const char * __restrict _s, size_t _n)

{

	size_t _d_bos = __bos(_d);

	size_t _s_bos = __bos(_s);

#ifndef __clang__

	size_t _slen;

	if (_d_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__strncpy_real(_d, _s, _n));

	if (_s_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__strncpy_chk(_d, _s, _n, _d_bos));

	if (__builtin_constant_p(_n) && (_n <= _s_bos))

		return (__strncpy_chk(_d, _s, _n, _d_bos));

	_slen = __builtin_strlen(_s);

	if (__builtin_constant_p(_slen))

		return (__strncpy_chk(_d, _s, _n, _d_bos));

#endif

	return (__strncpy_chk2(_d, _s, _n, _d_bos, _s_bos));

}

__FORTIFY_INLINE char *

strcat(char * __restrict _d, const char * __restrict _s)

{

	size_t _bos = __bos(_d);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strcat_real(_d, _s));

#endif

	return (__strcat_chk(_d, _s, _bos));

}

__FORTIFY_INLINE char *

strncat(char * __restrict _d, const char * __restrict _s, size_t _n)

{

	size_t _bos = __bos(_d);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strncat_real(_d, _s, _n));

#endif

	return (__strncat_chk(_d, _s, _n, _bos));

}

__FORTIFY_INLINE void *

memset(void *_s, int _c, size_t _n)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__memset_real(_s, _c, _n));

#endif

	return (__memset_chk(_s, _c, _n, _bos));

}

#if __BSD_VISIBLE

__FORTIFY_INLINE size_t

strlcpy(char * __restrict _d, const char * __restrict _s, size_t _n)

{

	size_t _bos = __bos(_d);

#ifndef __clang__

	/* Compiler doesn't know destination size. Don't call __strlcpy_chk. */

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strlcpy_real(_d, _s, _n));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size. Don't call __strlcpy_chk.

	 */

	if (__builtin_constant_p(_n) && (_n <= _bos))

		return (__strlcpy_real(_d, _s, _n));

#endif

	return (__strlcpy_chk(_d, _s, _n, _bos));

}

#endif /* __BSD_VISIBLE */

#if __BSD_VISIBLE

__FORTIFY_INLINE size_t

strlcat(char * __restrict _d, const char * __restrict _s, size_t _n)

{

	size_t _bos = __bos(_d);

#ifndef __clang__

	/* Compiler doesn't know destination size. Don't call __strlcat_chk. */

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strlcat_real(_d, _s, _n));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size. Don't call __strlcat_chk.

	 */

	if (__builtin_constant_p(_n) && (_n <= _bos))

		return (__strlcat_real(_d, _s, _n));

#endif

	return (__strlcat_chk(_d, _s, _n, _bos));

}

#endif /* __BSD_VISIBLE */

__FORTIFY_INLINE size_t

strlen(const char *_s)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	size_t _slen;

	/* Compiler doesn't know destination size. Don't call __strlen_chk. */

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strlen_real(_s));

	_slen = __builtin_strlen(_s);

	if (__builtin_constant_p(_slen))

		return (_slen);

#endif

	return (__strlen_chk(_s, _bos));

}

__FORTIFY_INLINE char *

strchr(const char *_s, int _c)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	size_t _slen;

	/* Compiler doesn't know destination size. Don't call __strchr_chk. */

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strchr_real(_s, _c));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size. Don't call __strlchr_chk.

	 */

	_slen = __builtin_strlen(_s);

	if (__builtin_constant_p(_slen) && (_slen < _bos))

		return (__strchr_real(_s, _c));

#endif

	return (__strchr_chk(_s, _c, _bos));

}

#if __BSD_VISIBLE

__FORTIFY_INLINE char *

strchrnul(const char *_s, int _c)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	size_t _slen;

	/* Compiler doesn't know destination size. Don't call __strchr_chk. */

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strchrnul_real(_s, _c));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size. Don't call __strlchrnul_chk.

