diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index a6bd5880bf61..f8c83d6dde7a 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -372,6 +372,8 @@ mac_veriexec .. .. + ssp + .. sys disk .. diff --git a/include/Makefile b/include/Makefile index 19e6beb95203..32774419f162 100644 --- a/include/Makefile +++ b/include/Makefile @@ -4,7 +4,7 @@ PACKAGE=clibs CLEANFILES= osreldate.h version -SUBDIR= arpa protocols rpcsvc rpc xlocale +SUBDIR= arpa protocols rpcsvc rpc ssp xlocale .if ${MACHINE_CPUARCH} == "amd64" SUBDIR+= i386 INCLUDE_SUBDIRS+= i386 diff --git a/include/ssp/Makefile b/include/ssp/Makefile new file mode 100644 index 000000000000..dff19f43c920 --- /dev/null +++ b/include/ssp/Makefile @@ -0,0 +1,6 @@ +# $FreeBSD$ + +INCS= ssp.h stdio.h string.h strings.h unistd.h +INCSDIR= ${INCLUDEDIR}/ssp + +.include diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h new file mode 100644 index 000000000000..35a9aeee02df --- /dev/null +++ b/include/ssp/ssp.h @@ -0,0 +1,91 @@ +/* $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $ */ + +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SSP_SSP_H_ +#define _SSP_SSP_H_ + +#include + +#if !defined(__cplusplus) +# if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ + (__OPTIMIZE__ > 0 || defined(__clang__)) +# if _FORTIFY_SOURCE > 1 +# define __SSP_FORTIFY_LEVEL 2 +# else +# define __SSP_FORTIFY_LEVEL 1 +# endif +# else +# define __SSP_FORTIFY_LEVEL 0 +# endif +#else +# define __SSP_FORTIFY_LEVEL 0 +#endif + +#define __ssp_var(type) __CONCAT(__ssp_ ## type, __COUNTER__) + +/* __ssp_real is used by the implementation in libc */ +#if __SSP_FORTIFY_LEVEL == 0 +#define __ssp_real_(fun) fun +#else +#define __ssp_real_(fun) __ssp_real_ ## fun +#endif +#define __ssp_real(fun) __ssp_real_(fun) + +#define __ssp_inline static __inline __attribute__((__always_inline__)) + +#define __ssp_bos(ptr) __builtin_object_size(ptr, __SSP_FORTIFY_LEVEL > 1) +#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0) + +#define __ssp_check(buf, len, bos) \ + if (bos(buf) != (size_t)-1 && len > bos(buf)) \ + __chk_fail() +#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \ +rtype __ssp_real_(fun) args __RENAME(symbol); \ +__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \ +__ssp_inline rtype fun args { \ + if (cond) \ + __ssp_check(__buf, __len, bos); \ + return __ssp_real_(fun) call; \ +} + +#define __ssp_redirect(rtype, fun, args, call) \ + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos) +#define __ssp_redirect0(rtype, fun, args, call) \ + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0) + +__BEGIN_DECLS +void __stack_chk_fail(void) __dead2; +void __chk_fail(void) __dead2; +__END_DECLS + +#endif /* _SSP_SSP_H_ */ diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h new file mode 100644 index 000000000000..72e3236eac80 --- /dev/null +++ b/include/ssp/stdio.h @@ -0,0 +1,93 @@ +/* $NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $ */ + +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SSP_STDIO_H_ +#define _SSP_STDIO_H_ + +#include + +__BEGIN_DECLS +int __sprintf_chk(char *__restrict, int, size_t, const char *__restrict, ...) + __printflike(4, 5); +int __vsprintf_chk(char *__restrict, int, size_t, const char *__restrict, + __va_list) + __printflike(4, 0); +int __snprintf_chk(char *__restrict, size_t, int, size_t, + const char *__restrict, ...) + __printflike(5, 6); +int __vsnprintf_chk(char *__restrict, size_t, int, size_t, + const char *__restrict, __va_list) + __printflike(5, 0); +char *__gets_chk(char *, size_t); +char *__fgets_chk(char *, int, size_t, FILE *); +__END_DECLS + +#if __SSP_FORTIFY_LEVEL > 0 + +#define sprintf(str, ...) ({ \ + char *_ssp_str = (str); \ + __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), \ + __VA_ARGS__); \ +}) + +#define vsprintf(str, fmt, ap) ({ \ + char *_ssp_str = (str); \ + __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), fmt, \ + ap); \ +}) + +#define snprintf(str, len, ...) ({ \ + char *_ssp_str = (str); \ + __builtin___snprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str), \ + __VA_ARGS__); \ +}) + +#define vsnprintf(str, len, fmt, ap) ({ \ + char *_ssp_str = (str); \ + __builtin___vsnprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str), \ + fmt, ap); \ +}) + +#define gets(str) ({ \ + char *_ssp_str = (str); \ + __gets_chk(_ssp_str, __ssp_bos(_ssp_str)); \ +}) + +#define fgets(str, len, fp) ({ \ + char *_ssp_str = (str); \ + __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp); \ +}) + +#endif /* __SSP_FORTIFY_LEVEL > 0 */ + +#endif /* _SSP_STDIO_H_ */ diff --git a/include/ssp/string.h b/include/ssp/string.h new file mode 100644 index 000000000000..996020fda778 --- /dev/null +++ b/include/ssp/string.h @@ -0,0 +1,129 @@ +/* $NetBSD: string.h,v 1.14 2020/09/05 13:37:59 mrg Exp $ */ + +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SSP_STRING_H_ +#define _SSP_STRING_H_ + +#include + +__BEGIN_DECLS +void *__memcpy_chk(void *, const void *, size_t, size_t); +void *__memmove_chk(void *, const void *, size_t, size_t); +void *__memset_chk(void *, int, size_t, size_t); +char *__stpcpy_chk(char *, const char *, size_t); +char *__stpncpy_chk(char *, const char *, size_t, size_t); +char *__strcat_chk(char *, const char *, size_t); +char *__strcpy_chk(char *, const char *, size_t); +char *__strncat_chk(char *, const char *, size_t, size_t); +char *__strncpy_chk(char *, const char *, size_t, size_t); +__END_DECLS + +#if __SSP_FORTIFY_LEVEL > 0 + +#define __ssp_bos_check3_typed_var(fun, dsttype, dsrvar, dst, srctype, srcvar, \ + src, lenvar, len) ({ \ + srctype srcvar = (src); \ + dsttype dstvar = (dst); \ + size_t lenvar = (len); \ + ((__ssp_bos0(dstvar) != (size_t)-1) ? \ + __builtin___ ## fun ## _chk(dstvar, srcvar, lenvar, \ + __ssp_bos0(dstvar)) : \ + __ ## fun ## _ichk(dstvar, srcvar, lenvar)); \ +}) + +#define __ssp_bos_check3_typed(fun, dsttype, dst, srctype, src, len) \ + __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), dst, \ + srctype, __ssp_var(srcv), src, __ssp_var(lenv), len) + +#define __ssp_bos_check3(fun, dst, src, len) \ + __ssp_bos_check3_typed_var(fun, void *, __ssp_var(dstv), dst, \ + const void *, __ssp_var(srcv), src, __ssp_var(lenv), len) + +#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src) ({ \ + const void *srcvar = (src); \ + void *dstvar = (dst); \ + ((__ssp_bos0(dstvar) != (size_t)-1) ? \ + __builtin___ ## fun ## _chk(dstvar, srcvar, \ + __ssp_bos0(dstvar)) : \ + __ ## fun ## _ichk(dstvar, srcvar)); \ +}) + +#define __ssp_bos_check2(fun, dst, src) \ + __ssp_bos_check2_var(fun, __ssp_var(dstv), dst, __ssp_var(srcv), src) + +#define __ssp_bos_icheck3_restrict(fun, type1, type2) \ +static __inline type1 __ ## fun ## _ichk(type1 __restrict, type2 __restrict, size_t); \ +static __inline __attribute__((__always_inline__)) type1 \ +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src, size_t len) { \ + return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \ +} + +#define __ssp_bos_icheck3(fun, type1, type2) \ +static __inline type1 __ ## fun ## _ichk(type1, type2, size_t); \ +static __inline __attribute__((__always_inline__)) type1 \ +__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \ + return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \ +} + +#define __ssp_bos_icheck2_restrict(fun, type1, type2) \ +static __inline type1 __ ## fun ## _ichk(type1, type2); \ +static __inline __attribute__((__always_inline__)) type1 \ +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \ + return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \ +} + +__BEGIN_DECLS +__ssp_bos_icheck3_restrict(memcpy, void *, const void *) +__ssp_bos_icheck3(memmove, void *, const void *) +__ssp_bos_icheck3(memset, void *, int) +__ssp_bos_icheck2_restrict(stpcpy, char *, const char *) +__ssp_bos_icheck3_restrict(stpncpy, char *, const char *) +__ssp_bos_icheck2_restrict(strcpy, char *, const char *) +__ssp_bos_icheck2_restrict(strcat, char *, const char *) +__ssp_bos_icheck3_restrict(strncpy, char *, const char *) +__ssp_bos_icheck3_restrict(strncat, char *, const char *) +__END_DECLS + +#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len) +#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len) +#define memset(dst, val, len) \ + __ssp_bos_check3_typed(memset, void *, dst, int, val, len) +#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src) +#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len) +#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src) +#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src) +#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len) +#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len) + +#endif /* __SSP_FORTIFY_LEVEL > 0 */ +#endif /* _SSP_STRING_H_ */ diff --git a/include/ssp/strings.h b/include/ssp/strings.h new file mode 100644 index 000000000000..06c9c7cc0a09 --- /dev/null +++ b/include/ssp/strings.h @@ -0,0 +1,67 @@ +/* $NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp $ */ + +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2007 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SSP_STRINGS_H_ +#define _SSP_STRINGS_H_ + +#include +#include + +#if __SSP_FORTIFY_LEVEL > 0 + +#define _ssp_bcopy(srcvar, src, dstvar, dst, lenvar, len) ({ \ + const void *srcvar = (src); \ + void *dstvar = (dst); \ + size_t lenvar = (len); \ + ((__ssp_bos0(dstvar) != (size_t)-1) ? \ + __builtin___memmove_chk(dstvar, srcvar, lenvar, \ + __ssp_bos0(dstvar)) : \ + __memmove_ichk(dstvar, srcvar, lenvar)); \ +}) + +#define bcopy(src, dst, len) \ + _ssp_bcopy(__ssp_var(srcv), src, __ssp_var(dstv), dst, __ssp_var(lenv), len) + +#define _ssp_bzero(dstvar, dst, lenvar, len) ({ \ + void *dstvar = (dst); \ + size_t lenvar = (len); \ + ((__ssp_bos0(dstvar) != (size_t)-1) ? \ + __builtin___memset_chk(dstvar, 0, lenvar, \ + __ssp_bos0(dstvar)) : \ + __memset_ichk(dstvar, 0, lenvar)); \ +}) + +#define bzero(dst, len) _ssp_bzero(__ssp_var(dstv), dst, __ssp_var(lenv), len) + +#endif /* __SSP_FORTIFY_LEVEL > 0 */ +#endif /* _SSP_STRINGS_H_ */ diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h new file mode 100644 index 000000000000..2414e2baa96b --- /dev/null +++ b/include/ssp/unistd.h @@ -0,0 +1,54 @@ +/* $NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $ */ + +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SSP_UNISTD_H_ +#define _SSP_UNISTD_H_ + +#include + +#if __SSP_FORTIFY_LEVEL > 0 +__BEGIN_DECLS + +__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \ + (__fd, __buf, __len)); + +__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \ + char *__restrict __buf, size_t __len), (__path, __buf, __len)); + +__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len), + (__buf, __len), __buf != 0, __ssp_bos); + +__END_DECLS + +#endif /* __SSP_FORTIFY_LEVEL > 0 */ +#endif /* _SSP_UNISTD_H_ */ diff --git a/lib/libc/secure/Makefile.inc b/lib/libc/secure/Makefile.inc index 8574c5a05dc5..3b1ad879c715 100644 --- a/lib/libc/secure/Makefile.inc +++ b/lib/libc/secure/Makefile.inc @@ -3,6 +3,17 @@ .PATH: ${LIBC_SRCTOP}/secure +# _FORTIFY_SOURCE +SRCS+= gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c memset_chk.c \ + snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \ + strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \ + vsnprintf_chk.c vsprintf_chk.c + +CFLAGS.snprintf_chk.c+= -Wno-unused-parameter +CFLAGS.sprintf_chk.c+= -Wno-unused-parameter +CFLAGS.vsnprintf_chk.c+= -Wno-unused-parameter +CFLAGS.vsprintf_chk.c+= -Wno-unused-parameter + # Sources common to both syscall interfaces: SRCS+= stack_protector.c \ stack_protector_compat.c diff --git a/lib/libc/secure/Symbol.map b/lib/libc/secure/Symbol.map index 641f451b5421..7859fcee3821 100644 --- a/lib/libc/secure/Symbol.map +++ b/lib/libc/secure/Symbol.map @@ -3,3 +3,21 @@ FBSD_1.0 { __stack_chk_fail; __stack_chk_guard; }; + +FBSD_1.8 { + __gets_chk; + __fgets_chk; + __memcpy_chk; + __memmove_chk; + __memset_chk; + __snprintf_chk; + __sprintf_chk; + __stpcpy_chk; + __stpncpy_chk; + __strcat_chk; + __strcpy_chk; + __strncat_chk; + __strncpy_chk; + __vsnprintf_chk; + __vsprintf_chk; +}; diff --git a/lib/libc/secure/fgets_chk.c b/lib/libc/secure/fgets_chk.c new file mode 100644 index 000000000000..72aa1d816ce1 --- /dev/null +++ b/lib/libc/secure/fgets_chk.c @@ -0,0 +1,54 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $"); + +#include +#include +#include +#include + +#include +#include +#undef fgets + +char * +__fgets_chk(char * __restrict buf, int len, size_t slen, FILE *fp) +{ + if (slen >= (size_t)INT_MAX) + return (fgets(buf, len, fp)); + + if (len >= 0 && (size_t)len > slen) + __chk_fail(); + + return (fgets(buf, len, fp)); +} diff --git a/lib/libc/secure/gets_chk.c b/lib/libc/secure/gets_chk.c new file mode 100644 index 000000000000..18c1e2d18f43 --- /dev/null +++ b/lib/libc/secure/gets_chk.c @@ -0,0 +1,74 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $"); + +#include +#include +#include +#include + +#include +#include + +char *__gets_unsafe(char *); + +char * +__gets_chk(char * __restrict buf, size_t slen) +{ + char *abuf; + size_t len; + + if (slen >= (size_t)INT_MAX) + return (__gets_unsafe(buf)); + + if ((abuf = malloc(slen + 1)) == NULL) + return (__gets_unsafe(buf)); + + if (fgets(abuf, (int)(slen + 1), stdin) == NULL) { + free(abuf); + return (NULL); + } + + len = strlen(abuf); + if (len > 0 && abuf[len - 1] == '\n') + --len; + + if (len >= slen) + __chk_fail(); + + (void)memcpy(buf, abuf, len); + + buf[len] = '\0'; + free(abuf); + return (buf); +} diff --git a/lib/libc/secure/memcpy_chk.c b/lib/libc/secure/memcpy_chk.c new file mode 100644 index 000000000000..99cf2d5f13ff --- /dev/null +++ b/lib/libc/secure/memcpy_chk.c @@ -0,0 +1,53 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $"); + +#include + +#include +#undef memcpy + +#include "ssp_internal.h" + +void * +__memcpy_chk(void * __restrict dst, const void * __restrict src, size_t len, + size_t slen) +{ + if (len > slen) + __chk_fail(); + + if (__ssp_overlap((const char *)src, (const char *)dst, len)) + __chk_fail(); + + return (memcpy(dst, src, len)); +} diff --git a/lib/libc/secure/memmove_chk.c b/lib/libc/secure/memmove_chk.c new file mode 100644 index 000000000000..07f965d608fc --- /dev/null +++ b/lib/libc/secure/memmove_chk.c @@ -0,0 +1,47 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:37:59 mrg Exp $"); + +#include + +#include +#undef memmove + +void * +__memmove_chk(void *dst, const void *src, size_t len, + size_t slen) +{ + if (len > slen) + __chk_fail(); + return (memmove(dst, src, len)); +} diff --git a/lib/libc/secure/memset_chk.c b/lib/libc/secure/memset_chk.c new file mode 100644 index 000000000000..f337be98b46d --- /dev/null +++ b/lib/libc/secure/memset_chk.c @@ -0,0 +1,46 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $"); + +#include + +#include +#undef memset + +void * +__memset_chk(void * __restrict dst, int val, size_t len, size_t slen) +{ + if (len > slen) + __chk_fail(); + return (memset(dst, val, len)); +} diff --git a/lib/libc/secure/snprintf_chk.c b/lib/libc/secure/snprintf_chk.c new file mode 100644 index 000000000000..52ef874ede5b --- /dev/null +++ b/lib/libc/secure/snprintf_chk.c @@ -0,0 +1,56 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $"); + +#include +#include + +#include +#undef vsnprintf + +int +__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen, + const char * __restrict fmt, ...) +{ + va_list ap; + int rv; + + if (len > slen) + __chk_fail(); + + va_start(ap, fmt); + rv = vsnprintf(buf, len, fmt, ap); + va_end(ap); + + return (rv); +} diff --git a/lib/libc/secure/sprintf_chk.c b/lib/libc/secure/sprintf_chk.c new file mode 100644 index 000000000000..d4c42ccba3ce --- /dev/null +++ b/lib/libc/secure/sprintf_chk.c @@ -0,0 +1,61 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: sprintf_chk.c,v 1.6 2009/02/05 05:40:36 lukem Exp $"); + +#include +#include +#include + +#include +#undef