git: 88276dfbf19e - main - include: ssp: fortify poll/ppoll from <poll.h>
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 13 Jul 2024 05:23:02 UTC
The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=88276dfbf19e3c0dbd1abee5c2e18c8a4a8c5559 commit 88276dfbf19e3c0dbd1abee5c2e18c8a4a8c5559 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2024-07-13 05:16:11 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2024-07-13 05:16:24 +0000 include: ssp: fortify poll/ppoll from <poll.h> For poll/ppoll we just need to bounds-check the poll array that we're about to write out to. Reviewed by: kib, markj (earlier version) Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D45680 --- include/ssp/Makefile | 2 +- include/ssp/poll.h | 60 +++ lib/libc/sys/poll.c | 5 +- lib/libc/sys/ppoll.c | 8 +- lib/libc/tests/secure/Makefile | 1 + lib/libc/tests/secure/fortify_poll_test.c | 531 +++++++++++++++++++++++ lib/libc/tests/secure/fortify_stdio_test.c | 1 + lib/libc/tests/secure/fortify_string_test.c | 1 + lib/libc/tests/secure/fortify_strings_test.c | 1 + lib/libc/tests/secure/fortify_unistd_test.c | 1 + lib/libc/tests/secure/generate-fortify-tests.lua | 34 ++ sys/sys/poll.h | 4 + 12 files changed, 643 insertions(+), 6 deletions(-) diff --git a/include/ssp/Makefile b/include/ssp/Makefile index 69e7df68bb47..a97139e75c7b 100644 --- a/include/ssp/Makefile +++ b/include/ssp/Makefile @@ -1,4 +1,4 @@ -INCS= ssp.h stdio.h string.h strings.h unistd.h +INCS= poll.h ssp.h stdio.h string.h strings.h unistd.h INCSDIR= ${INCLUDEDIR}/ssp .include <bsd.prog.mk> diff --git a/include/ssp/poll.h b/include/ssp/poll.h new file mode 100644 index 000000000000..66992009e928 --- /dev/null +++ b/include/ssp/poll.h @@ -0,0 +1,60 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024, Klara, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SSP_POLL_H_ +#define _SSP_POLL_H_ + +#include <ssp/ssp.h> + +#if __SSP_FORTIFY_LEVEL > 0 + +__BEGIN_DECLS + +__ssp_redirect_raw_impl(int, poll, poll, + (struct pollfd fds[], nfds_t nfds, int timeout)) +{ + if (__ssp_bos(fds) / sizeof(fds[0]) < nfds) + __chk_fail(); + + return (__ssp_real(poll)(fds, nfds, timeout)); +} + + +__ssp_redirect_raw_impl(int, ppoll, ppoll, + (struct pollfd fds[], nfds_t nfds, + const struct timespec *__restrict timeout, + const sigset_t *__restrict newsigmask)) +{ + if (__ssp_bos(fds) / sizeof(fds[0]) < nfds) + __chk_fail(); + + return (__ssp_real(ppoll)(fds, nfds, timeout, newsigmask)); +} + +__END_DECLS + +#endif /* __SSP_FORTIFY_LEVEL > 0 */ +#endif /* _SSP_POLL_H_ */ diff --git a/lib/libc/sys/poll.c b/lib/libc/sys/poll.c index 6528603e7603..7a418afbbf49 100644 --- a/lib/libc/sys/poll.c +++ b/lib/libc/sys/poll.c @@ -31,13 +31,14 @@ #include <sys/types.h> #include <sys/poll.h> +#include <ssp/ssp.h> #include "libc_private.h" __weak_reference(__sys_poll, __poll); -#pragma weak poll +#pragma weak __ssp_real(poll) int -poll(struct pollfd pfd[], nfds_t nfds, int timeout) +__ssp_real(poll)(struct pollfd pfd[], nfds_t nfds, int timeout) { return (INTERPOS_SYS(poll, pfd, nfds, timeout)); } diff --git a/lib/libc/sys/ppoll.c b/lib/libc/sys/ppoll.c index 52c4c177cf0a..ef72a902548b 100644 --- a/lib/libc/sys/ppoll.c +++ b/lib/libc/sys/ppoll.c @@ -31,14 +31,16 @@ #include <sys/types.h> #include <sys/poll.h> +#include <ssp/ssp.h> #include "libc_private.h" __weak_reference(__sys_ppoll, __ppoll); -#pragma weak ppoll +#pragma weak __ssp_real(ppoll) int -ppoll(struct pollfd pfd[], nfds_t nfds, const struct timespec *__restrict - timeout, const sigset_t *__restrict