Import _FORTIFY_SOURCE implementation from NetBSD

This is a mostly-unmodified copy of the various *_chk implementations
and headers from NetBSD, without yet modifying system headers to start
actually including them.  A future commit will also apply the needed
bits to fix ssp/unistd.h.

Reviewed by:	imp, pauamma_gundo.com (both previous versions), kib
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D32306

etc/mtree/BSD.include.dist

@@ -372,6 +372,8 @@
         mac_veriexec
         ..
     ..
+    ssp
+    ..
     sys
         disk
         ..

include/Makefile

@@ -4,7 +4,7 @@
 
 PACKAGE=clibs
 CLEANFILES= osreldate.h version
-SUBDIR= arpa protocols rpcsvc rpc xlocale
+SUBDIR= arpa protocols rpcsvc rpc ssp xlocale
 .if ${MACHINE_CPUARCH} == "amd64"
 SUBDIR+=		i386
 INCLUDE_SUBDIRS+=	i386

include/ssp/Makefile

@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+INCS=	ssp.h stdio.h string.h strings.h unistd.h
+INCSDIR=	${INCLUDEDIR}/ssp
+
+.include <bsd.prog.mk>

include/ssp/ssp.h

@@ -0,0 +1,91 @@
+/*	$NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $	*/
+
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_SSP_H_
+#define _SSP_SSP_H_
+
+#include <sys/cdefs.h>
+
+#if !defined(__cplusplus)
+# if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \
+     (__OPTIMIZE__ > 0 || defined(__clang__))
+#  if _FORTIFY_SOURCE > 1
+#   define __SSP_FORTIFY_LEVEL 2
+#  else
+#   define __SSP_FORTIFY_LEVEL 1
+#  endif
+# else
+#  define __SSP_FORTIFY_LEVEL 0
+# endif
+#else
+# define __SSP_FORTIFY_LEVEL 0
+#endif
+
+#define	__ssp_var(type)	__CONCAT(__ssp_ ## type, __COUNTER__)
+
+/* __ssp_real is used by the implementation in libc */
+#if __SSP_FORTIFY_LEVEL == 0
+#define __ssp_real_(fun)	fun
+#else
+#define __ssp_real_(fun)	__ssp_real_ ## fun
+#endif
+#define __ssp_real(fun)		__ssp_real_(fun)
+
+#define __ssp_inline static __inline __attribute__((__always_inline__))
+
+#define __ssp_bos(ptr) __builtin_object_size(ptr, __SSP_FORTIFY_LEVEL > 1)
+#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)
+
+#define __ssp_check(buf, len, bos) \
+	if (bos(buf) != (size_t)-1 && len > bos(buf)) \
+		__chk_fail()
+#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \
+rtype __ssp_real_(fun) args __RENAME(symbol); \
+__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \
+__ssp_inline rtype fun args { \
+	if (cond) \
+		__ssp_check(__buf, __len, bos); \
+	return __ssp_real_(fun) call; \
+}
+
+#define __ssp_redirect(rtype, fun, args, call) \
+    __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos)
+#define __ssp_redirect0(rtype, fun, args, call) \
+    __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)
+
+__BEGIN_DECLS
+void __stack_chk_fail(void) __dead2;
+void __chk_fail(void) __dead2;
+__END_DECLS
+
+#endif /* _SSP_SSP_H_ */