vsnprintf +#undef vsprintf + +int +__sprintf_chk(char * __restrict buf, int flags, size_t slen, + const char * __restrict fmt, ...) +{ + va_list ap; + int rv; + + va_start(ap, fmt); + if (slen > (size_t)INT_MAX) + rv = vsprintf(buf, fmt, ap); + else { + if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 && + (size_t)rv >= slen) + __chk_fail(); + } + va_end(ap); + + return (rv); +} diff --git a/lib/libc/secure/ssp_internal.h b/lib/libc/secure/ssp_internal.h new file mode 100644 index 000000000000..34e5981ba0ca --- /dev/null +++ b/lib/libc/secure/ssp_internal.h @@ -0,0 +1,37 @@ +/* $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $ */ + +/*- + * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SECURE_SSP_INTERNAL_H_ +#define _SECURE_SSP_INTERNAL_H_ + +#define __ssp_overlap(a, b, l) \ + (((a) <= (b) && (b) < (a) + (l)) || ((b) <= (a) && (a) < (b) + (l))) + +#endif /* _SECURE_SSP_INTERNAL_H_ */ diff --git a/lib/libc/secure/stpcpy_chk.c b/lib/libc/secure/stpcpy_chk.c new file mode 100644 index 000000000000..72a4bfb8017a --- /dev/null +++ b/lib/libc/secure/stpcpy_chk.c @@ -0,0 +1,55 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2013 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: stpcpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $"); + +#include + +#include +#undef memcpy + +#include "ssp_internal.h" + +char * +__stpcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen) +{ + size_t len = strlen(src); + + if (len >= slen) + __chk_fail(); + + if (__ssp_overlap(src, dst, len)) + __chk_fail(); + + (void)memcpy(dst, src, len + 1); + return (dst + len); +} diff --git a/lib/libc/secure/stpncpy_chk.c b/lib/libc/secure/stpncpy_chk.c new file mode 100644 index 000000000000..dfd26133feed --- /dev/null +++ b/lib/libc/secure/stpncpy_chk.c @@ -0,0 +1,53 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2013 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: stpncpy_chk.c,v 1.3 2015/05/09 15:42:21 christos Exp $"); + +#include + +#include +#undef stpncpy + +#include "ssp_internal.h" + +char * +__stpncpy_chk(char * __restrict dst, const char * __restrict src, size_t len, + size_t slen) +{ + if (len > slen) + __chk_fail(); + + if (__ssp_overlap(src, dst, len)) + __chk_fail(); + + return (stpncpy(dst, src, len)); +} diff --git a/lib/libc/secure/strcat_chk.c b/lib/libc/secure/strcat_chk.c new file mode 100644 index 000000000000..202d084fddc9 --- /dev/null +++ b/lib/libc/secure/strcat_chk.c @@ -0,0 +1,60 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: strcat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $"); + +#include + +#include + +char * +__strcat_chk(char * __restrict dst, const char * __restrict src, size_t slen) +{ + char *d; + + for (d = dst; *d; d++) { + if (slen-- == 0) + __chk_fail(); + } + + while (*src) { + if (slen-- == 0) + __chk_fail(); + *d++ = *src++; + } + + if (slen-- == 0) + __chk_fail(); + + *d = '\0'; + return (dst); +} diff --git a/lib/libc/secure/strcpy_chk.c b/lib/libc/secure/strcpy_chk.c new file mode 100644 index 000000000000..b89be466240d --- /dev/null +++ b/lib/libc/secure/strcpy_chk.c @@ -0,0 +1,54 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: strcpy_chk.c,v 1.8 2015/05/09 15:42:21 christos Exp $"); + +#include + +#include +#undef memcpy + +#include "ssp_internal.h" + +char * +__strcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen) +{ + size_t len = strlen(src) + 1; + + if (len > slen) + __chk_fail(); + + if (__ssp_overlap(src, dst, len)) + __chk_fail(); + + return (memcpy(dst, src, len)); +} diff --git a/lib/libc/secure/strncat_chk.c b/lib/libc/secure/strncat_chk.c new file mode 100644 index 000000000000..94ef34675386 --- /dev/null +++ b/lib/libc/secure/strncat_chk.c @@ -0,0 +1,70 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: strncat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $"); + +#include +#include + +#include + +char * +__strncat_chk(char * __restrict dst, const char * __restrict src, size_t len, + size_t slen) +{ + char *d; + + if (len == 0) + return (dst); + + if (len > slen) + __chk_fail(); + + for (d = dst; *d; d++) { + if (slen-- == 0) + __chk_fail(); + } + + do { + if ((*d = *src++) == '\0') + break; + if (slen-- == 0) + __chk_fail(); + d++; + } while (--len != 0); + + if (slen-- == 0) + __chk_fail(); + + *d = '\0'; + return (dst); +} diff --git a/lib/libc/secure/strncpy_chk.c b/lib/libc/secure/strncpy_chk.c new file mode 100644 index 000000000000..3a2c19796a39 --- /dev/null +++ b/lib/libc/secure/strncpy_chk.c @@ -0,0 +1,53 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: strncpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $"); + +#include + +#include +#undef strncpy + +#include "ssp_internal.h" + +char * +__strncpy_chk(char * __restrict dst, const char * __restrict src, size_t len, + size_t slen) +{ + if (len > slen) + __chk_fail(); + + if (__ssp_overlap(src, dst, len)) + __chk_fail(); + + return (strncpy(dst, src, len)); +} diff --git a/lib/libc/secure/vsnprintf_chk.c b/lib/libc/secure/vsnprintf_chk.c new file mode 100644 index 000000000000..c48e7bf929b1 --- /dev/null +++ b/lib/libc/secure/vsnprintf_chk.c @@ -0,0 +1,49 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: vsnprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $"); + +#include +#include + +#include +#undef vsnprintf + +int +__vsnprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen, + const char * __restrict fmt, va_list ap) +{ + if (len > slen) + __chk_fail(); + + return (vsnprintf(buf, len, fmt, ap)); +} diff --git a/lib/libc/secure/vsprintf_chk.c b/lib/libc/secure/vsprintf_chk.c new file mode 100644 index 000000000000..6855feb92f15 --- /dev/null +++ b/lib/libc/secure/vsprintf_chk.c @@ -0,0 +1,58 @@ +/*- + * + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2006 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#include +__RCSID("$NetBSD: vsprintf_chk.c,v 1.6 2009/02/05 05:39:38 lukem Exp $"); + +#include +#include +#include + +#include +#undef vsprintf +#undef vsnprintf + +int +__vsprintf_chk(char * __restrict buf, int flags, size_t slen, + const char * __restrict fmt, va_list ap) +{ + int rv; + + if (slen > (size_t)INT_MAX) + rv = vsprintf(buf, fmt, ap); + else { + if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 && + (size_t)rv >= slen) + __chk_fail(); + } + + return (rv); +} diff --git a/lib/libssp/Makefile b/lib/libssp/Makefile index b5e2841ba391..cc6b88342f9c 100644 --- a/lib/libssp/Makefile +++ b/lib/libssp/Makefile @@ -4,6 +4,22 @@ SHLIBDIR?= /lib SHLIB= ssp SHLIB_MAJOR= 0 +SSP_SRCS= gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c memset_chk.c \ + snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \ + strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \ + vsnprintf_chk.c vsprintf_chk.c + +.for i in ${SSP_SRCS} +SRCS+=${i} +.endfor + +CFLAGS.snprintf_chk.c+= -Wno-unused-parameter +CFLAGS.sprintf_chk.c+= -Wno-unused-parameter +CFLAGS.vsnprintf_chk.c+= -Wno-unused-parameter +CFLAGS.vsprintf_chk.c+= -Wno-unused-parameter + +MAN+= ssp.3 __builtin_object_size.3 + VERSION_DEF= ${.CURDIR}/Versions.def SYMBOL_MAPS= ${.CURDIR}/Symbol.map @@ -12,9 +28,7 @@ CFLAGS+= -I${SRCTOP}/lib/libc/include # _elf_aux_info is exported from libc as elf_aux_info(3), so just that for the # libssp build instead. CFLAGS+= -D_elf_aux_info=elf_aux_info -SRCS= stack_protector.c fortify_stubs.c - -CFLAGS.fortify_stubs.c= -Wno-unused-parameter +SRCS+= stack_protector.c # Stack protection on libssp symbols should be considered harmful, as we may # be talking about, for example, the guard setup constructor. diff --git a/lib/libssp/Symbol.map b/lib/libssp/Symbol.map index 5c2e089c6ab8..367922d58085 100644 --- a/lib/libssp/Symbol.map +++ b/lib/libssp/Symbol.map @@ -6,11 +6,6 @@ LIBSSP_1.0 { __stack_chk_fail; __stack_chk_guard; - /* - * Currently unsupported: _FORTIFY_SOURCE symbols. It is believed - * that these have never been used on FreeBSD, as our headers lack the - * support that would have generated references to