newsigmask) +__ssp_real(ppoll)(struct pollfd pfd[], nfds_t nfds, + const struct timespec *__restrict timeout, + const sigset_t *__restrict newsigmask) { return (INTERPOS_SYS(ppoll, pfd, nfds, timeout, newsigmask)); } diff --git a/lib/libc/tests/secure/Makefile b/lib/libc/tests/secure/Makefile index d809f7cadd74..2e98b5f2ed35 100644 --- a/lib/libc/tests/secure/Makefile +++ b/lib/libc/tests/secure/Makefile @@ -2,6 +2,7 @@ TESTSDIR:= ${TESTSBASE}/${RELDIR:C/libc\/tests/libc/} +FORTIFY_TCATS+= poll FORTIFY_TCATS+= stdio FORTIFY_TCATS+= string FORTIFY_TCATS+= strings diff --git a/lib/libc/tests/secure/fortify_poll_test.c b/lib/libc/tests/secure/fortify_poll_test.c new file mode 100644 index 000000000000..9d9cb4ace35a --- /dev/null +++ b/lib/libc/tests/secure/fortify_poll_test.c @@ -0,0 +1,531 @@ +/* @generated by `generate-fortify-tests.lua "poll"` */ + +#define _FORTIFY_SOURCE 2 +#define TMPFILE_SIZE (1024 * 32) + +#include <sys/param.h> +#include <sys/resource.h> +#include <sys/time.h> +#include <sys/wait.h> +#include <dirent.h> +#include <errno.h> +#include <fcntl.h> +#include <limits.h> +#include <poll.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <strings.h> +#include <sysexits.h> +#include <unistd.h> +#include <atf-c.h> + +static FILE * __unused +new_fp(size_t __len) +{ + static char fpbuf[LINE_MAX]; + FILE *fp; + + ATF_REQUIRE(__len <= sizeof(fpbuf)); + + memset(fpbuf, 'A', sizeof(fpbuf) - 1); + fpbuf[sizeof(fpbuf) - 1] = '\0'; + + fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); + ATF_REQUIRE(fp != NULL); + + return (fp); +} + +/* + * Create a new symlink to use for readlink(2) style tests, we'll just use a + * random target name to have something interesting to look at. + */ +static const char * __unused +new_symlink(size_t __len) +{ + static const char linkname[] = "link"; + char target[MAXNAMLEN]; + int error; + + ATF_REQUIRE(__len <= sizeof(target)); + + arc4random_buf(target, sizeof(target)); + + error = unlink(linkname); + ATF_REQUIRE(error == 0 || errno == ENOENT); + + error = symlink(target, linkname); + ATF_REQUIRE(error == 0); + + return (linkname); +} + +/* + * Constructs a tmpfile that we can use for testing read(2) and friends. + */ +static int __unused +new_tmpfile(void) +{ + char buf[1024]; + ssize_t rv; + size_t written; + int fd; + + fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); + ATF_REQUIRE(fd >= 0); + + written = 0; + while (written < TMPFILE_SIZE) { + rv = write(fd, buf, sizeof(buf)); + ATF_REQUIRE(rv > 0); + + written += rv; + } + + ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); + return (fd); +} + +static void +disable_coredumps(void) +{ + struct rlimit rl = { 0 }; + + if (setrlimit(RLIMIT_CORE, &rl) == -1) + _exit(EX_OSERR); +} + +/* + * Replaces stdin with a file that we can actually read from, for tests where + * we want a FILE * or fd that we can get data from. + */ +static void __unused +replace_stdin(void) +{ + int fd; + + fd = new_tmpfile(); + + (void)dup2(fd, STDIN_FILENO); + if (fd != STDIN_FILENO) + close(fd); +} + +ATF_TC_WITHOUT_HEAD(poll_before_end); +ATF_TC_BODY(poll_before_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + struct pollfd __buf[4]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 4 - 1; + const size_t __idx __unused = __len - 1; + + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + poll(__stack.__buf, __len, 0); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(poll_end); +ATF_TC_BODY(poll_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + struct pollfd __buf[4]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 4; + const size_t __idx __unused = __len - 1; + + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + poll(__stack.