include/ssp/stdio.h

@@ -0,0 +1,93 @@
+/*	$NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $	*/
+
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STDIO_H_
+#define _SSP_STDIO_H_
+
+#include <ssp/ssp.h>
+
+__BEGIN_DECLS
+int __sprintf_chk(char *__restrict, int, size_t, const char *__restrict, ...)
+    __printflike(4, 5);
+int __vsprintf_chk(char *__restrict, int, size_t, const char *__restrict,
+    __va_list)
+    __printflike(4, 0);
+int __snprintf_chk(char *__restrict, size_t, int, size_t,
+    const char *__restrict, ...)
+    __printflike(5, 6);
+int __vsnprintf_chk(char *__restrict, size_t, int, size_t,
+     const char *__restrict, __va_list)
+    __printflike(5, 0);
+char *__gets_chk(char *, size_t);
+char *__fgets_chk(char *, int, size_t, FILE *);
+__END_DECLS
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+#define sprintf(str, ...) ({	\
+    char *_ssp_str = (str);	\
+    __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),		\
+        __VA_ARGS__); \
+})
+
+#define vsprintf(str, fmt, ap) ({	\
+    char *_ssp_str = (str);		\
+    __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), fmt,	\
+        ap);				\
+})
+
+#define snprintf(str, len, ...) ({	\
+    char *_ssp_str = (str);		\
+    __builtin___snprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str),	\
+        __VA_ARGS__);			\
+})
+
+#define vsnprintf(str, len, fmt, ap) ({	\
+    char *_ssp_str = (str);		\
+    __builtin___vsnprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str),	\
+        fmt, ap);			\
+})
+
+#define gets(str) ({			\
+   char *_ssp_str = (str);		\
+    __gets_chk(_ssp_str, __ssp_bos(_ssp_str));	\
+})
+
+#define fgets(str, len, fp) ({		\
+    char *_ssp_str = (str);		\
+    __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp);	\
+})
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+
+#endif /* _SSP_STDIO_H_ */

include/ssp/string.h

@@ -0,0 +1,129 @@
+/*	$NetBSD: string.h,v 1.14 2020/09/05 13:37:59 mrg Exp $	*/
+
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STRING_H_
+#define _SSP_STRING_H_
+
+#include <ssp/ssp.h>
+
+__BEGIN_DECLS
+void *__memcpy_chk(void *, const void *, size_t, size_t);
+void *__memmove_chk(void *, const void *, size_t, size_t);
+void *__memset_chk(void *, int, size_t, size_t);
+char *__stpcpy_chk(char *, const char *, size_t);
+char *__stpncpy_chk(char *, const char *, size_t, size_t);
+char *__strcat_chk(char *, const char *, size_t);
+char *__strcpy_chk(char *, const char *, size_t);
+char *__strncat_chk(char *, const char *, size_t, size_t);
+char *__strncpy_chk(char *, const char *, size_t, size_t);
+__END_DECLS
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+#define __ssp_bos_check3_typed_var(fun, dsttype, dsrvar, dst, srctype, srcvar, \
+    src, lenvar, len) ({				\
+    srctype srcvar = (src);				\
+    dsttype dstvar = (dst);				\
+    size_t lenvar = (len);				\
+    ((__ssp_bos0(dstvar) != (size_t)-1) ?		\
+    __builtin___ ## fun ## _chk(dstvar, srcvar, lenvar,	\
+        __ssp_bos0(dstvar)) :				\
+    __ ## fun ## _ichk(dstvar, srcvar, lenvar));	\
+})
+
+#define __ssp_bos_check3_typed(fun, dsttype, dst, srctype, src, len)	\
+    __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), dst,	\
+        srctype, __ssp_var(srcv), src, __ssp_var(lenv), len)
+
+#define __ssp_bos_check3(fun, dst, src, len)		\
+    __ssp_bos_check3_typed_var(fun, void *, __ssp_var(dstv), dst,	\
+        const void *, __ssp_var(srcv), src, __ssp_var(lenv), len)
+
+#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src) ({		\
+    const void *srcvar = (src);				\
+    void *dstvar = (dst);				\
+    ((__ssp_bos0(dstvar) != (size_t)-1) ?		\
+    __builtin___ ## fun ## _chk(dstvar, srcvar,		\
+        __ssp_bos0(dstvar)) :				\
+    __ ## fun ## _ichk(dstvar, srcvar));		\
+})
+
+#define __ssp_bos_check2(fun, dst, src)			\
+    __ssp_bos_check2_var(fun, __ssp_var(dstv), dst, __ssp_var(srcv), src)
+
+#define __ssp_bos_icheck3_restrict(fun, type1, type2) \
+static __inline type1 __ ## fun ## _ichk(type1 __restrict, type2 __restrict, size_t); \
+static __inline __attribute__((__always_inline__)) type1 \
+__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src, size_t len) { \
+	return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \
+}
+
+#define __ssp_bos_icheck3(fun, type1, type2) \
+static __inline type1 __ ## fun ## _ichk(type1, type2, size_t); \
+static __inline __attribute__((__always_inline__)) type1 \
+__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \
+	return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \
+}
+
+#define __ssp_bos_icheck2_restrict(fun, type1, type2) \
+static __inline type1 __ ## fun ## _ichk(type1, type2); \
+static __inline __attribute__((__always_inline__)) type1 \
+__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \
+	return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \
+}
+
+__BEGIN_DECLS
+__ssp_bos_icheck3_restrict(memcpy, void *, const void *)
+__ssp_bos_icheck3(memmove, void *, const void *)
+__ssp_bos_icheck3(memset, void *, int)
+__ssp_bos_icheck2_restrict(stpcpy, char *, const char *)
+__ssp_bos_icheck3_restrict(stpncpy, char *, const char *)
+__ssp_bos_icheck2_restrict(strcpy, char *, const char *)
+__ssp_bos_icheck2_restrict(strcat, char *, const char *)
+__ssp_bos_icheck3_restrict(strncpy, char *, const char *)
+__ssp_bos_icheck3_restrict(strncat, char *, const char *)
+__END_DECLS
+
+#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
+#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len)
+#define memset(dst, val, len) \
+    __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
+#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src)
+#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len)
+#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src)
+#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src)
+#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len)
+#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len)
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+#endif /* _SSP_STRING_H_ */

