From 48f0fbd28ccd0b4e32c8558852a0ab3c90f72fc9 Mon Sep 17 00:00:00 2001 From: ganlan Date: Wed, 7 Sep 2022 21:57:07 +0800 Subject: [PATCH] =?UTF-8?q?fortify=20=E4=BB=A3=E7=A0=81=E8=A7=84=E8=8C=83?= =?UTF-8?q?=E6=80=A7=E6=95=B4=E5=90=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ganlan --- libc-test/src/functionalext/fortify/fcntl.c | 16 ++-- libc-test/src/functionalext/fortify/poll.c | 6 +- libc-test/src/functionalext/fortify/socket.c | 8 +- porting/linux/user/include/fortify/fcntl.h | 42 ++++----- porting/linux/user/include/fortify/fortify.h | 25 +++--- porting/linux/user/include/fortify/poll.h | 20 ++--- porting/linux/user/include/fortify/stat.h | 4 +- porting/linux/user/include/fortify/stdio.h | 18 ++-- porting/linux/user/include/fortify/string.h | 74 ++++++++-------- porting/linux/user/src/fortify/fortify.c | 92 ++++++++++---------- 10 files changed, 154 insertions(+), 151 deletions(-) diff --git a/libc-test/src/functionalext/fortify/fcntl.c b/libc-test/src/functionalext/fortify/fcntl.c index d310a361..cd1edb97 100644 --- a/libc-test/src/functionalext/fortify/fcntl.c +++ b/libc-test/src/functionalext/fortify/fcntl.c @@ -48,7 +48,7 @@ static void open_0020(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_CREAT; // Fool the compiler. + int flags = O_CREAT; int status; int pid = fork(); switch (pid) { @@ -82,7 +82,7 @@ static void open_0030(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_TMPFILE; // Fool the compiler. + int flags = O_TMPFILE; int status; int pid = fork(); switch (pid) { @@ -131,7 +131,7 @@ static void openat_0020(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_CREAT; // Fool the compiler. + int flags = O_CREAT; int status; int pid = fork(); switch (pid) { @@ -165,7 +165,7 @@ static void openat_0030(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_TMPFILE; // Fool the compiler. + int flags = O_TMPFILE; int status; int pid = fork(); switch (pid) { @@ -214,7 +214,7 @@ static void open64_0020(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_CREAT; // Fool the compiler. + int flags = O_CREAT; int status; int pid = fork(); switch (pid) { @@ -248,7 +248,7 @@ static void open64_0030(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_TMPFILE; // Fool the compiler. + int flags = O_TMPFILE; int status; int pid = fork(); switch (pid) { @@ -297,7 +297,7 @@ static void openat64_0020(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_CREAT; // Fool the compiler. + int flags = O_CREAT; int status; int pid = fork(); switch (pid) { @@ -331,7 +331,7 @@ static void openat64_0030(void) }; sigaction(SIGABRT, &sigabrt, NULL); - int flags = O_TMPFILE; // Fool the compiler. + int flags = O_TMPFILE; int status; int pid = fork(); switch (pid) { diff --git a/libc-test/src/functionalext/fortify/poll.c b/libc-test/src/functionalext/fortify/poll.c index af5b77cb..8ad626e9 100644 --- a/libc-test/src/functionalext/fortify/poll.c +++ b/libc-test/src/functionalext/fortify/poll.c @@ -48,7 +48,7 @@ static void poll_0020(void) }; sigaction(SIGABRT, &sigabrt, NULL); - nfds_t fd_count = atoi("2"); // suppress compiler optimizations + nfds_t fd_count = atoi("2"); struct pollfd buf[1] = {{0, POLLIN, 0}}; int status; @@ -58,7 +58,7 @@ static void poll_0020(void) t_error("fork failed: %s\n", strerror(errno)); break; case 0: - // Set timeout to zero to prevent waiting in poll when fortify test fails. + // Set timeout to 0 to prevent waiting for polling if hardening tests fail. poll(buf, fd_count, 0); exit(0); default: @@ -100,7 +100,7 @@ static void ppoll_0020(void) }; sigaction(SIGABRT, &sigabrt, NULL); - nfds_t fd_count = atoi("2"); // suppress compiler optimizations + nfds_t fd_count = atoi("2"); struct pollfd buf[1] = {{0, POLLIN, 0}}; // Set timeout to zero to prevent waiting in ppoll when fortify test fails. struct timespec timeout; diff --git a/libc-test/src/functionalext/fortify/socket.c b/libc-test/src/functionalext/fortify/socket.c index 2319ce19..f4e14045 100644 --- a/libc-test/src/functionalext/fortify/socket.c +++ b/libc-test/src/functionalext/fortify/socket.c @@ -56,7 +56,7 @@ static void send_0010(void) }; sigaction(SIGABRT, &sigabrt, NULL); - size_t data_len = atoi("11"); // suppress compiler optimizations + size_t data_len = atoi("11"); char buf[BUF_SIZE_10]; int status; int pid = fork(); @@ -91,7 +91,7 @@ static void recv_0010(void) }; sigaction(SIGABRT, &sigabrt, NULL); - size_t data_len = atoi("11"); // suppress compiler optimizations + size_t data_len = atoi("11"); char buf[BUF_SIZE_10]; int status; int pid = fork(); @@ -153,7 +153,7 @@ static void sendto_0010(void) }; sigaction(SIGABRT, &sigabrt, NULL); - size_t data_len = atoi("11"); // suppress compiler optimizations + size_t data_len = atoi("11"); char buf[BUF_SIZE_10]; int status; int pid = fork(); @@ -188,7 +188,7 @@ static void recvfrom_0010(void) }; sigaction(SIGABRT, &sigabrt, NULL); - size_t data_len = atoi("11"); // suppress compiler optimizations + size_t data_len = atoi("11"); char buf[BUF_SIZE_10]; int status; int pid = fork(); diff --git a/porting/linux/user/include/fortify/fcntl.h b/porting/linux/user/include/fortify/fcntl.h index c0b4a561..be44fbd2 100644 --- a/porting/linux/user/include/fortify/fcntl.h +++ b/porting/linux/user/include/fortify/fcntl.h @@ -30,7 +30,7 @@ int __open64_diagnose(const char*, int); int __openat64_diagnose(int, const char*, int); #endif /* - * These are the easiest way to call the real open even in clang FORTIFY. + * Even in musl FORTIFY, the following is the easiest way to call a real open. */ int __open_real(const char*, int, ...) __DIAGNOSE_RENAME(open); int __openat_real(int, const char*, int, ...) __DIAGNOSE_RENAME(openat); @@ -41,84 +41,84 @@ int __openat64_real(int, const char*, int, ...) __DIAGNOSE_RENAME(openat64); #ifdef __FORTIFY_COMPILATION __DIAGNOSE_FORTIFY_INLINE -int open(const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags) +int open(const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags) __DIAGNOSE_OVERLOAD __DIAGNOSE_ERROR_IF(__DIAGNOSE_OPEN_MODES_USEFUL(flags), "'open' " OPEN_TOO_FEW_ARGS_ERROR) { #ifdef __FORTIFY_RUNTIME - return __open_diagnose(pathname, flags); + return __open_diagnose(path, flags); #else - return __open_real(pathname, flags); + return __open_real(path, flags); #endif } __DIAGNOSE_FORTIFY_INLINE -int open(const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags, unsigned modes) +int open(const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags, unsigned modes) __DIAGNOSE_OVERLOAD __DIAGNOSE_WARNING_IF(!__DIAGNOSE_OPEN_MODES_USEFUL(flags) && modes, "'open' " OPEN_USELESS_MODES_WARNING) { - return __open_real(pathname, flags, modes); + return __open_real(path, flags, modes); } __DIAGNOSE_FORTIFY_INLINE -int openat(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags) +int openat(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags) __DIAGNOSE_OVERLOAD __DIAGNOSE_ERROR_IF(__DIAGNOSE_OPEN_MODES_USEFUL(flags), "'openat' " OPEN_TOO_FEW_ARGS_ERROR) { #ifdef __FORTIFY_RUNTIME - return __openat_diagnose(dirfd, pathname, flags); + return __openat_diagnose(dirfd, path, flags); #else - return __openat_real(dirfd, pathname, flags); + return __openat_real(dirfd, path, flags); #endif } __DIAGNOSE_FORTIFY_INLINE -int openat(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags, mode_t modes) +int openat(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags, mode_t modes) __DIAGNOSE_OVERLOAD __DIAGNOSE_WARNING_IF(!__DIAGNOSE_OPEN_MODES_USEFUL(flags) && modes, "'openat' " OPEN_USELESS_MODES_WARNING) { - return __openat_real(dirfd, pathname, flags, modes); + return __openat_real(dirfd, path, flags, modes); } #if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE) __DIAGNOSE_FORTIFY_INLINE -int open64(const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags) +int open64(const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags) __DIAGNOSE_OVERLOAD __DIAGNOSE_ERROR_IF(__DIAGNOSE_OPEN_MODES_USEFUL(flags), "'open64' " OPEN_TOO_FEW_ARGS_ERROR) { #ifdef __FORTIFY_RUNTIME - return __open64_diagnose(pathname, flags); + return __open64_diagnose(path, flags); #else - return __open64_real(pathname, flags); + return __open64_real(path, flags); #endif } __DIAGNOSE_FORTIFY_INLINE -int open64(const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags, mode_t modes) +int open64(const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags, mode_t modes) __DIAGNOSE_OVERLOAD __DIAGNOSE_WARNING_IF(!