	 */

	_slen = __builtin_strlen(_s);

	if (__builtin_constant_p(_slen) && (_slen < _bos))

		return (__strchrnul_real(_s, _c));

#endif

	return (__strchrnul_chk(_s, _c, _bos));

}

#endif

__FORTIFY_INLINE char *

strrchr(const char *_s, int _c)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	size_t _slen;

	/* Compiler doesn't know destination size. Don't call __strrchr_chk. */

	if (__predict_false(_bos == __FORTIFY_UNKNOWN_SIZE))

		return (__strrchr_real(_s, _c));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size. Don't call __strlen_chk.

	 */

	_slen = __strlen_real(_s);

	if (__builtin_constant_p(_slen) && (_slen < _bos))

		return (__strrchr_real(_s, _c));

#endif

	return (__strrchr_chk(_s, _c, _bos));

}

#endif /* defined(__BSD_FORTIFY) */

__END_DECLS

#endif /* !_SECURE_STRING_H */

/*-

 * Copyright (C) 2015 Olivér Pintér

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * $FreeBSD$

 */

#ifndef _STRINGS_H_

#error "You should not use <secure/_strings.h> directly; include <sys/strings.h> instead."

#endif

#ifndef _SECURE_STRINGS_H_

#define _SECURE_STRINGS_H_

#include <secure/security.h>

__BEGIN_DECLS

extern void	*__bcopy_chk(void *, const void *, size_t, size_t) __RENAME(__memmove_chk);

extern void	 __bcopy_real(const void *, void *, size_t) __RENAME(bcopy);

extern void	*__bzero_chk(void *, int, size_t, size_t) __RENAME(__memset_chk);

extern void	 __bzero_real(void *, size_t) __RENAME(bzero);

extern char	*__rindex_chk(const char *, int, size_t);

extern char	*__rindex_real(const char *, int) __RENAME(rindex);

#ifdef __BSD_FORTIFY

#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112

__FORTIFY_INLINE void

bcopy(const void *_s, void *_d, size_t _l)

{

	size_t _bos = __bos0(_d);

#ifndef __clang__

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		__bcopy_real(_s, _d, _l);

#endif

	(void)(__bcopy_chk(_d, _s, _l, _bos));

}

#endif

#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112

__FORTIFY_INLINE void

bzero(void *_s, size_t _n)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		__bzero_real(_s, _n);

#endif

	(void)(__bzero_chk(_s, '\0', _n, _bos));

}

#endif

#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112

__FORTIFY_INLINE char *

rindex(const char *_s, int _c)

{

	size_t _bos = __bos(_s);

#ifndef __clang__

	size_t _slen;

	/* Compiler doesn't know destination size. Don't call __strrchr_chk. */

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__rindex_real(_s, _c));

	/*

	 * Compiler can prove, at compile time, that the passed in size

	 * is always <= the actual object size. Don't call __rindex_chk.

	 */

	_slen = __builtin_strlen(_s);

	if (__builtin_constant_p(_slen) && (_slen < _bos))

		return (__rindex_real(_s, _c));

#endif

	return (__rindex_chk(_s, _c, _bos));

}

#endif

#endif /* !__BSD_FORTIFY */

__END_DECLS

#endif /* !defined(_SECURE_STRINGS_H_) */

/*-

 * Copyright (c) 2015 Olivér Pintér

 * Copyright (C) 2008 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * rev: 9ef26a3c4cd2e6d469f771815a07cb820800beb6

 *

 * $FreeBSD$

 */

#ifndef _UNISTD_H_

#error "You should not use <secure/_unistd.h> directly; include <unistd.h> instead."

#endif

#ifndef _SECURE_UNISTD_H_

#define	_SECURE_UNISTD_H_

#include <sys/limits.h>

#include <secure/security.h>

__BEGIN_DECLS

extern char	*__getcwd_chk(char*, size_t, size_t);

extern char	*__getcwd_real(char*, size_t) __RENAME(getcwd);

__errordecl(__getcwd_dest_size_error, "getcwd called with size bigger than destination");

extern ssize_t	 __pread_chk(int, void *, size_t, off_t, size_t);

extern ssize_t	 __pread_real(int, void *, size_t, off_t) __RENAME(pread);