them. - */ __memcpy_chk; __memset_chk; __snprintf_chk; @@ -23,3 +18,10 @@ LIBSSP_1.0 { __vsnprintf_chk; __vsprintf_chk; }; + +LIBSSP_1.1 { + __gets_chk; + __fgets_chk; + __memmove_chk; + __stpncpy_chk; +}; diff --git a/lib/libssp/Versions.def b/lib/libssp/Versions.def index be9d9874947b..85682c88a3e0 100644 --- a/lib/libssp/Versions.def +++ b/lib/libssp/Versions.def @@ -1,3 +1,8 @@ +# This version was first added to 13.0-current. LIBSSP_1.0 { }; + +# This version was first added to 15.0-current. +LIBSSP_1.1 { +} LIBSSP_1.0; diff --git a/lib/libssp/__builtin_object_size.3 b/lib/libssp/__builtin_object_size.3 new file mode 100644 index 000000000000..23d74792918b --- /dev/null +++ b/lib/libssp/__builtin_object_size.3 @@ -0,0 +1,110 @@ +.\" $NetBSD: __builtin_object_size.3,v 1.11 2017/07/03 21:32:49 wiz Exp $ +.\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" +.\" Copyright (c) 2007 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd April 27, 2024 +.Dt __BUILTIN_OBJECT_SIZE 3 +.Os +.Sh NAME +.Nm __builtin_object_size +.Nd return the size of the given object +.Sh SYNOPSIS +.Ft size_t +.Fn __builtin_object_size "void *ptr" "int type" +.Sh DESCRIPTION +The +.Fn __builtin_object_size +function is a +.Xr clang 1 +and +.Xr gcc 1 +built-in function that returns the size of the object referenced by +.Fa ptr +if known at compile time. +If the +.Fa ptr +expression has any side effects, then they will not be evaluated. +.Sh RETURN VALUES +If the size of the object is not known or the +.Fa ptr +expression has side effects, the +.Fn __builtin_object_size +function returns: +.Bl -tag -width (size_t)\-1 -offset indent +.It Dv (size_t)\-1 +for +.Fa type +.Dv 0 +and +.Dv 1 . +.It Dv (size_t)0 +for +.Fa type +.Dv 2 +and +.Dv 3 . +.El +.Pp +If the size of the object is known, then the +.Fn __builtin_object_size +function returns the maximum size of all the objects that the compiler +knows can be pointed to by +.Fa ptr +when +.Fa type +.Dv & 2 == 0 , +and the minimum size when +.Fa type +.Dv & 2 != 0 . +.Sh SEE ALSO +.Xr clang 1 , +.Xr gcc 1 , +.Xr __builtin_return_address 3 , +.Xr attribute 3 , +.Xr ssp 3 +.Sh HISTORY +The +.Fn __builtin_object_size +appeared in +.Tn GCC 4.1 . +.Sh CAVEATS +This is a non-standard, compiler-specific extension. +.Pp +Note that currently the object size calculation pass is only done at -O1 +or above, meaning that this function always returns \-1 when the optimizer +is off. +.Pp +There are some discussions about always doing the object size pass, but +the issue is that without the optimization pass data sizes are not going +to be correct. +.Pp +For that reason code fortification (size-checked replacement +functions) is currently disabled when optimization is off. diff --git a/lib/libssp/fortify_stubs.c b/lib/libssp/fortify_stubs.c deleted file mode 100644 index 1e6046bfee6b..000000000000 --- a/lib/libssp/fortify_stubs.c +++ /dev/null @@ -1,131 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause - * - * Copyright (c) 2019 Kyle Evans - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include - -#include -#include - -/* Signatures grabbed from LSB Core Specification 4.1 */ -void *__memcpy_chk(void *dst, const void *src, size_t len, - size_t dstlen); -void *__memset_chk(void *dst, int c, size_t len, size_t dstlen); -int __snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen, - const char *fmt, ...); -int __sprintf_chk(char *str, int flag, size_t strlen, const char *fmt, ...); -char *__stpcpy_chk(char *dst, const char *src, size_t dstlen); -char *__strcat_chk(char *dst, const char *src, size_t dstlen); -char *__strcpy_chk(char *dst, const char *src, size_t dstlen); -char *__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen); -char *__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen); -int __vsnprintf_chk(char *str, size_t size, int flags, size_t len, - const char *format, va_list ap); -int __vsprintf_chk(char *str, int flag, size_t slen, const char *format, - va_list