include/ssp/strings.h

@@ -0,0 +1,67 @@
+/*	$NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp $	*/
+
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STRINGS_H_
+#define _SSP_STRINGS_H_
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+#define _ssp_bcopy(srcvar, src, dstvar, dst, lenvar,  len) ({	\
+    const void *srcvar = (src);			\
+    void *dstvar = (dst);			\
+    size_t lenvar = (len);			\
+    ((__ssp_bos0(dstvar) != (size_t)-1) ?	\
+    __builtin___memmove_chk(dstvar, srcvar, lenvar,	\
+        __ssp_bos0(dstvar)) :			\
+    __memmove_ichk(dstvar, srcvar, lenvar));	\
+})
+
+#define	bcopy(src, dst, len)			\
+    _ssp_bcopy(__ssp_var(srcv), src, __ssp_var(dstv), dst, __ssp_var(lenv), len)
+
+#define _ssp_bzero(dstvar, dst, lenvar, len) ({		\
+    void *dstvar = (dst);			\
+    size_t lenvar = (len);			\
+    ((__ssp_bos0(dstvar) != (size_t)-1) ?	\
+    __builtin___memset_chk(dstvar, 0, lenvar,	\
+        __ssp_bos0(dstvar)) : \
+    __memset_ichk(dstvar, 0, lenvar));		\
+})
+
+#define	bzero(dst, len)	_ssp_bzero(__ssp_var(dstv), dst, __ssp_var(lenv), len)
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+#endif /* _SSP_STRINGS_H_ */

include/ssp/unistd.h

@@ -0,0 +1,54 @@
+/*	$NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $	*/
+
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_UNISTD_H_
+#define _SSP_UNISTD_H_
+
+#include <ssp/ssp.h>
+
+#if __SSP_FORTIFY_LEVEL > 0
+__BEGIN_DECLS
+
+__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \
+    (__fd, __buf, __len));
+
+__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \
+    char *__restrict __buf, size_t __len), (__path, __buf, __len));
+
+__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len),
+    (__buf, __len), __buf != 0, __ssp_bos);
+
+__END_DECLS
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+#endif /* _SSP_UNISTD_H_ */