__DIAGNOSE_OPEN_MODES_USEFUL(flags) && modes, "'open64' " OPEN_USELESS_MODES_WARNING) { - return __open64_real(pathname, flags, modes); + return __open64_real(path, flags, modes); } __DIAGNOSE_FORTIFY_INLINE -int openat64(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags) +int openat64(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags) __DIAGNOSE_OVERLOAD __DIAGNOSE_ERROR_IF(__DIAGNOSE_OPEN_MODES_USEFUL(flags), "'openat64' " OPEN_TOO_FEW_ARGS_ERROR) { #ifdef __FORTIFY_RUNTIME - return __openat64_diagnose(dirfd, pathname, flags); + return __openat64_diagnose(dirfd, path, flags); #else - return __openat64_real(dirfd, pathname, flags); + return __openat64_real(dirfd, path, flags); #endif } __DIAGNOSE_FORTIFY_INLINE -int openat64(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE pathname, int flags, mode_t modes) +int openat64(int dirfd, const char* const __DIAGNOSE_PASS_OBJECT_SIZE path, int flags, mode_t modes) __DIAGNOSE_OVERLOAD __DIAGNOSE_WARNING_IF(!__DIAGNOSE_OPEN_MODES_USEFUL(flags) && modes, "'openat64' " OPEN_USELESS_MODES_WARNING) { - return __openat64_real(dirfd, pathname, flags, modes); + return __openat64_real(dirfd, path, flags, modes); } #endif diff --git a/porting/linux/user/include/fortify/fortify.h b/porting/linux/user/include/fortify/fortify.h index a3cc002a..33010f5a 100644 --- a/porting/linux/user/include/fortify/fortify.h +++ b/porting/linux/user/include/fortify/fortify.h @@ -82,14 +82,14 @@ extern "C" { #define __DIAGNOSE_PASS_OBJECT_SIZE0 __DIAGNOSE_PASS_OBJECT_SIZE_N(0) #define __DIAGNOSE_FORTIFY_UNKNOWN_SIZE ((unsigned int) -1) -/* Intended for use in unevaluated contexts, e.g. diagnose_if conditions. */ +/* The following are intended for use in unevaluated environments, e.g. diagnose_if conditions. */ #define __DIAGNOSE_UNEVALUATED_LT(bos_val, val) \ ((bos_val) != __DIAGNOSE_FORTIFY_UNKNOWN_SIZE && (bos_val) < (val)) #define __DIAGNOSE_UNEVALUATED_LE(bos_val, val) \ ((bos_val) != __DIAGNOSE_FORTIFY_UNKNOWN_SIZE && (bos_val) <= (val)) -/* Intended for use in evaluated contexts. */ +/* The following acts in the context of evaluation. */ #define __DIAGNOSE_BOS_DYNAMIC_CHECK_IMPL_AND(bos_val, op, index, cond) \ ((bos_val) == __DIAGNOSE_FORTIFY_UNKNOWN_SIZE || \ (__builtin_constant_p(index) && bos_val op index && (cond))) @@ -102,7 +102,10 @@ extern "C" { #define __DIAGNOSE_OVERLOAD __attribute__((overloadable)) -/* Used to rename functions so that the compiler emits a call to 'x' rather than the function this was applied to. */ +/* + * A function to prevent this function from being applied. + * Used to rename the function so that the compiler emits a call to "x". + */ #define __DIAGNOSE_RENAME(x) __asm__(#x) #define __DIAGNOSE_OPEN_MODES_USEFUL(flags) (((flags) & O_CREAT) || ((flags) & O_TMPFILE) == O_TMPFILE) #define __DIAGNOSE_BOS_FD_COUNT_TRIVIALLY_SAFE(bos_val, fds, fd_count) \ @@ -116,14 +119,14 @@ extern "C" { !__DIAGNOSE_UNSAFE_CHK_MUL_OVERFLOW(size, count)) #define FORTIFY_RUNTIME_ERROR_PREFIX "Musl Fortify runtime error: " -#define OPEN_TOO_MANY_ARGS_ERROR "too many arguments" -#define OPEN_TOO_FEW_ARGS_ERROR "called with O_CREAT or O_TMPFILE, but missing mode" -#define OPEN_USELESS_MODES_WARNING "has superfluous mode bits; missing O_CREAT?" -#define CALLED_WITH_STRING_BIGGER_BUFFER "called with string bigger than buffer" -#define FD_COUNT_LARGE_GIVEN_BUFFER "fd_count is larger than the given buffer" -#define CALLED_WITH_SIZE_BIGGER_BUFFER "called with size bigger than buffer" -#define OUTPUT_PARAMETER_BYTES "output parameter must be NULL or a pointer to a buffer with >= FORTIFY_PATH_MAX bytes" -#define SIZE_LARGER_THEN_DESTINATION_BUFFER "size is larger than the destination buffer" +#define OPEN_TOO_MANY_ARGS_ERROR "There are too many arguments" +#define OPEN_TOO_FEW_ARGS_ERROR "invoking with O_CREAT or O_TMPFILE, but missing pattern." +#define OPEN_USELESS_MODES_WARNING "having redundant mode bits; but missing O_CREAT." +#define CALLED_WITH_STRING_BIGGER_BUFFER "called with a string larger than the buffer" +#define FD_COUNT_LARGE_GIVEN_BUFFER "fd_count is greater than the given buffer" +#define CALLED_WITH_SIZE_BIGGER_BUFFER "called with bigger size than the buffer" +#define OUTPUT_PARAMETER_BYTES "the output parameter must be nullptr or a pointer to the buffer with >= FORTIFY_PATH_MAX bytes" +#define SIZE_LARGER_THEN_DESTINATION_BUFFER "the size is greater than the target buffer" void __fortify_error(const char* info, ...); diff --git a/porting/linux/user/include/fortify/poll.h b/porting/linux/user/include/fortify/poll.h index 3da09b72..4e7d622e 100644 --- a/porting/linux/user/include/fortify/poll.h +++ b/porting/linux/user/include/fortify/poll.h @@ -31,37 +31,37 @@ int __ppoll_chk(struct pollfd*, nfds_t, const struct timespec*, const sigset_t*, #ifdef __FORTIFY_COMPILATION __DIAGNOSE_FORTIFY_INLINE -int poll(struct pollfd* const fds __DIAGNOSE_PASS_OBJECT_SIZE, nfds_t fd_count, int timeout) +int poll(struct pollfd* const fds __DIAGNOSE_PASS_OBJECT_SIZE, nfds_t fd_amount, int timeout) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(fds), sizeof(*fds) * fd_count), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(fds), sizeof(*fds) * fd_amount), "in call to 'poll', " FD_COUNT_LARGE_GIVEN_BUFFER) { #ifdef __FORTIFY_RUNTIME size_t bos_fds = __DIAGNOSE_BOS(fds); - if (!