git: e55512504d01 - main - Prepare the system for _FORTIFY_SOURCE
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 May 2024 05:24:10 UTC
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=e55512504d0178983978d64d67eed1cc85826523
commit e55512504d0178983978d64d67eed1cc85826523
Author: Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2024-05-13 05:23:50 +0000
Commit: Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-05-13 05:23:50 +0000
Prepare the system for _FORTIFY_SOURCE
Notably:
- libc needs to #undef some of the macros from ssp/* for underlying
implementations
- ssp/* wants a __RENAME() macro (snatched more or less from NetBSD)
There's some extra hinkiness included for read(), since libc spells it
as "_read" while the rest of the world spells it "read."
Reviewed by: imp, ngie
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32307
---
contrib/netbsd-tests/lib/libc/ssp/h_gets.c | 3 +++
include/ssp/unistd.h | 8 ++++++--
lib/libc/Makefile | 2 ++
lib/libc/amd64/string/bcopy.c | 2 ++
lib/libc/amd64/string/bzero.c | 2 ++
lib/libc/amd64/string/strncat.c | 2 ++
lib/libc/amd64/string/strncpy.c | 2 ++
lib/libc/gen/getcwd.c | 3 ++-
lib/libc/stdio/fgets.c | 2 ++
lib/libc/stdio/snprintf.c | 2 ++
lib/libc/stdio/sprintf.c | 2 ++
lib/libc/stdio/vsnprintf.c | 2 ++
lib/libc/stdio/vsprintf.c | 2 ++
lib/libc/string/bcopy.c | 5 +++++
lib/libc/string/memset.c | 4 ++++
lib/libc/string/stpcpy.c | 2 ++
lib/libc/string/stpncpy.c | 2 ++
lib/libc/string/strcat.c | 2 ++
lib/libc/string/strncat.c | 2 ++
sys/sys/cdefs.h | 10 ++++++++++
20 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/contrib/netbsd-tests/lib/libc/ssp/h_gets.c b/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
index f73d29a08bf3..9da01cab8eb4 100644
--- a/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
+++ b/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
@@ -34,6 +34,9 @@ __RCSID("$NetBSD: h_gets.c,v 1.1 2010/12/27 02:04:19 pgoyette Exp $");
#include <stdio.h>
#ifdef __FreeBSD__
+/* _FORTIFY_SOURCE, at the very least, may #define a gets() macro. */
+#undef gets
+
/*
* We want to test the gets() implementation, but cannot simply link against
* the gets symbol because it is not in the default version. (We've made it
diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h
index 2414e2baa96b..bcd3664116cc 100644
--- a/include/ssp/unistd.h
+++ b/include/ssp/unistd.h
@@ -39,8 +39,12 @@
#if __SSP_FORTIFY_LEVEL > 0
__BEGIN_DECLS
-__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \
- (__fd, __buf, __len));
+#ifndef _FORTIFY_SOURCE_read
+#define _FORTIFY_SOURCE_read read
+#endif
+
+__ssp_redirect0(ssize_t, _FORTIFY_SOURCE_read, (int __fd, void *__buf,
+ size_t __len), (__fd, __buf, __len));
__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \
char *__restrict __buf, size_t __len), (__path, __buf, __len));
diff --git a/lib/libc/Makefile b/lib/libc/Makefile
index 674986a7e065..c70e57498771 100644
--- a/lib/libc/Makefile
+++ b/lib/libc/Makefile
@@ -19,6 +19,8 @@ LIBC_ARCH=${M}
LIBC_ARCH=${MACHINE_CPUARCH}
.endif
+CFLAGS+=-D_FORTIFY_SOURCE_read=_read