__errordecl(__pread_dest_size_error, "pread called with size bigger than destination");

__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX");

extern ssize_t	 __read_chk(int, void *, size_t, size_t);

extern ssize_t	 __read_real(int, void *, size_t) __RENAME(read);

__errordecl(__read_dest_size_error, "read called with size bigger than destination");

__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX");

extern ssize_t	 __readlink_chk(const char *, char *, size_t, size_t);

extern ssize_t	 __readlink_real(const char *, char *, size_t) __RENAME(readlink);

__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination");

__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX");

extern ssize_t	 __readlinkat_chk(int, const char *, char *, size_t, size_t);

extern ssize_t	 __readlinkat_real(int, const char *, char *, size_t) __RENAME(readlinkat);

__errordecl(__readlinkat_dest_size_error, "readlinkat called with size bigger than destination");

__errordecl(__readlinkat_size_toobig_error, "readlinkat called with size > SSIZE_MAX");

#ifdef __BSD_FORTIFY

__FORTIFY_INLINE

char *

getcwd(char *_buf, size_t _size)

{

	size_t	_bos = __bos(_buf);

#ifdef __clang__

	/*

	 * Work around LLVM's incorrect __builtin_object_size implementation

	 * here to avoid needing the workaround in the __getcwd_chk ABI

	 * forever.

	 * 

	 * https://llvm.org/bugs/show_bug.cgi?id=23277

	 */

	if (_buf == NULL)

		_bos = __FORTIFY_UNKNOWN_SIZE;

#else

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__getcwd_real(_buf, _size));

	if (__builtin_constant_p(_size) && (_size > _bos))

		__getcwd_dest_size_error();

	if (__builtin_constant_p(_size) && (_size <= _bos))

		return (__getcwd_real(_buf, _size));

#endif

	return (__getcwd_chk(_buf, _size, _bos));

}

/* 1003.1-2008 */

#if __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE

__FORTIFY_INLINE ssize_t

pread(int _fd, void *_buf, size_t _count, off_t _offset)

{

	size_t _bos = __bos0(_buf);

#ifndef __clang__

	if (__builtin_constant_p(_count) && (_count > SSIZE_MAX))

		__pread_count_toobig_error();

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__pread_real(_fd, _buf, _count, _offset));

	if (__builtin_constant_p(_count) && (_count > _bos))

		__pread_dest_size_error();

	if (__builtin_constant_p(_count) && (_count <= _bos))

		return (__pread_real(_fd, _buf, _count, _offset));

#endif

	return (__pread_chk(_fd, _buf, _count, _offset, _bos));

}

#endif /* __POSIX_VISIBLE >= 200809 || __XSI_VISIBLE */

__FORTIFY_INLINE ssize_t

read(int _fd, void *_buf, size_t _count)

{

	size_t _bos = __bos0(_buf);

#ifndef __clang__

	if (__builtin_constant_p(_count) && (_count > SSIZE_MAX))

		__read_count_toobig_error();

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__read_real(_fd, _buf, _count));

	if (__builtin_constant_p(_count) && (_count > _bos))

		__read_dest_size_error();

	if (__builtin_constant_p(_count) && (_count <= _bos))

		return (__read_real(_fd, _buf, _count));

#endif

	return (__read_chk(_fd, _buf, _count, _bos));

}

/* 1003.1-2001 */

#if __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE

__FORTIFY_INLINE ssize_t

readlink(const char *_path, char *_buf, size_t _size)

{

	size_t _bos = __bos(_buf);

#ifndef __clang__

	if (__builtin_constant_p(_size) && (_size > SSIZE_MAX))

		__readlink_size_toobig_error();

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__readlink_real(_path, _buf, _size));

	if (__builtin_constant_p(_size) && (_size > _bos))

		__readlink_dest_size_error();

	if (__builtin_constant_p(_size) && (_size <= _bos))

		return (__readlink_real(_path, _buf, _size));

#endif

	return (__readlink_chk(_path, _buf, _size, _bos));

}

#endif /* __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE */

#if __POSIX_VISIBLE >= 200809

__FORTIFY_INLINE ssize_t

readlinkat(int _dirfd, const char *_path, char *_buf, size_t _size)

