From nobody Sun May 19 02:08:48 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VhkdZ6Sv8z5KV3H; Sun, 19 May 2024 02:08:50 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VhkdZ603Nz4LhJ; Sun, 19 May 2024 02:08:50 +0000 (UTC) (envelope-from kevans@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716084530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Rk77lL97lo3zuH9IJS8WVVC+sMTWXjnomXkEu760FaQ=; b=kpUqnL/WQ2MVXaznTrkABeunzGSWVkV5vWtE6GOjaCQNyoiLytf4dvBORQOHIsBszfNqAF MKa2S9hwVRQgidG4E1sJO2FW4k+0MvpWiwHx6GC1Us1aPpZElWhxVsjYpw8MrY4sFWAR81 GnajkaBfhTLDYlTlr+1X+bX1nXWmfqaThxXZ5vWStFmWUV5P2otXbEojVEGklPukaHu++h ACFh2doTp1Yod/WBjh6fUY8ccDi0p+GpTYKVcBsYVmfWpcHOd25mwGOdcOPZLlmZWyuVEg A2MQbsOk7tCmbJqa4JjeqMl0KllRGBZR3HOT4DpKK8gw4hw5cFc1uguKZWjjMw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1716084530; a=rsa-sha256; cv=none; b=H2W4egxSbIB93BxSQsEOQwXY17Ti6VPB4ztc0HXOKLZ5R3njBmCpEi06xfob91dnpX3laP TOgbgWV5I187v2zj1rIBK23XdE3BPj/auWM4X4dkkorbFAlELg28ubR/NbTNt0E+zjBQYD 5wGuZ+B/RdoiQdn7M53SWJZ9rWxrMmlKjxgAUjbwNFKY0xhyUANt5H4OdqiRt9O0ZBAGSk JvIIwOGaGAr8d7WSBE69zM0g9xL9UC8yaq/Xdo2WgexJUG0wK+urfBmpfSXkFIPURuqPVn Jltp+1xHp6gTDUR+jnw0wbxZfhUYOQPDtgKkf4OPmTiAqQhwJMqOS0bYVfEgGg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1716084530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Rk77lL97lo3zuH9IJS8WVVC+sMTWXjnomXkEu760FaQ=; b=Hv93zAjdkmjSoF4N0T1xL+aNPWJfzK0NsOI3vlwDSsU7AuzUWZa2aq12v0lgoqp78hU9qk OAcD/rBjuw2dr/JaXnPg8h404J1RCO3dIG4MwXSyrZLkSH7XtFlWhZfVgs+dKcw1GPlpuU udqOby1GZ6wF00L2H0PyQSa4yy5B/VselnFHz9aOBgzvElQ7y2M27vMussoeODAmXmNml3 D9g3/Lr5YR/KrR2KFjTBT85OKPz7+xHRY2mtgq/WptSwZ0RxAKHZ3/wuDDR9iRsPez9b1V DoLh/S5USRqe5B4ALZwgCHL5z5hor68zOK+4FOdz1MB3XNpnWZ6gkyYXu1FBBA== Received: from [10.9.4.95] (unknown [209.182.120.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: kevans/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VhkdZ1Xpyz1DSn; Sun, 19 May 2024 02:08:50 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Message-ID: <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> Date: Sat, 18 May 2024 21:08:48 -0500 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD Content-Language: en-US To: Pedro Giffuni Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" References: <02326b5e-a1fe-4411-a869-d21f9a76130c@email.android.com> <999469960.1638478.1716080957814@mail.yahoo.com> From: Kyle Evans In-Reply-To: <999469960.1638478.1716080957814@mail.yahoo.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 5/18/24 20:09, Pedro Giffuni wrote: > (sorry for top posting .. my mailer just sucks) > Hi; > > I used to like the limited static checking FORTIFY_SOURCE provides and > when I ran it over FreeBSD it did find a couple of minor issues. It only > works for GCC though. > I don't think this is particularly true anymore; I haven't found a case yet where __builtin_object_size(3) doesn't give me the correct size while GCC did. I'd welcome counter-examples here, though -- we have funding to both finish the project (widen the _FORTIFY_SOURCE net to more of libc/libsys) and add tests to demonstrate that it's both functional and correct. It would be useful to also document deficiencies in the tests. > I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD > had the least intrusive implementation the last time I checked but I > would certainly request it should never be activated by default, > specially with clang. The GCC version has seen more development on glibc > but I still think its a dead end. > I don't see a compelling reason to avoid enabling it by default; see