__DIAGNOSE_BOS_FD_COUNT_TRIVIALLY_SAFE(bos_fds, fds, fd_count)) { - return __poll_diagnose(fds, fd_count, timeout, bos_fds); + if (!__DIAGNOSE_BOS_FD_COUNT_TRIVIALLY_SAFE(bos_fds, fds, fd_amount)) { + return __poll_diagnose(fds, fd_amount, timeout, bos_fds); } #endif - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(poll)(fds, fd_count, timeout); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(poll)(fds, fd_amount, timeout); } #ifdef _GNU_SOURCE __DIAGNOSE_FORTIFY_INLINE -int ppoll(struct pollfd* const fds __DIAGNOSE_PASS_OBJECT_SIZE, nfds_t fd_count, +int ppoll(struct pollfd* const fds __DIAGNOSE_PASS_OBJECT_SIZE, nfds_t fd_amount, const struct timespec* timeout, const sigset_t* mask) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(fds), sizeof(*fds) * fd_count), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(fds), sizeof(*fds) * fd_amount), "in call to 'ppoll', " FD_COUNT_LARGE_GIVEN_BUFFER) { #ifdef __FORTIFY_RUNTIME size_t bos_fds = __DIAGNOSE_BOS(fds); - if (!__DIAGNOSE_BOS_FD_COUNT_TRIVIALLY_SAFE(bos_fds, fds, fd_count)) { - return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds); + if (!__DIAGNOSE_BOS_FD_COUNT_TRIVIALLY_SAFE(bos_fds, fds, fd_amount)) { + return __ppoll_chk(fds, fd_amount, timeout, mask, bos_fds); } #endif - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(ppoll)(fds, fd_count, timeout, mask); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(ppoll)(fds, fd_amount, timeout, mask); } #endif diff --git a/porting/linux/user/include/fortify/stat.h b/porting/linux/user/include/fortify/stat.h index c93db073..ac45d21a 100644 --- a/porting/linux/user/include/fortify/stat.h +++ b/porting/linux/user/include/fortify/stat.h @@ -27,12 +27,12 @@ mode_t __umask_diagnose(mode_t); mode_t __umask_real(mode_t mode) __DIAGNOSE_RENAME(umask); #ifdef __FORTIFY_COMPILATION -/* Abuse enable_if to make this an overload of umask. */ +/* Overload of umask. */ __DIAGNOSE_FORTIFY_INLINE mode_t umask(mode_t mode) __DIAGNOSE_OVERLOAD __DIAGNOSE_ENABLE_IF(1, "") -__DIAGNOSE_ERROR_IF(mode & ~0777, "'umask' called with invalid mode") +__DIAGNOSE_ERROR_IF(mode & ~0777, "'umask' was called in invalid mode") { #ifdef __FORTIFY_RUNTIME return __umask_diagnose(mode); diff --git a/porting/linux/user/include/fortify/stdio.h b/porting/linux/user/include/fortify/stdio.h index b4dc72f5..1e7de856 100644 --- a/porting/linux/user/include/fortify/stdio.h +++ b/porting/linux/user/include/fortify/stdio.h @@ -77,7 +77,7 @@ __DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS0(buf), size * count __DIAGNOSE_FORTIFY_INLINE char* fgets(char* const __DIAGNOSE_PASS_OBJECT_SIZE dest, int size, FILE* stream) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(size < 0, "in call to 'fgets', size should not be negative") +__DIAGNOSE_ERROR_IF(size < 0, "in call to 'fgets', size should not be less than 0") __DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(dest), size), "in call to 'fgets', " SIZE_LARGER_THEN_DESTINATION_BUFFER) { @@ -111,10 +111,10 @@ __DIAGNOSE_FORTIFY_VARIADIC __DIAGNOSE_PRINTFLIKE(FORMAT_PLACE_2, VALIST_PLACE_3 int sprintf(char* const __DIAGNOSE_PASS_OBJECT_SIZE dest, const char* format, ...) __DIAGNOSE_OVERLOAD { - va_list va; - va_start(va, format); - int result = __builtin___vsprintf_chk(dest, 0, __DIAGNOSE_BOS(dest), format, va); - va_end(va); + va_list va_l; + va_start(va_l, format); + int result = __builtin___vsprintf_chk(dest, 0, __DIAGNOSE_BOS(dest), format, va_l); + va_end(va_l); return result; } @@ -122,10 +122,10 @@ __DIAGNOSE_FORTIFY_VARIADIC __DIAGNOSE_PRINTFLIKE(FORMAT_PLACE_3, VALIST_PLACE_4 int snprintf(char* const __DIAGNOSE_PASS_OBJECT_SIZE dest, size_t size, const char* format, ...) __DIAGNOSE_OVERLOAD { - va_list va; - va_start(va, format); - int result = __builtin___vsnprintf_chk(dest, size, 0, __DIAGNOSE_BOS(dest), format, va); - va_end(va); + va_list