lib/libc/secure/Makefile.inc

@@ -3,6 +3,17 @@
 
 .PATH: ${LIBC_SRCTOP}/secure
 
+# _FORTIFY_SOURCE
+SRCS+=	gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c memset_chk.c \
+	snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \
+	strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \
+	vsnprintf_chk.c vsprintf_chk.c
+
+CFLAGS.snprintf_chk.c+=	-Wno-unused-parameter
+CFLAGS.sprintf_chk.c+=	-Wno-unused-parameter
+CFLAGS.vsnprintf_chk.c+=	-Wno-unused-parameter
+CFLAGS.vsprintf_chk.c+=	-Wno-unused-parameter
+
 # Sources common to both syscall interfaces:
 SRCS+=	stack_protector.c \
 	stack_protector_compat.c

lib/libc/secure/Symbol.map

@@ -3,3 +3,21 @@ FBSD_1.0 {
 	__stack_chk_fail;
 	__stack_chk_guard;
 };
+
+FBSD_1.8 {
+	__gets_chk;
+	__fgets_chk;
+	__memcpy_chk;
+	__memmove_chk;
+	__memset_chk;
+	__snprintf_chk;
+	__sprintf_chk;
+	__stpcpy_chk;
+	__stpncpy_chk;
+	__strcat_chk;
+	__strcpy_chk;
+	__strncat_chk;
+	__strncpy_chk;
+	__vsnprintf_chk;
+	__vsprintf_chk;
+};

lib/libc/secure/fgets_chk.c

@@ -0,0 +1,54 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $");
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ssp/stdio.h>
+#include <ssp/string.h>
+#undef fgets
+
+char *
+__fgets_chk(char * __restrict buf, int len, size_t slen, FILE *fp)
+{
+	if (slen >= (size_t)INT_MAX)
+		return (fgets(buf, len, fp));
+
+	if (len >= 0 && (size_t)len > slen)
+		__chk_fail();
+
+	return (fgets(buf, len, fp));
+}

lib/libc/secure/gets_chk.c

@@ -0,0 +1,74 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $");
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <ssp/stdio.h>
+#include <ssp/string.h>
+
+char *__gets_unsafe(char *);
+
+char *
+__gets_chk(char * __restrict buf, size_t slen)
+{
+	char *abuf;
+	size_t len;
+
+	if (slen >= (size_t)INT_MAX)
+		return (__gets_unsafe(buf));
+
+	if ((abuf = malloc(slen + 1)) == NULL)
+		return (__gets_unsafe(buf));
+
+	if (fgets(abuf, (int)(slen + 1), stdin) == NULL) {
+		free(abuf);
+		return (NULL);
+	}
+
+	len = strlen(abuf);
+	if (len > 0 && abuf[len - 1] == '\n')
+		--len;
+
+	if (len >= slen)
+		__chk_fail();
+
+	(void)memcpy(buf, abuf, len);
+
+	buf[len] = '\0';
+	free(abuf);
+	return (buf);
+}

lib/libc/secure/memcpy_chk.c

@@ -0,0 +1,53 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+#undef memcpy
+
+#include "ssp_internal.h"
+
+void *
+__memcpy_chk(void * __restrict dst, const void * __restrict src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap((const char *)src, (const char *)dst, len))
+		__chk_fail();
+
+	return (memcpy(dst, src, len));
+}

lib/libc/secure/memmove_chk.c

@@ -0,0 +1,47 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:37:59 mrg Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+#undef memmove
+
+void *
+__memmove_chk(void *dst, const void *src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+	return (memmove(dst, src, len));
+}

lib/libc/secure/memset_chk.c

@@ -0,0 +1,46 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+#undef memset
+
+void *
+__memset_chk(void * __restrict dst, int val, size_t len, size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+	return (memset(dst, val, len));
+}

lib/libc/secure/snprintf_chk.c

@@ -0,0 +1,56 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $");
+
+#include <stdarg.h>
+#include <stdio.h>
+
+#include <ssp/stdio.h>
+#undef vsnprintf
+
+int
+__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen,
+    const char * __restrict fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	if (len > slen)
+		__chk_fail();
+
+	va_start(ap, fmt);
+	rv = vsnprintf(buf, len, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}