+
# All library objects contain FreeBSD revision strings by default; they may be
# excluded as a space-saving measure. To produce a library that does
# not contain these strings, add -DSTRIP_FBSDID (see <sys/cdefs.h>) to CFLAGS
diff --git a/lib/libc/amd64/string/bcopy.c b/lib/libc/amd64/string/bcopy.c
index 868567711e8b..0dee529fb9df 100644
--- a/lib/libc/amd64/string/bcopy.c
+++ b/lib/libc/amd64/string/bcopy.c
@@ -4,6 +4,8 @@
#include <string.h>
+#undef bcopy /* _FORTIFY_SOURCE */
+
void
bcopy(const void *src, void *dst, size_t len)
{
diff --git a/lib/libc/amd64/string/bzero.c b/lib/libc/amd64/string/bzero.c
index 92adb2bb4f0e..d82f3061865b 100644
--- a/lib/libc/amd64/string/bzero.c
+++ b/lib/libc/amd64/string/bzero.c
@@ -4,6 +4,8 @@
#include <string.h>
+#undef bzero /* _FORTIFY_SOURCE */
+
void
bzero(void *b, size_t len)
{
diff --git a/lib/libc/amd64/string/strncat.c b/lib/libc/amd64/string/strncat.c
index 33b278ac5e04..2c63ab50b3c3 100644
--- a/lib/libc/amd64/string/strncat.c
+++ b/lib/libc/amd64/string/strncat.c
@@ -8,6 +8,8 @@
#include <string.h>
+#undef strncat /* _FORTIFY_SOURCE */
+
void *__memccpy(void *restrict, const void *restrict, int, size_t);
char *
diff --git a/lib/libc/amd64/string/strncpy.c b/lib/libc/amd64/string/strncpy.c
index b3d868787fbe..0e7a58222aa8 100644
--- a/lib/libc/amd64/string/strncpy.c
+++ b/lib/libc/amd64/string/strncpy.c
@@ -29,6 +29,8 @@
#include <sys/cdefs.h>
#include <string.h>
+#undef strncpy /* _FORTIFY_SOURCE */
+
char *__stpncpy(char *restrict, const char *restrict, size_t);
char *
diff --git a/lib/libc/gen/getcwd.c b/lib/libc/gen/getcwd.c
index 191fa50a599b..18d8ce668274 100644
--- a/lib/libc/gen/getcwd.c
+++ b/lib/libc/gen/getcwd.c
@@ -40,6 +40,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <ssp/ssp.h>
#include "un-namespace.h"
#include "gen-private.h"
@@ -51,7 +52,7 @@
extern int __getcwd(char *, size_t);
char *
-getcwd(char *pt, size_t size)
+__ssp_real(getcwd)(char *pt, size_t size)
{
struct dirent *dp;
DIR *dir = NULL;
diff --git a/lib/libc/stdio/fgets.c b/lib/libc/stdio/fgets.c
index 19f68304efc1..504338c012a2 100644
--- a/lib/libc/stdio/fgets.c
+++ b/lib/libc/stdio/fgets.c
@@ -40,6 +40,8 @@
#include "local.h"
#include "libc_private.h"
+#undef fgets /* _FORTIFY_SOURCE */
+
/*
* Read at most n-1 characters from the given file.
* Stop when a newline has been read, or the count runs out.
diff --git a/lib/libc/stdio/snprintf.c b/lib/libc/stdio/snprintf.c
index 398f1596d2c5..607bb3770ccd 100644
--- a/lib/libc/stdio/snprintf.c
+++ b/lib/libc/stdio/snprintf.c
@@ -45,6 +45,8 @@
#include "local.h"
+#undef snprintf /* _FORTIFY_SOURCE */
+
int
snprintf(char * __restrict str, size_t n, char const * __restrict fmt, ...)
{
diff --git a/lib/libc/stdio/sprintf.c b/lib/libc/stdio/sprintf.c
index 3b0e4c061b43..1cac21e98a46 100644
--- a/lib/libc/stdio/sprintf.c
+++ b/lib/libc/stdio/sprintf.c
@@ -43,6 +43,8 @@
#include "local.h"
#include "xlocale_private.h"
+#undef sprintf /* _FORTIFY_SOURCE */
+
int
sprintf(char * __restrict str, char const * __restrict fmt, ...)