__buf, __len, 0); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(poll_after_end); +ATF_TC_BODY(poll_after_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + struct pollfd __buf[4]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 4 + 1; + const size_t __idx __unused = __len - 1; + pid_t __child; + int __status; + + __child = fork(); + ATF_REQUIRE(__child >= 0); + if (__child > 0) + goto monitor; + + /* Child */ + disable_coredumps(); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + poll(__stack.__buf, __len, 0); + _exit(EX_SOFTWARE); /* Should have aborted. */ + +monitor: + while (waitpid(__child, &__status, 0) != __child) { + ATF_REQUIRE_EQ(EINTR, errno); + } + + if (!WIFSIGNALED(__status)) { + switch (WEXITSTATUS(__status)) { + case EX_SOFTWARE: + atf_tc_fail("FORTIFY_SOURCE failed to abort"); + break; + case EX_OSERR: + atf_tc_fail("setrlimit(2) failed"); + break; + default: + atf_tc_fail("child exited with status %d", + WEXITSTATUS(__status)); + } + } else { + ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); + } +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(poll_heap_before_end); +ATF_TC_BODY(poll_heap_before_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + struct pollfd * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4); + const size_t __len = 4 - 1; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + poll(__stack.__buf, __len, 0); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(poll_heap_end); +ATF_TC_BODY(poll_heap_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + struct pollfd * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4); + const size_t __len = 4; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + poll(__stack.__buf, __len, 0); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(poll_heap_after_end); +ATF_TC_BODY(poll_heap_after_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + struct pollfd * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4); + const size_t __len = 4 + 1; + const size_t __idx __unused = __len - 1; + pid_t __child; + int __status; + + __child = fork(); + ATF_REQUIRE(__child >= 0); + if (__child > 0) + goto monitor; + + /* Child */ + disable_coredumps(); + __stack.__buf = malloc(__bufsz); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + poll(__stack.__buf, __len, 0); + _exit(EX_SOFTWARE); /* Should have aborted. */ + +monitor: + while (waitpid(__child, &__status, 0) != __child) { + ATF_REQUIRE_EQ(EINTR, errno); + } + + if (!WIFSIGNALED(__status)) { + switch (WEXITSTATUS(__status)) { + case EX_SOFTWARE: + atf_tc_fail("FORTIFY_SOURCE failed to abort"); + break; + case EX_OSERR: + atf_tc_fail("setrlimit(2) failed"); + break; + default: + atf_tc_fail("child exited with status %d", + WEXITSTATUS(__status)); + } + } else { + ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); + } +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(ppoll_before_end); +ATF_TC_BODY(ppoll_before_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + struct pollfd __buf[4]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 4 - 1; + const size_t __idx __unused = __len - 1; + struct timespec tv = { 0 }; + + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + ppoll(__stack.__buf, __len, &tv, NULL); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(ppoll_end); +ATF_TC_BODY(ppoll_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + struct pollfd __buf[4]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 4; + const size_t __idx __unused = __len - 1; + struct timespec tv = { 0 }; + + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + ppoll(__stack.