lib/libc/secure/sprintf_chk.c

@@ -0,0 +1,61 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: sprintf_chk.c,v 1.6 2009/02/05 05:40:36 lukem Exp $");
+
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+#include <ssp/stdio.h>
+#undef vsnprintf
+#undef vsprintf
+
+int
+__sprintf_chk(char * __restrict buf, int flags, size_t slen,
+    const char * __restrict fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	va_start(ap, fmt);
+	if (slen > (size_t)INT_MAX)
+		rv = vsprintf(buf, fmt, ap);
+	else {
+		if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 &&
+		    (size_t)rv >= slen)
+			__chk_fail();
+	}
+	va_end(ap);
+
+	return (rv);
+}

lib/libc/secure/ssp_internal.h

@@ -0,0 +1,37 @@
+/*	$NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $	*/
+
+/*-
+ * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SECURE_SSP_INTERNAL_H_
+#define _SECURE_SSP_INTERNAL_H_
+
+#define __ssp_overlap(a, b, l) \
+    (((a) <= (b) && (b) < (a) + (l)) || ((b) <= (a) && (a) < (b) + (l)))
+
+#endif /* _SECURE_SSP_INTERNAL_H_ */

lib/libc/secure/stpcpy_chk.c

@@ -0,0 +1,55 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2013 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: stpcpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+#undef memcpy
+
+#include "ssp_internal.h"
+
+char *
+__stpcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+	size_t len = strlen(src);
+
+	if (len >= slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	(void)memcpy(dst, src, len + 1);
+	return (dst + len);
+}

lib/libc/secure/stpncpy_chk.c

@@ -0,0 +1,53 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2013 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: stpncpy_chk.c,v 1.3 2015/05/09 15:42:21 christos Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+#undef stpncpy
+
+#include "ssp_internal.h"
+
+char *
+__stpncpy_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	return (stpncpy(dst, src, len));
+}

lib/libc/secure/strcat_chk.c

@@ -0,0 +1,60 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strcat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+
+char *
+__strcat_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+	char *d;
+
+	for (d = dst; *d; d++) {
+		if (slen-- == 0)
+			__chk_fail();
+	}
+
+	while (*src) {
+		if (slen-- == 0)
+			__chk_fail();
+		*d++ = *src++;
+	}
+
+	if (slen-- == 0)
+		__chk_fail();
+
+	*d = '\0';
+	return (dst);
+}

lib/libc/secure/strcpy_chk.c

@@ -0,0 +1,54 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strcpy_chk.c,v 1.8 2015/05/09 15:42:21 christos Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+#undef memcpy
+
+#include "ssp_internal.h"
+
+char *
+__strcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+	size_t len = strlen(src) + 1;
+
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	return (memcpy(dst, src, len));
+}

lib/libc/secure/strncat_chk.c

@@ -0,0 +1,70 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strncat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+#include <stdio.h>
+#include <string.h>
+
+#include <ssp/string.h>
+
+char *
+__strncat_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+	char *d;
+
+	if (len == 0)
+		return (dst);
+
+	if (len > slen)
+		__chk_fail();
+
+	for (d = dst; *d; d++) {
+		if (slen-- == 0)
+			__chk_fail();
+	}
+
+	do {
+		if ((*d = *src++) == '\0')
+			break;
+		if (slen-- == 0)
+			__chk_fail();
+		d++;
+	} while (--len != 0);
+
+	if (slen-- == 0)
+		__chk_fail();
+
+	*d = '\0';
+	return (dst);
+}

lib/libc/secure/strncpy_chk.c

@@ -0,0 +1,53 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strncpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $");
+
+#include <string.h>
+
+#include <ssp/string.h>
+#undef strncpy
+
+#include "ssp_internal.h"
+
+char *
+__strncpy_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	return (strncpy(dst, src, len));
+}

lib/libc/secure/vsnprintf_chk.c

@@ -0,0 +1,49 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: vsnprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $");
+
+#include <stdarg.h>
+#include <stdio.h>
+
+#include <ssp/stdio.h>
+#undef vsnprintf
+
+int
+__vsnprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen,
+    const char * __restrict fmt, va_list ap)
+{
+	if (len > slen)
+		__chk_fail();
+
+	return (vsnprintf(buf, len, fmt, ap));
+}