{
diff --git a/lib/libc/stdio/vsnprintf.c b/lib/libc/stdio/vsnprintf.c
index 2213b20e3f1e..1e25e6757459 100644
--- a/lib/libc/stdio/vsnprintf.c
+++ b/lib/libc/stdio/vsnprintf.c
@@ -43,6 +43,8 @@
#include "local.h"
#include "xlocale_private.h"
+#undef vsnprintf /* _FORTIFY_SOURCE */
+
int
vsnprintf_l(char * __restrict str, size_t n, locale_t locale,
const char * __restrict fmt, __va_list ap)
diff --git a/lib/libc/stdio/vsprintf.c b/lib/libc/stdio/vsprintf.c
index a478759a2471..298f969a1318 100644
--- a/lib/libc/stdio/vsprintf.c
+++ b/lib/libc/stdio/vsprintf.c
@@ -42,6 +42,8 @@
#include "local.h"
#include "xlocale_private.h"
+#undef vsprintf /* _FORTIFY_SOURCE */
+
int
vsprintf_l(char * __restrict str, locale_t locale,
const char * __restrict fmt, __va_list ap)
diff --git a/lib/libc/string/bcopy.c b/lib/libc/string/bcopy.c
index fdc05f20253c..20f7bc60b76a 100644
--- a/lib/libc/string/bcopy.c
+++ b/lib/libc/string/bcopy.c
@@ -47,6 +47,9 @@ typedef intptr_t word; /* "word" used for optimal copy speed */
#if defined(MEMCOPY) || defined(MEMMOVE)
#include <string.h>
+#undef memcpy /* _FORTIFY_SOURCE */
+#undef memmove /* _FORTIFY_SOURCE */
+
void *
#ifdef MEMCOPY
memcpy
@@ -57,6 +60,8 @@ memmove
#else
#include <strings.h>
+#undef bcopy /* _FORTIFY_SOURCE */
+
void
bcopy(const void *src0, void *dst0, size_t length)
#endif
diff --git a/lib/libc/string/memset.c b/lib/libc/string/memset.c
index a49ce7cea756..811def0fc9b4 100644
--- a/lib/libc/string/memset.c
+++ b/lib/libc/string/memset.c
@@ -42,6 +42,8 @@
#ifdef BZERO
#include <strings.h>
+#undef bzero /* _FORTIFY_SOURCE */
+
#define RETURN return
#define VAL 0
#define WIDEVAL 0
@@ -51,6 +53,8 @@ bzero(void *dst0, size_t length)
#else
#include <string.h>
+#undef memset /* _FORTIFY_SOURCE */
+
#define RETURN return (dst0)
#define VAL c0
#define WIDEVAL c
diff --git a/lib/libc/string/stpcpy.c b/lib/libc/string/stpcpy.c
index c096e81da075..4521e0877e07 100644
--- a/lib/libc/string/stpcpy.c
+++ b/lib/libc/string/stpcpy.c
@@ -33,6 +33,8 @@
#include <string.h>
+#undef stpcpy /* _FORTIFY_SOURCE */
+
char *
stpcpy(char * __restrict to, const char * __restrict from)
{
diff --git a/lib/libc/string/stpncpy.c b/lib/libc/string/stpncpy.c
index 8c7f14ecf8dd..d3a1dddb4a65 100644
--- a/lib/libc/string/stpncpy.c
+++ b/lib/libc/string/stpncpy.c
@@ -28,6 +28,8 @@
#include <string.h>
+#undef stpncpy /* _FORTIFY_SOURCE */
+
char *
stpncpy(char * __restrict dst, const char * __restrict src, size_t n)
{
diff --git a/lib/libc/string/strcat.c b/lib/libc/string/strcat.c
index 593a1afd7048..1c13c519b563 100644
--- a/lib/libc/string/strcat.c
+++ b/lib/libc/string/strcat.c
@@ -31,6 +31,8 @@
#include <string.h>
+#undef strcat /* _FORTIFY_SOURCE */
+
char *
strcat(char * __restrict s, const char * __restrict append)
{
diff --git a/lib/libc/string/strncat.c b/lib/libc/string/strncat.c
index ee951cdc956a..086bdef32b68 100644
--- a/lib/libc/string/strncat.c
+++ b/lib/libc/string/strncat.c
@@ -34,6 +34,8 @@
#include <string.h>
+#undef strncat /* _FORTIFY_SOURCE */
+
/*
* Concatenate src on the end of dst. At most strlen(dst)+n+1 bytes
* are written at dst (at most n+1 bytes being appended). Return dst.
diff --git a/sys/sys/cdefs.h b/sys/sys/cdefs.h
index e47a7072e1f1..a6545a29a302 100644
--- a/sys/sys/cdefs.h
+++ b/sys/sys/cdefs.h
@@ -609,6 +609,16 @@
#define __DEQUALIFY(type, var) ((type)(__uintptr_t)(const volatile void *)(var))
#endif
+#if !defined(_STANDALONE) && !defined(_KERNEL)
+#if defined(__GNUC__) || defined(__PCC__)
+#define __RENAME(x) __asm(__STRING(x))
+#else
+#define __RENAME(x) no renaming support for compiler in use
+#endif /* __GNUC__ */
+#else /* _STANDALONE || _KERNEL */
+#define __RENAME(x) no renaming in kernel/standalone environment
+#endif
+
/*-
* The following definitions are an extension of the behavior originally
* implemented in <sys/_posix.h>, but with a different level of granularity.