va_l; + va_start(va_l, format); + int result = __builtin___vsnprintf_chk(dest, size, 0, __DIAGNOSE_BOS(dest), format, va_l); + va_end(va_l); return result; } diff --git a/porting/linux/user/include/fortify/string.h b/porting/linux/user/include/fortify/string.h index a11a95b1..87cb3ba8 100644 --- a/porting/linux/user/include/fortify/string.h +++ b/porting/linux/user/include/fortify/string.h @@ -33,132 +33,132 @@ size_t __strlen_chk(const char* s, size_t s_len); #ifdef __FORTIFY_COMPILATION __DIAGNOSE_FORTIFY_INLINE -char *strcpy(char *const dst __DIAGNOSE_PASS_OBJECT_SIZE, const char *src) +char *strcpy(char *const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char *src) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LE(__DIAGNOSE_BOS(dst), __builtin_strlen(src)), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LE(__DIAGNOSE_BOS(dest), __builtin_strlen(src)), "'strcpy' " CALLED_WITH_STRING_BIGGER_BUFFER) { #ifdef __FORTIFY_RUNTIME - return __builtin___strcpy_chk(dst, src, __DIAGNOSE_BOS(dst)); + return __builtin___strcpy_chk(dest, src, __DIAGNOSE_BOS(dest)); #else - return __builtin_strcpy(dst, src); + return __builtin_strcpy(dest, src); #endif } __DIAGNOSE_FORTIFY_INLINE -char *stpcpy(char *const dst __DIAGNOSE_PASS_OBJECT_SIZE, const char *src) +char *stpcpy(char *const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char *src) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LE(__DIAGNOSE_BOS(dst), __builtin_strlen(src)), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LE(__DIAGNOSE_BOS(dest), __builtin_strlen(src)), "'stpcpy' " CALLED_WITH_STRING_BIGGER_BUFFER) { #ifdef __FORTIFY_RUNTIME - return __builtin___stpcpy_chk(dst, src, __DIAGNOSE_BOS(dst)); + return __builtin___stpcpy_chk(dest, src, __DIAGNOSE_BOS(dest)); #else - return __builtin_stpcpy(dst, src); + return __builtin_stpcpy(dest, src); #endif } __DIAGNOSE_FORTIFY_INLINE -void *memmove(void *const dst __DIAGNOSE_PASS_OBJECT_SIZE0, const void *src, size_t len) +void *memmove(void *const dest __DIAGNOSE_PASS_OBJECT_SIZE0, const void *src, size_t len) __DIAGNOSE_OVERLOAD { #ifdef __FORTIFY_RUNTIME - return __builtin___memmove_chk(dst, src, len, __DIAGNOSE_BOS(dst)); + return __builtin___memmove_chk(dest, src, len, __DIAGNOSE_BOS(dest)); #else - return __builtin_memmove(dst, src, len); + return __builtin_memmove(dest, src, len); #endif } __DIAGNOSE_FORTIFY_INLINE -void *mempcpy(void *const dst __DIAGNOSE_PASS_OBJECT_SIZE, const void *src, size_t copy_amount) +void *mempcpy(void *const dest __DIAGNOSE_PASS_OBJECT_SIZE, const void *src, size_t copy_amount) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS0(dst), copy_amount), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS0(dest), copy_amount), "'mempcpy' " CALLED_WITH_STRING_BIGGER_BUFFER) { #ifdef __FORTIFY_RUNTIME - return __builtin___mempcpy_chk(dst, src, copy_amount, __DIAGNOSE_BOS0(dst)); + return __builtin___mempcpy_chk(dest, src, copy_amount, __DIAGNOSE_BOS0(dest)); #else - return __builtin_mempcpy(dst, src, copy_amount); + return __builtin_mempcpy(dest, src, copy_amount); #endif } __DIAGNOSE_FORTIFY_INLINE -char *strcat(char *const dst __DIAGNOSE_PASS_OBJECT_SIZE, const char *src) +char *strcat(char *const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char *src) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LE(__DIAGNOSE_BOS(dst), __builtin_strlen(src)), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LE(__DIAGNOSE_BOS(dest), __builtin_strlen(src)), "'strcat' " CALLED_WITH_STRING_BIGGER_BUFFER) { #ifdef __FORTIFY_RUNTIME - return __builtin___strcat_chk(dst, src, __DIAGNOSE_BOS(dst)); + return __builtin___strcat_chk(dest, src, __DIAGNOSE_BOS(dest)); #else - return __builtin_strcat(dst, src); + return __builtin_strcat(dest, src); #endif } #ifdef __FORTIFY_RUNTIME __DIAGNOSE_FORTIFY_INLINE -char *strncat(char* const dst __DIAGNOSE_PASS_OBJECT_SIZE, const char* src, size_t n) +char *strncat(char* const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char* src, size_t n) __DIAGNOSE_OVERLOAD { - return __builtin___strncat_chk(dst, src, n, __DIAGNOSE_BOS(dst)); + return __builtin___strncat_chk(dest, src, n, __DIAGNOSE_BOS(dest)); } #endif #ifdef __FORTIFY_RUNTIME __DIAGNOSE_FORTIFY_INLINE -char *stpncpy(char *const dst __DIAGNOSE_PASS_OBJECT_SIZE, +char *stpncpy(char *const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char *const