lib/libc/secure/vsprintf_chk.c

@@ -0,0 +1,58 @@
+/*-
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: vsprintf_chk.c,v 1.6 2009/02/05 05:39:38 lukem Exp $");
+
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+#include <ssp/stdio.h>
+#undef vsprintf
+#undef vsnprintf
+
+int
+__vsprintf_chk(char * __restrict buf, int flags, size_t slen,
+    const char * __restrict fmt, va_list ap)
+{
+	int rv;
+
+	if (slen > (size_t)INT_MAX)
+		rv = vsprintf(buf, fmt, ap);
+	else {
+		if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 &&
+		    (size_t)rv >= slen)
+			__chk_fail();
+	}
+
+	return (rv);
+}

lib/libssp/Makefile

@@ -4,6 +4,22 @@ SHLIBDIR?=	/lib
 SHLIB=		ssp
 SHLIB_MAJOR=	0
 
+SSP_SRCS=	gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c memset_chk.c \
+		snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \
+		strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \
+		vsnprintf_chk.c vsprintf_chk.c
+
+.for i in ${SSP_SRCS}
+SRCS+=${i}
+.endfor
+
+CFLAGS.snprintf_chk.c+=	-Wno-unused-parameter
+CFLAGS.sprintf_chk.c+=	-Wno-unused-parameter
+CFLAGS.vsnprintf_chk.c+=	-Wno-unused-parameter
+CFLAGS.vsprintf_chk.c+=	-Wno-unused-parameter
+
+MAN+=	ssp.3 __builtin_object_size.3
+
 VERSION_DEF=	${.CURDIR}/Versions.def
 SYMBOL_MAPS=	${.CURDIR}/Symbol.map
 
@@ -12,9 +28,7 @@ CFLAGS+=	-I${SRCTOP}/lib/libc/include
 # _elf_aux_info is exported from libc as elf_aux_info(3), so just that for the
 # libssp build instead.
 CFLAGS+=	-D_elf_aux_info=elf_aux_info
-SRCS=		stack_protector.c fortify_stubs.c
-
-CFLAGS.fortify_stubs.c=	-Wno-unused-parameter
+SRCS+=		stack_protector.c
 
 # Stack protection on libssp symbols should be considered harmful, as we may
 # be talking about, for example, the guard setup constructor.

lib/libssp/Symbol.map

@@ -6,11 +6,6 @@ LIBSSP_1.0 {
 	__stack_chk_fail;
 	__stack_chk_guard;
 
-	/*
-	 * Currently unsupported: _FORTIFY_SOURCE symbols.  It is believed
-	 * that these have never been used on FreeBSD, as our headers lack the
-	 * support that would have generated references to them.
-	 */
 	__memcpy_chk;
 	__memset_chk;
 	__snprintf_chk;
@@ -23,3 +18,10 @@ LIBSSP_1.0 {
 	__vsnprintf_chk;
 	__vsprintf_chk;
 };
+
+LIBSSP_1.1 {
+	__gets_chk;
+	__fgets_chk;
+	__memmove_chk;
+	__stpncpy_chk;
+};

lib/libssp/Versions.def

@@ -1,3 +1,8 @@
 
+# This version was first added to 13.0-current.
 LIBSSP_1.0 {
 };
+
+# This version was first added to 15.0-current.
+LIBSSP_1.1 {
+} LIBSSP_1.0;