{

	size_t _bos = __bos(_buf);

#ifndef __clang__

	if (__builtin_constant_p(_size) && (_size > SSIZE_MAX))

		(__readlinkat_size_toobig_error());

	if (_bos == __FORTIFY_UNKNOWN_SIZE)

		return (__readlinkat_real(_dirfd, _path, _buf, _size));

	if (__builtin_constant_p(_size) && (_size > _bos))

		__readlinkat_dest_size_error();

	if (__builtin_constant_p(_size) && (_size <= _bos))

		return (__readlinkat_real(_dirfd, _path, _buf, _size));

#endif

	return (__readlinkat_chk(_dirfd, _path, _buf, _size, _bos));

}

#endif /* __POSIX_VISIBLE >= 200809 */

#endif	/* defined(__BSD_FORTIFY) */

__END_DECLS

#endif	/* !_SECURE_UNISTD_H_ */

/*-

 * Copyright (c) 2015 Olivér Pintér

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * $FreeBSD$

 */

#ifndef _SECURE_SECURITY_

#define	_SECURE_SECURITY_

#include <sys/cdefs.h>

#include <sys/types.h>

#ifndef __clang__

#if __GNUC_PREREQ__(4, 3)

#define	__errordecl(name, msg)	extern void name(void) __error_attr(msg)

#else

#define	__errordecl(name, msg)		\

static void name(void) __dead2;		\

static void name(void)			\

{					\

					\

	__fortify_chk_fail(msg);	\

}

#endif	/* __GNUC_PREREQ(4, 3) */

#else	/* !__clang__ */

#define	__errordecl(name, msg)

#endif	/* !__clang__ */

#define	__RENAME(x)	__asm__(#x)

#if __has_builtin(__builtin_umul_overflow) || __GNUC_PREREQ__(5, 0)

#if __LP64__

#define	__size_mul_overflow(a, b, result)	__builtin_umull_overflow(a, b, result)

#else

#define	__size_mul_overflow(a, b, result)	__builtin_umul_overflow(a, b, result)

#endif

#else

static __inline __always_inline int

__size_mul_overflow(__SIZE_TYPE__ a, __SIZE_TYPE__ b, __SIZE_TYPE__ *result)

{

    static const __SIZE_TYPE__ mul_no_overflow = 1UL << (sizeof(__SIZE_TYPE__) * 4);

    *result = a * b;

    return (a >= mul_no_overflow || b >= mul_no_overflow) && a > 0 && (__SIZE_TYPE__)-1 / a < b;

}

#endif

__BEGIN_DECLS

/* Common fail function. */

void	__secure_fail(const char *msg) __dead2 __nonnull(1);

/* SSP related fail functions. */

void	__chk_fail(void) __dead2;

void	__stack_chk_fail(void) __dead2;

/* FORTIFY_SOURCE related fail function. */

void	__fortify_chk_fail(const char* msg) __dead2 __nonnull(1);

int	__fortify_chk_overlap(const void *a, const void *b, size_t len);

__END_DECLS

#endif /* !_SECURE_SECURITY_ */

#if defined(__BSD_FORTIFY)

#include <secure/_stdio.h>

#endif

#if defined(__BSD_FORTIFY)

#include <secure/_string.h>

#endif

#if defined(__BSD_FORTIFY)

#include <secure/_strings.h>

#endif

#if defined(__BSD_FORTIFY)