src __DIAGNOSE_PASS_OBJECT_SIZE, size_t n) __DIAGNOSE_OVERLOAD { - size_t bos_dst = __DIAGNOSE_BOS(dst); - return __builtin___stpncpy_chk(dst, src, n, bos_dst); + size_t bos_dest = __DIAGNOSE_BOS(dest); + return __builtin___stpncpy_chk(dest, src, n, bos_dest); } #endif #ifdef __FORTIFY_RUNTIME __DIAGNOSE_FORTIFY_INLINE -char *strncpy(char *const dst __DIAGNOSE_PASS_OBJECT_SIZE, +char *strncpy(char *const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char *const src __DIAGNOSE_PASS_OBJECT_SIZE, size_t n) __DIAGNOSE_OVERLOAD { - size_t bos_dst = __DIAGNOSE_BOS(dst); - return __builtin___strncpy_chk(dst, src, n, bos_dst); + size_t bos_dest = __DIAGNOSE_BOS(dest); + return __builtin___strncpy_chk(dest, src, n, bos_dest); } #endif #ifdef __FORTIFY_RUNTIME __DIAGNOSE_FORTIFY_INLINE -void *memcpy(void *const dst __DIAGNOSE_PASS_OBJECT_SIZE0, const void *src, size_t copy_amount) +void *memcpy(void *const dest __DIAGNOSE_PASS_OBJECT_SIZE0, const void *src, size_t copy_amount) __DIAGNOSE_OVERLOAD { - return __builtin___memcpy_chk(dst, src, copy_amount, __DIAGNOSE_BOS0(dst)); + return __builtin___memcpy_chk(dest, src, copy_amount, __DIAGNOSE_BOS0(dest)); } #endif #if defined(_BSD_SOURCE) || defined(_GNU_SOURCE) __DIAGNOSE_FORTIFY_INLINE -size_t strlcpy(char *const dst __DIAGNOSE_PASS_OBJECT_SIZE, const char *src, size_t size) +size_t strlcpy(char *const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char *src, size_t size) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(dst), size), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(dest), size), "'strlcpy' called with size bigger than buffer") { #ifdef __FORTIFY_RUNTIME - return __strlcpy_diagnose(dst, src, size, __DIAGNOSE_BOS(dst)); + return __strlcpy_diagnose(dest, src, size, __DIAGNOSE_BOS(dest)); #else - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcpy)(dst, src, size); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcpy)(dest, src, size); #endif } __DIAGNOSE_FORTIFY_INLINE -size_t strlcat(char* const dst __DIAGNOSE_PASS_OBJECT_SIZE, const char* src, size_t size) +size_t strlcat(char* const dest __DIAGNOSE_PASS_OBJECT_SIZE, const char* src, size_t size) __DIAGNOSE_OVERLOAD -__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(dst), size), +__DIAGNOSE_ERROR_IF(__DIAGNOSE_UNEVALUATED_LT(__DIAGNOSE_BOS(dest), size), "'strlcat' called with size bigger than buffer") { #ifdef __FORTIFY_RUNTIME - return __strlcat_diagnose(dst, src, size, __DIAGNOSE_BOS(dst)); + return __strlcat_diagnose(dest, src, size, __DIAGNOSE_BOS(dest)); #else - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcat)(dst, src, size); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcat)(dest, src, size); #endif } #endif // defined(_GNU_SOURCE) || defined(_BSD_SOURCE) diff --git a/porting/linux/user/src/fortify/fortify.c b/porting/linux/user/src/fortify/fortify.c index 5804a55e..28292f7b 100644 --- a/porting/linux/user/src/fortify/fortify.c +++ b/porting/linux/user/src/fortify/fortify.c @@ -119,7 +119,7 @@ static inline void __diagnose_buffer_access(const char* fn, const char* action, size_t claim, size_t actual) { if (__DIAGNOSE_PREDICT_FALSE(claim > actual)) { - __fortify_error("%s: prevented %zu-byte %s %zu-byte buffer\n", fn, claim, action, actual); + __fortify_error("%s: avoid %zu-byte %s %zu-byte buffer\n", fn, claim, action, actual); } } @@ -157,8 +157,8 @@ mode_t __umask_diagnose(mode_t mode) return __umask_real(mode); } -// Runtime implementation of string related interface -// (used directly by the compiler, not in a header file). +// Runtime implementation of the string-dependent interface. +// Used directly by the compiler, not in a header file. static inline void __diagnose_count(const char *fn, const char *identifier, size_t value) { if (__DIAGNOSE_PREDICT_FALSE(value > LONG_MAX)) { @@ -170,59 +170,59 @@ size_t __strlen_chk(const char* s, size_t s_len) { size_t ret = __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlen)(s); if (__DIAGNOSE_PREDICT_FALSE(ret >= s_len)) { - __fortify_error("strlen: detected read past end of buffer\n"); + __fortify_error("strlen: diagnose read exceed end of buffer\n"); } return ret; } -char* __strncat_chk(char* dst, const char* src, size_t len, size_t dst_buf_size) +char* __strncat_chk(char* dest, const char* src, size_t len, size_t dst_buf_size) { - size_t src_len = strlen(src) + strlen(dst); + size_t src_len = strlen(src) + strlen(dest); __diagnose_buffer_access("strncat", "write into", src_len, dst_buf_size); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strncat)(dst, src, len); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strncat)(dest, src, len); } -char* __strcat_chk(char* dst, const char* src, size_t dst_buf_size) +char* __strcat_chk(char* dest, const char* src, size_t dst_buf_size) { - size_t src_len = strlen(src) + strlen(dst); + size_t src_len = strlen(src) + strlen(dest); __diagnose_buffer_access("strcat", "write into", src_len, dst_buf_size); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strcat)(dst, src); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strcat)(dest, src); } -char* __strcpy_chk(char* dst, const char* src, size_t dst_len) +char* __strcpy_chk(char* dest, const char* src, size_t dst_len) { size_t src_len = strlen(src) + 1; __diagnose_buffer_access("strcpy", "write into", src_len, dst_len); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strcpy)(dst, src); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strcpy)(dest, src); } -void* __memmove_chk(void* dst, const void* src, size_t len, size_t dst_len) +void* __memmove_chk(void* dest, const void* src, size_t len, size_t dst_len) { __diagnose_buffer_access("memmove", "write into", len, dst_len); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(memmove)(dst, src, len); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(memmove)(dest, src, len); } -void* __memcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) +void* __memcpy_chk(void* dest, const void* src, size_t count, size_t dst_len) { __diagnose_count("memcpy", "count", count); __diagnose_buffer_access("memcpy", "write into", count, dst_len); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(memcpy)(dst, src, count); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(memcpy)(dest, src, count); } #ifdef _GNU_SOURCE -void* __mempcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) +void* __mempcpy_chk(void* dest, const void* src, size_t count, size_t dst_len) { __diagnose_count("mempcpy", "count", count); __diagnose_buffer_access("mempcpy", "write into", count, dst_len); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(mempcpy)(dst, src, count); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(mempcpy)(dest, src, count); } #endif -char* __stpcpy_chk(char* dst, const char* src, size_t dst_len) +char* __stpcpy_chk(char* dest, const char* src, size_t dst_len) { size_t src_len = strlen(src); __diagnose_buffer_access("stpcpy", "write into", src_len, dst_len); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(stpcpy)(dst, src); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(stpcpy)(dest, src); } void* __memchr_diagnose(const void* s, int c, size_t n, size_t actual_size) @@ -232,56 +232,56 @@ void* __memchr_diagnose(const void* s, int c, size_t n, size_t actual_size) return __DIAGNOSE_CALL_BYPASSING_FORTIFY(memchr)(const_cast_s, c, n); } -char* __stpncpy_chk(char* dst, const char* src, size_t len, size_t dst_len) +char* __stpncpy_chk(char* dest, const char* src, size_t len, size_t dst_len) { __diagnose_buffer_access("stpncpy", "write into", len, dst_len); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(stpncpy)(dst, src, len); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(stpncpy)(dest, src, len); } -char *__strncpy_chk(char *dst, const char *src, size_t len, size_t dst_len) +char *__strncpy_chk(char *dest, const char *src, size_t len, size_t dst_len) { __diagnose_buffer_access("strncpy", "write into", len, dst_len); if (len != 0) { - char *d = dst; + char *d = dest; const char *s = src; size_t src_len = strlen(src); do { size_t s_copy_len = (size_t)(s - src); if (__DIAGNOSE_PREDICT_FALSE(s_copy_len >= src_len)) { - __fortify_error("strncpy: detected read past end of %zu-byte buffer\n", src_len); + __fortify_error("strncpy: diagnose read exceed end of %zu-byte buffer\n", src_len); } } while (--len != 0); } - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strncpy)(dst, src, len); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strncpy)(dest, src, len); } -void *__memset_chk(void *dst, int byte, size_t count, size_t dst_len) +void *__memset_chk(void *dest, int byte, size_t count, size_t dst_len) { __diagnose_count("memset", "count", count); __diagnose_buffer_access("memset", "write