lib/libssp/__builtin_object_size.3

@@ -0,0 +1,110 @@
+.\"	$NetBSD: __builtin_object_size.3,v 1.11 2017/07/03 21:32:49 wiz Exp $
+.\"
+.\" SPDX-License-Identifier: BSD-2-Clause
+.\"
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Christos Zoulas.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\"
+.Dd April 27, 2024
+.Dt __BUILTIN_OBJECT_SIZE 3
+.Os
+.Sh NAME
+.Nm __builtin_object_size
+.Nd return the size of the given object
+.Sh SYNOPSIS
+.Ft size_t
+.Fn __builtin_object_size "void *ptr" "int type"
+.Sh DESCRIPTION
+The
+.Fn __builtin_object_size
+function is a
+.Xr clang 1
+and
+.Xr gcc 1
+built-in function that returns the size of the object referenced by
+.Fa ptr
+if known at compile time.
+If the
+.Fa ptr
+expression has any side effects, then they will not be evaluated.
+.Sh RETURN VALUES
+If the size of the object is not known or the
+.Fa ptr
+expression has side effects, the
+.Fn __builtin_object_size
+function returns:
+.Bl -tag -width (size_t)\-1 -offset indent
+.It Dv (size_t)\-1
+for
+.Fa type
+.Dv 0
+and
+.Dv 1 .
+.It Dv (size_t)0
+for
+.Fa type
+.Dv 2
+and
+.Dv 3 .
+.El
+.Pp
+If the size of the object is known, then the
+.Fn __builtin_object_size
+function returns the maximum size of all the objects that the compiler
+knows can be pointed to by
+.Fa ptr
+when
+.Fa type
+.Dv & 2 == 0 ,
+and the minimum size when
+.Fa type
+.Dv & 2 != 0 .
+.Sh SEE ALSO
+.Xr clang 1 ,
+.Xr gcc 1 ,
+.Xr __builtin_return_address 3 ,
+.Xr attribute 3 ,
+.Xr ssp 3
+.Sh HISTORY
+The
+.Fn __builtin_object_size
+appeared in
+.Tn GCC 4.1 .
+.Sh CAVEATS
+This is a non-standard, compiler-specific extension.
+.Pp
+Note that currently the object size calculation pass is only done at -O1
+or above, meaning that this function always returns \-1 when the optimizer
+is off.
+.Pp
+There are some discussions about always doing the object size pass, but
+the issue is that without the optimization pass data sizes are not going
+to be correct.
+.Pp
+For that reason code fortification (size-checked replacement
+functions) is currently disabled when optimization is off.

lib/libssp/fortify_stubs.c

@@ -1,131 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause
- *
- * Copyright (c) 2019 Kyle Evans <kevans@FreeBSD.org>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-
-#include <stdarg.h>
-#include <stdlib.h>
-
-/* Signatures grabbed from LSB Core Specification 4.1 */
-void	*__memcpy_chk(void *dst, const void *src, size_t len,
-    size_t dstlen);
-void	*__memset_chk(void *dst, int c, size_t len, size_t dstlen);
-int	__snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen,
-    const char *fmt, ...);
-int	__sprintf_chk(char *str, int flag, size_t strlen, const char *fmt, ...);
-char	*__stpcpy_chk(char *dst, const char *src, size_t dstlen);
-char	*__strcat_chk(char *dst, const char *src, size_t dstlen);
-char	*__strcpy_chk(char *dst, const char *src, size_t dstlen);
-char	*__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen);
-char	*__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen);
-int	__vsnprintf_chk(char *str, size_t size, int flags, size_t len,
-    const char *format, va_list ap);
-int	__vsprintf_chk(char *str, int flag, size_t slen, const char *format,
-    va_list ap);
-
-#define	ABORT()	abort2("_FORTIFY_SOURCE not supported", 0, NULL)
-
-void *
-__memcpy_chk(void *dst, const void *src, size_t len,
-    size_t dstlen)
-{
-
-	ABORT();
-}
-
-void *
-__memset_chk(void *dst, int c, size_t len, size_t dstlen)
-{
-
-	ABORT();
-}
-
-int
-__snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen,
-    const char *fmt, ...)
-{
-
-	ABORT();
-}
-
-int
-__sprintf_chk(char *str, int flag, size_t strlen, const char *fmt, ...)
-{
-
-	ABORT();
-}
-
-char *
-__stpcpy_chk(char *dst, const char *src, size_t dstlen)
-{
-
-	ABORT();
-}
-
-char *
-__strcat_chk(char *dst, const char *src, size_t dstlen)
-{
-
-	ABORT();
-}
-
-char *
-__strcpy_chk(char *dst, const char *src, size_t dstlen)
-{
-
-	ABORT();
-}
-
-char *
-__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen)
-{
-
-	ABORT();
-}
-
-char *
-__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen)
-{
-
-	ABORT();
-}
-
-int
-__vsnprintf_chk(char *str, size_t size, int flags, size_t len,
-    const char *format, va_list ap)
-{
-
-	ABORT();
-}
-
-int
-__vsprintf_chk(char *str, int flag, size_t slen, const char *format,
-    va_list ap)
-{
-
-	ABORT();
-}