__buf, __len, &tv, NULL); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(ppoll_after_end); +ATF_TC_BODY(ppoll_after_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + struct pollfd __buf[4]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 4 + 1; + const size_t __idx __unused = __len - 1; + pid_t __child; + int __status; + struct timespec tv = { 0 }; + + __child = fork(); + ATF_REQUIRE(__child >= 0); + if (__child > 0) + goto monitor; + + /* Child */ + disable_coredumps(); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + ppoll(__stack.__buf, __len, &tv, NULL); + _exit(EX_SOFTWARE); /* Should have aborted. */ + +monitor: + while (waitpid(__child, &__status, 0) != __child) { + ATF_REQUIRE_EQ(EINTR, errno); + } + + if (!WIFSIGNALED(__status)) { + switch (WEXITSTATUS(__status)) { + case EX_SOFTWARE: + atf_tc_fail("FORTIFY_SOURCE failed to abort"); + break; + case EX_OSERR: + atf_tc_fail("setrlimit(2) failed"); + break; + default: + atf_tc_fail("child exited with status %d", + WEXITSTATUS(__status)); + } + } else { + ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); + } +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(ppoll_heap_before_end); +ATF_TC_BODY(ppoll_heap_before_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + struct pollfd * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4); + const size_t __len = 4 - 1; + const size_t __idx __unused = __len - 1; + struct timespec tv = { 0 }; + + __stack.__buf = malloc(__bufsz); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + ppoll(__stack.__buf, __len, &tv, NULL); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(ppoll_heap_end); +ATF_TC_BODY(ppoll_heap_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + struct pollfd * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4); + const size_t __len = 4; + const size_t __idx __unused = __len - 1; + struct timespec tv = { 0 }; + + __stack.__buf = malloc(__bufsz); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + ppoll(__stack.__buf, __len, &tv, NULL); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(ppoll_heap_after_end); +ATF_TC_BODY(ppoll_heap_after_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + struct pollfd * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4); + const size_t __len = 4 + 1; + const size_t __idx __unused = __len - 1; + pid_t __child; + int __status; + struct timespec tv = { 0 }; + + __child = fork(); + ATF_REQUIRE(__child >= 0); + if (__child > 0) + goto monitor; + + /* Child */ + disable_coredumps(); + __stack.__buf = malloc(__bufsz); + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } + + ppoll(__stack.__buf, __len, &tv, NULL); + _exit(EX_SOFTWARE); /* Should have aborted. */ + +monitor: + while (waitpid(__child, &__status, 0) != __child) { + ATF_REQUIRE_EQ(EINTR, errno); + } + + if (!WIFSIGNALED(__status)) { + switch (WEXITSTATUS(__status)) { + case EX_SOFTWARE: + atf_tc_fail("FORTIFY_SOURCE failed to abort"); + break; + case EX_OSERR: + atf_tc_fail("setrlimit(2) failed"); + break; + default: + atf_tc_fail("child exited with status %d", + WEXITSTATUS(__status)); + } + } else { + ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); + } +#undef BUF + +} + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, poll_before_end); + ATF_TP_ADD_TC(tp, poll_end); + ATF_TP_ADD_TC(tp, poll_after_end); + ATF_TP_ADD_TC(tp, poll_heap_before_end); + ATF_TP_ADD_TC(tp, poll_heap_end); + ATF_TP_ADD_TC(tp, poll_heap_after_end); + ATF_TP_ADD_TC(tp, ppoll_before_end); + ATF_TP_ADD_TC(tp, ppoll_end); + ATF_TP_ADD_TC(tp, ppoll_after_end); + ATF_TP_ADD_TC(tp, ppoll_heap_before_end); + ATF_TP_ADD_TC(tp, ppoll_heap_end); + ATF_TP_ADD_TC(tp, ppoll_heap_after_end); + return (atf_no_error()); +} diff --git a/lib/libc/tests/secure/fortify_stdio_test.c b/lib/libc/tests/secure/fortify_stdio_test.c index fe0f14acd988..035d84b316e6 100644 --- a/lib/libc/tests/secure/fortify_stdio_test.c +++ b/lib/libc/tests/secure/fortify_stdio_test.c @@ -11,6 +11,7 @@ #include <errno.h> #include <fcntl.h> #include <limits.h> +#include <poll.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> diff --git a/lib/libc/tests/secure/fortify_string_test.c b/lib/libc/tests/secure/fortify_string_test.c index 8306abb5f9e2..5651d3107e91 100644 --- a/lib/libc/tests/secure/fortify_string_test.c +++ b/lib/libc/tests/secure/fortify_string_test.c @@ -11,6 +11,7 @@ #include <errno.h> #include <fcntl.h> #include <limits.h> +#include <poll.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> diff --git a/lib/libc/tests/secure/fortify_strings_test.c b/lib/libc/tests/secure/fortify_strings_test.c index f9cb1e4917f7..28f5e9ec4940 100644 --- a/lib/libc/tests/secure/fortify_strings_test.c +++ b/lib/libc/tests/secure/fortify_strings_test.c @@ -11,6 +11,7 @@ #include <errno.h> #include <fcntl.h> #include <limits.h> +#include <poll.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> diff --git a/lib/libc/tests/secure/fortify_unistd_test.c b/lib/libc/tests/secure/fortify_unistd_test.c index 76702321676a..dddc23596368 100644 --- a/lib/libc/tests/secure/fortify_unistd_test.c +++ b/lib/libc/tests/secure/fortify_unistd_test.c @@ -11,6 +11,7 @@ #include <errno.h> #include <fcntl.h> #include <limits.h> +#include <poll.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> diff --git a/lib/libc/tests/secure/generate-fortify-tests.lua b/lib/libc/tests/secure/generate-fortify-tests.lua index bff1162c7d83..bb654bbf2f71 100755 --- a/lib/libc/tests/secure/generate-fortify-tests.lua +++ b/lib/libc/tests/secure/generate-fortify-tests.lua @@ -69,6 +69,7 @@ local includes = { "errno.h", "fcntl.h", "limits.h", + "poll.h", "signal.h", "stdio.h", "stdlib.h", @@ -90,6 +91,12 @@ local function excludes_stack_overflow(disposition, is_heap) return (not is_heap) and disposition > 0 end +local poll_init = [[ + for (size_t i = 0; i < howmany(__bufsz, sizeof(struct pollfd)); i++) { + __stack.__buf[i].fd = -1; + } +]] + local printf_stackvars = "\tchar srcvar[__len + 10];\n" local printf_init = [[ memset(srcvar, 'A', sizeof(srcvar) - 1); @@ -132,6 +139,33 @@ local string_init = [[ -- circumstances it's useful to use a different type (e.g., for alignment -- requirements). local all_tests = { + poll = { + -- <poll.h> + { + func = "poll", + bufsize = "4", + buftype = "struct pollfd[]", + arguments = { + "__buf", + "__len", + "0", + }, + init = poll_init, + }, + { + func = "ppoll", + bufsize = "4", + buftype = "struct pollfd[]", + arguments = { + "__buf", + "__len", + "&tv", + "NULL", + }, + stackvars = "\tstruct timespec tv = { 0 };\n", + init = poll_init, + }, + }, stdio = { -- <stdio.h> { diff --git a/sys/sys/poll.h b/sys/sys/poll.h index 0ae4e0f4dd15..d5f2c0373942 100644 --- a/sys/sys/poll.h +++ b/sys/sys/poll.h @@ -109,6 +109,10 @@ typedef __sigset_t sigset_t; #endif +#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 +#include <ssp/poll.h> +#endif + __BEGIN_DECLS int poll(struct pollfd _pfd[], nfds_t _nfds, int _timeout); #if __BSD_VISIBLE