ap); - -#define ABORT() abort2("_FORTIFY_SOURCE not supported", 0, NULL) - -void * -__memcpy_chk(void *dst, const void *src, size_t len, - size_t dstlen) -{ - - ABORT(); -} - -void * -__memset_chk(void *dst, int c, size_t len, size_t dstlen) -{ - - ABORT(); -} - -int -__snprintf_chk(char *str, size_t maxlen, int flag, size_t strlen, - const char *fmt, ...) -{ - - ABORT(); -} - -int -__sprintf_chk(char *str, int flag, size_t strlen, const char *fmt, ...) -{ - - ABORT(); -} - -char * -__stpcpy_chk(char *dst, const char *src, size_t dstlen) -{ - - ABORT(); -} - -char * -__strcat_chk(char *dst, const char *src, size_t dstlen) -{ - - ABORT(); -} - -char * -__strcpy_chk(char *dst, const char *src, size_t dstlen) -{ - - ABORT(); -} - -char * -__strncat_chk(char *dst, const char *src, size_t len, size_t dstlen) -{ - - ABORT(); -} - -char * -__strncpy_chk(char *dst, const char *src, size_t len, size_t dstlen) -{ - - ABORT(); -} - -int -__vsnprintf_chk(char *str, size_t size, int flags, size_t len, - const char *format, va_list ap) -{ - - ABORT(); -} - -int -__vsprintf_chk(char *str, int flag, size_t slen, const char *format, - va_list ap) -{ - - ABORT(); -} diff --git a/lib/libssp/ssp.3 b/lib/libssp/ssp.3 new file mode 100644 index 000000000000..f89dcc549ba7 --- /dev/null +++ b/lib/libssp/ssp.3 @@ -0,0 +1,130 @@ +.\" $NetBSD: ssp.3,v 1.9 2015/12/03 13:11:45 christos Exp $ +.\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" +.\" Copyright (c) 2007 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Christos Zoulas. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.\" +.Dd December 3, 2015 +.Dt SSP 3 +.Os +.Sh NAME +.Nm ssp +.Nd bounds checked libc functions +.Sh LIBRARY +.Lb libssp +.Sh SYNOPSIS +.In ssp/stdio.h +.Ft int +.Fn sprintf "char *str" "const char *fmt" "..." +.Ft int +.Fn vsprintf "char *str" "const char *fmt" "va_list ap" +.Ft int +.Fn snprintf "char *str" "size_t len" "const char *fmt" "..." +.Ft int +.Fn vsnprintf "char *str" "size_t len" "const char *fmt" "va_list ap" +.Ft char * +.Fn gets "char *str" +.Ft char * +.Fn fgets "char *str" "int len" "FILE *fp" +.In ssp/string.h +.Ft void * +.Fn memcpy "void *str" "const void *ptr" "size_t len" +.Ft void * +.Fn memmove "void *str" "const void *ptr" "size_t len" +.Ft void * +.Fn memset "void *str" "int val" "size_t len" +.Ft char * +.Fn stpcpy "char *str" "const char *ptr" +.Ft char * +.Fn strcpy "char *str" "const char *ptr" +.Ft char * +.Fn strcat "char *str" "const char *ptr" +.Ft char * +.Fn strncpy "char *str" "const char *ptr" "size_t len" +.Ft char * +.Fn strncat "char *str" "const char *ptr" "size_t len" +.In ssp/strings.h +.Ft void * +.Fn bcopy "const void *ptr" "void *str" "size_t len" +.Ft void * +.Fn bzero "void *str" "size_t len" +.In ssp/unistd.h +.Ft ssize_t +.Fn read "int fd" "void *str" "size_t len" +.Ft int +.Fn readlink "const char * restrict path" "char * restrict str" "size_t len" +.Ft int +.Fn getcwd "char *str" "size_t len" +.Sh DESCRIPTION +When +.Dv _FORTIFY_SOURCE +bounds checking is enabled as described below, the above functions get +overwritten to use the +.Xr __builtin_object_size 3 +function to compute the size of +.Fa str , +if known at compile time, +and perform bounds check on it in order +to avoid data buffer or stack buffer overflows. +If an overflow is detected, the routines will call +.Xr abort 3 . +.Pp +To enable these function overrides the following should be added to the +.Xr clang 1 +or +.Xr gcc 1 +command line: +.Dq \-D_FORTIFY_SOURCE=1 +or +.Dq \-D_FORTIFY_SOURCE=2 . +.Pp +If +.Dv _FORTIFY_SOURCE is set to +.Dv 1 +the code will compute the maximum possible buffer size for +.Fa str , +and if set to +.Dv 2 +it will compute the minimum buffer size. +.Sh SEE ALSO +.Xr clang 1 , +.Xr gcc 1 , +.Xr __builtin_object_size 3 , +.Xr stdio 3 , +.Xr string 3 , +.Xr security 7 +.Sh HISTORY +The +.Nm +library appeared in +.Nx 4.0 . +This version of the +.Nm +library replaced the GNU library of the same name in +.Fx 12.2 .