lib/libssp/ssp.3

@@ -0,0 +1,130 @@
+.\"	$NetBSD: ssp.3,v 1.9 2015/12/03 13:11:45 christos Exp $
+.\"
+.\" SPDX-License-Identifier: BSD-2-Clause
+.\"
+.\" Copyright (c) 2007 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Christos Zoulas.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\"
+.Dd December 3, 2015
+.Dt SSP 3
+.Os
+.Sh NAME
+.Nm ssp
+.Nd bounds checked libc functions
+.Sh LIBRARY
+.Lb libssp
+.Sh SYNOPSIS
+.In ssp/stdio.h
+.Ft int
+.Fn sprintf "char *str" "const char *fmt" "..."
+.Ft int
+.Fn vsprintf "char *str" "const char *fmt" "va_list ap"
+.Ft int
+.Fn snprintf "char *str" "size_t len" "const char *fmt" "..."
+.Ft int
+.Fn vsnprintf "char *str" "size_t len" "const char *fmt" "va_list ap"
+.Ft char *
+.Fn gets "char *str"
+.Ft char *
+.Fn fgets "char *str" "int len" "FILE *fp"
+.In ssp/string.h
+.Ft void *
+.Fn memcpy "void *str" "const void *ptr" "size_t len"
+.Ft void *
+.Fn memmove "void *str" "const void *ptr" "size_t len"
+.Ft void *
+.Fn memset "void *str" "int val" "size_t len"
+.Ft char *
+.Fn stpcpy "char *str" "const char *ptr"
+.Ft char *
+.Fn strcpy "char *str" "const char *ptr"
+.Ft char *
+.Fn strcat "char *str" "const char *ptr"
+.Ft char *
+.Fn strncpy "char *str" "const char *ptr" "size_t len"
+.Ft char *
+.Fn strncat "char *str" "const char *ptr" "size_t len"
+.In ssp/strings.h
+.Ft void *
+.Fn bcopy "const void *ptr" "void *str" "size_t len"
+.Ft void *
+.Fn bzero "void *str" "size_t len"
+.In ssp/unistd.h
+.Ft ssize_t
+.Fn read "int fd" "void *str" "size_t len"
+.Ft int
+.Fn readlink "const char * restrict path" "char * restrict str" "size_t len"
+.Ft int
+.Fn getcwd "char *str" "size_t len"
+.Sh DESCRIPTION
+When
+.Dv _FORTIFY_SOURCE
+bounds checking is enabled as described below, the above functions get
+overwritten to use the
+.Xr __builtin_object_size 3
+function to compute the size of
+.Fa str ,
+if known at compile time,
+and perform bounds check on it in order
+to avoid data buffer or stack buffer overflows.
+If an overflow is detected, the routines will call
+.Xr abort 3 .
+.Pp
+To enable these function overrides the following should be added to the
+.Xr clang 1
+or
+.Xr gcc 1
+command line:
+.Dq \-D_FORTIFY_SOURCE=1
+or
+.Dq \-D_FORTIFY_SOURCE=2 .
+.Pp
+If
+.Dv _FORTIFY_SOURCE is set to
+.Dv 1
+the code will compute the maximum possible buffer size for
+.Fa str ,
+and if set to
+.Dv 2
+it will compute the minimum buffer size.
+.Sh SEE ALSO
+.Xr clang 1 ,
+.Xr gcc 1 ,
+.Xr __builtin_object_size 3 ,
+.Xr stdio 3 ,
+.Xr string 3 ,
+.Xr security 7
+.Sh HISTORY
+The
+.Nm
+library appeared in
+.Nx 4.0 .
+This version of the
+.Nm
+library replaced the GNU library of the same name in
+.Fx 12.2 .