#include <secure/_unistd.h>

#endif

#undef _FORTIFY_SOURCE

	fortify_source.c \

	secure_common.c \

# Sources which contains FORTIFY_SOURCE functions:

SRCS+=	\

	__fgets_chk.c \

	__fread_chk.c \

	__fwrite_chk.c \

	__getcwd_chk.c \

	__memccpy_chk.c \

	__memchr_chk.c \

	__memcpy_chk.c \

	__memmove_chk.c \

	__memrchr_chk.c \

	__memset_chk.c \

	__pread_chk.c \

	__read_chk.c \

	__readlink_chk.c \

	__readlinkat_chk.c \

	__stpcpy_chk.c \

	__stpncpy_chk.c \

	__strcat_chk.c \

	__strchr_chk.c \

	__strchrnul_chk.c \

	__strcpy_chk.c \

	__strlcat_chk.c \

	__strlcpy_chk.c \

	__strlen_chk.c \

	__strncat_chk.c \

	__strncpy_chk.c \

	__strrchr_chk.c \

	__vsnprintf_chk.c \

	__vsprintf_chk.c

# Sources which contains FORTIFY_SOURCE functions,

# but live in .h files under sys/sys

SRCS+=	\

	__poll_chk.c \

	__recvfrom_chk.c \

	__umask_chk.c

MAN+=   __builtin_object_size.3

FBSD_1.1 {

};

FBSD_1.2 {

};

FBSD_1.3 {

};

FBSD_1.4 {

	__fgets_chk;

	__fortify_chk_fail;

	__fread_chk;

	__fwrite_chk;

	__getcwd_chk;

	__memccpy_chk;

	__memchr_chk;

	__memcpy_chk;

	__memmove_chk;

	__memrchr_chk;

	__memset_chk;

	__poll_chk;

	__ppoll_chk;

	__pread_chk;

	__read_chk;

	__readlink_chk;

	__readlinkat_chk;

	__recvfrom_chk;

	__rindex_chk;

	__snprintf_chk;

	__sprintf_chk;

	__stpcpy_chk;

	__stpncpy_chk;

	__stpncpy_chk2;

	__strcat_chk;

	__strchr_chk;

	__strchrnul_chk;

	__strcpy_chk;

	__strlcat_chk;

	__strlcpy_chk;

	__strlen_chk;

	__strncat_chk;

	__strncpy_chk;

	__strncpy_chk2;

	__strrchr_chk;

	__umask_chk;

	__vsnprintf_chk;

	__vsprintf_chk;

	__secure_fail;

};

FBSDprivate_1.0 {

};

.\"	$NetBSD: __builtin_object_size.3,v 1.10 2012/07/19 06:44:12 wiz Exp $

.\"

.\" Copyright (c) 2007 The NetBSD Foundation, Inc.

.\" All rights reserved.

.\"

.\" This code is derived from software contributed to The NetBSD Foundation

.\" by Christos Zoulas.

.\"

.\" Redistribution and use in source and binary forms, with or without

.\" modification, are permitted provided that the following conditions

.\" are met:

.\" 1. Redistributions of source code must retain the above copyright

.\"    notice, this list of conditions and the following disclaimer.

.\" 2. Redistributions in binary form must reproduce the above copyright

.\"    notice, this list of conditions and the following disclaimer in the

.\"    documentation and/or other materials provided with the distribution.

.\"

.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS

.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED

.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS

.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

.\" POSSIBILITY OF SUCH DAMAGE.

.\"

.\"

.Dd July 18, 2012

.Dt __BUILTIN_OBJECT_SIZE 3

.Os

.Sh NAME

.Nm __builtin_object_size

.Nd return the size of the given object

.Sh SYNOPSIS

.Ft size_t

.Fn __builtin_object_size "void *ptr" "int type"

.Sh DESCRIPTION

The

.Fn __builtin_object_size

function is a

.Xr gcc 1

built-in function that returns the size of the

.Fa ptr

object if known at compile time and the object does not have any side

effects.

.Sh RETURN VALUES

If the size of the object is not known or it has side effects the

.Fn __builtin_object_size

function returns:

.Bl -tag -width (size_t)\-1 -offset indent

.It Dv (size_t)\-1

for

.Fa type

.Dv 0

and

.Dv 1 .

.It Dv (size_t)0

for

.Fa type

.Dv 2

and

.Dv 3 .

.El

.Pp

If the size of the object is known, then the

.Fn __builtin_object_size

function returns the maximum size of all the objects that the compiler

knows that they can be pointed to by

.Fa ptr

when

.Fa type

.Dv \*[Am] 2 == 0 ,

and the minimum size when

.Fa type

.Dv \*[Am] 2 != 0 .