into", count, dst_len); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(memset)(dst, byte, count); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(memset)(dest, byte, count); } #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) -size_t __strlcpy_diagnose(char *dst, const char *src, +size_t __strlcpy_diagnose(char *dest, const char *src, size_t supplied_size, size_t dst_len_from_compiler) { __diagnose_buffer_access("strlcpy", "write into", supplied_size, dst_len_from_compiler); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcpy)(dst, src, supplied_size); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcpy)(dest, src, supplied_size); } -size_t __strlcat_diagnose(char *dst, const char *src, +size_t __strlcat_diagnose(char *dest, const char *src, size_t supplied_size, size_t dst_len_from_compiler) { __diagnose_buffer_access("strlcat", "write into", supplied_size, dst_len_from_compiler); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcat)(dst, src, supplied_size); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strlcat)(dest, src, supplied_size); } #endif char* __strchr_diagnose(const char *s, int c, size_t s_len) { if (s_len == 0) { - __fortify_error("strchr: prevented read past end of buffer\n"); + __fortify_error("strchr: avoid read exceed end of buffer\n"); } return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strchr)(s, c); } @@ -289,7 +289,7 @@ char* __strchr_diagnose(const char *s, int c, size_t s_len) char *__strrchr_diagnose(const char *s, int c, size_t s_len) { if (s_len == 0) { - __fortify_error("strrchr: prevented read past end of buffer\n"); + __fortify_error("strrchr: avoid read exceed end of buffer\n"); } return __DIAGNOSE_CALL_BYPASSING_FORTIFY(strrchr)(s, c); } @@ -373,49 +373,49 @@ size_t __fwrite_chk(const void* buf, size_t size, size_t count, FILE* stream, si return __DIAGNOSE_CALL_BYPASSING_FORTIFY(fwrite)(buf, size, count, stream); } -char* __fgets_chk(char* dst, int supplied_size, FILE* stream, size_t dst_len_from_compiler) +char* __fgets_chk(char* dest, int supplied_size, FILE* stream, size_t dst_len_from_compiler) { __diagnose_buffer_access("fgets", "write into", supplied_size, dst_len_from_compiler); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(fgets)(dst, supplied_size, stream); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(fgets)(dest, supplied_size, stream); } -int __vsnprintf_chk(char* dst, size_t supplied_size, int flags, +int __vsnprintf_chk(char* dest, size_t supplied_size, int flags, size_t dst_len_from_compiler, const char* format, va_list va) { __diagnose_buffer_access("vsnprintf", "write into", supplied_size, dst_len_from_compiler); - return __DIAGNOSE_CALL_BYPASSING_FORTIFY(vsnprintf)(dst, supplied_size, format, va); + return __DIAGNOSE_CALL_BYPASSING_FORTIFY(vsnprintf)(dest, supplied_size, format, va); } -int __vsprintf_chk(char* dst, int flags, +int __vsprintf_chk(char* dest, int flags, size_t dst_len_from_compiler, const char* format, va_list va) { - // The compiler uses SIZE_MAX to mean "no idea", but our vsnprintf rejects sizes that large. - int result = __DIAGNOSE_CALL_BYPASSING_FORTIFY(vsnprintf)(dst, + // The compiler has SIZE_MAX, But vsnprintf cannot use such a large size. + int result = __DIAGNOSE_CALL_BYPASSING_FORTIFY(vsnprintf)(dest, dst_len_from_compiler == SIZE_MAX ? SSIZE_MAX : dst_len_from_compiler, format, va); - // Try to catch failures after the fact... + // Attempts to find out after the fact fail. __diagnose_buffer_access("vsprintf", "write into", result + 1, dst_len_from_compiler); return result; } #undef SSIZE_MAX #undef SIZE_MAX -int __snprintf_chk(char* dst, size_t supplied_size, int flags, +int __snprintf_chk(char* dest, size_t supplied_size, int flags, size_t dst_len_from_compiler, const char* format, ...) { va_list va; va_start(va, format); - int result = __vsnprintf_chk(dst, supplied_size, flags, dst_len_from_compiler, format, va); + int result = __vsnprintf_chk(dest, supplied_size, flags, dst_len_from_compiler, format, va); va_end(va); return result; } -int __sprintf_chk(char* dst, int flags, size_t dst_len_from_compiler, const char* format, ...) +int __sprintf_chk(char* dest, int flags, size_t dst_len_from_compiler, const char* format, ...) { va_list va; va_start(va, format); - int result = __vsprintf_chk(dst, flags, dst_len_from_compiler, format, va); + int result = __vsprintf_chk(dest, flags, dst_len_from_compiler, format, va); va_end(va); return result; } -- GitLab