.Sh SEE ALSO

.Xr gcc 1 ,

.Xr __builtin_return_address 3 ,

.Xr attribute 3 ,

.Xr ssp 3

.Sh HISTORY

The

.Fn __builtin_object_size

appeared in

.Tn GCC 4.1 .

.Sh CAVEATS

This is a non-standard, compiler-specific extension.

.Pp

Note that currently the object size calculation pass is only done at -O1

or above, meaning that this function always returns \-1 when the optimizer

is off.

.Pp

There are some discussions about always doing the object size pass, but

the issue is that without the optimization pass data sizes are not going

to be correct.

.Pp

For that reason currently code fortification (size-checked replacement

functions) is disabled when optimization is off.

/*-

 * Copyright (C) 2012 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: 6cc98af72b0c48c58b2ab5fdb5f7abb842175299 

 *

 * $FreeBSD$

 */

#undef _FORTIFY_SOURCE

#include <sys/cdefs.h>

#include <secure/security.h>

#include <stdio.h>

#include <stdlib.h>

#include "secure/_stdio.h"

char *

__fgets_chk(char *buf, int n, FILE *stream, size_t bos)

{

	if (bos == __FORTIFY_UNKNOWN_SIZE)

		return (fgets(buf, n, stream));

	if (n < 0)

		__fortify_chk_fail("fgets: buffer size < 0");

	if (((size_t)n) > bos)

		__fortify_chk_fail("fgets: prevented write past end of buffer");

	return (fgets(buf, n, stream));

}

/*-

 * Copyright (C) 2015 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: fed2659869ec41a93f655be8058568ddab419e01

 *

 * $FreeBSD$

 */

#undef _FORTIFY_SOURCE

#include <sys/cdefs.h>

#include <secure/security.h>

#include <stdio.h>

#include "secure/_stdio.h"

size_t

__fread_chk(void *__restrict ptr, size_t size, size_t nmemb, FILE * __restrict stream, size_t bos)

{

	size_t total;

	if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE))

		return (fread(ptr, size, nmemb, stream));

	if (__predict_false(__size_mul_overflow(size, nmemb, &total))) {

		//overflow: trigger the error path in fread

		return (fread(ptr, size, nmemb, stream));

	}

	if (__predict_false(total > bos))

		__fortify_chk_fail("fread: prevented write past end of buffer");

	return (fread(ptr, size, nmemb, stream));

}

/*-

 * Copyright (C) 2015 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: fed2659869ec41a93f655be8058568ddab419e01

 *

 * $FreeBSD$

 */

#undef _FORTIFY_SOURCE

#include <sys/cdefs.h>

#include <secure/security.h>

#include <stdio.h>

#include "secure/_stdio.h"

size_t

__fwrite_chk(const void * __restrict ptr, size_t size, size_t nmemb, FILE * __restrict stream, size_t bos)

{

	size_t total;

	if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE))

		return (fwrite(ptr, size, nmemb, stream));

	if (__predict_false(__size_mul_overflow(size, nmemb, &total))) {

		// overflow: trigger the error path in fwrite

		return (fwrite(ptr, size, nmemb, stream));

	}

	if (__predict_false(total > bos))

		__fortify_chk_fail("fwrite: prevented read past end of buffer");

	return (fwrite(ptr, size, nmemb, stream));

}

/*-

 * Copyright (C) 2015 The Android Open Source Project

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,

 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,

 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS

 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED

 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * bionic rev: 7e919daeaad62515ebbbf7b06badc77625a14d90

 *

 * $FreeBSD$

 */

#undef _FORTIFY_SOURCE

#include <sys/cdefs.h>

#include <secure/security.h>

#include <unistd.h>

#include "secure/_unistd.h"

char *

__getcwd_chk(char* buf, size_t size, size_t bos)

{

	if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE))

		return (getcwd(buf, size));

	if (__predict_false(size > bos))

		__fortify_chk_fail("getcwd: prevented write past end of buffer");

	return (getcwd(buf, size));

}

/*-

 * Copyright (C) 2015 Oliver Pinter

 * All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *  * Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *  * Redistributions in binary form must reproduce the above copyright