above, the functionality that we need in clang appears to be just fine (and, iirc, was also fine when I checked at the beginning of working on this in 2021) and it provides useful > What I would like to see working on FreeBSD is Safestack as a > replacement for the stack protector, which we were so very slow to adopt > even when it was originally developed in FreeBSD. I think other projects > based on FreeBSD (Chimera and hardenedBSD) have been using it but I > don't know the details. > No comment there, though I think Shawn Webb / HardenedBSD had been playing around with SafeStack (and might have enabled it? I haven't actually looked in a while now). > This is just all my $0.02 > > Pedro. Thanks, Kyle Evans > > On Saturday, May 18, 2024 at 05:54:42 PM GMT-5, Kyle Evans > wrote: > > > > > On May 18, 2024 13:42, Pedro Giffuni wrote: > > Oh no .. please not... > > We went into that in a GSoC: > > https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions > > > Ultimately it proved to be useless since stack-protector-strong. > > > Respectfully, I disagree with your conclusion here: > > 1.) _FORTIFY_SOURCE provides more granular detection of overflow; I > don't have to overflow all the way into the canary at the end of the > frame to be detected, so my minor bug now can be caught before something > causes the stack frame to be rearranged and turn it into a security > issue later > > 2.) __builtin_object_size doesn't work on heap objects, but it actually > can work on subobjects from a heap allocation (e.g., &foo->name), so the > coverage extends beyond the stack into starting to detect other kinds of > overflow > > While the security value over stack-protector-strong may be marginal (I > won't debate this specifically), the feature still has value in general. > > Thanks, > > Kyle Evans > > The NetBSD code was not well adapted to clang either. > > Ask me more if you really want to dig into it, but we don't want this. > > Pedro. > > > On Monday, May 13, 2024 at 12:24:13 AM GMT-5, Kyle Evans > wrote: > > > The branch main has been updated by kevans: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928 > > commit be04fec42638f30f50b5b55fd8e3634c0fb89928 > Author:    Kyle Evans > > AuthorDate: 2024-05-13 05:23:49 +0000 > Commit:    Kyle Evans > > CommitDate: 2024-05-13 05:23:49 +0000 > >     Import _FORTIFY_SOURCE implementation from NetBSD > >     This is a mostly-unmodified copy of the various *_chk > implementations >     and headers from NetBSD, without yet modifying system headers > to start >     actually including them.  A future commit will also apply the > needed >     bits to fix ssp/unistd.h. > >     Reviewed by:    imp, pauamma_gundo.com (both previous > versions), kib >     Sponsored by:  Stormshield >     Sponsored by:  Klara, Inc. >     Differential Revision: https://reviews.freebsd.org/D32306 > > --- > etc/mtree/BSD.include.dist        |  2 + > include/Makefile                  |  2 +- > include/ssp/Makefile              |  6 ++ > include/ssp/ssp.h                  |  91 ++++++++++++++++++++++++++ > include/ssp/stdio.h                |  93 ++++++++++++++++++++++++++ > include/ssp/string.h              | 129 > ++++++++++++++++++++++++++++++++++++ > include/ssp/strings.h              |  67 +++++++++++++++++++ > include/ssp/unistd.h              |  54 +++++++++++++++ > lib/libc/secure/Makefile.inc      |  11 ++++ > lib/libc/secure/Symbol.map        |  18 +++++ > lib/libc/secure/fgets_chk.c        |  54 +++++++++++++++ > lib/libc/secure/gets_chk.c        |  74 +++++++++++++++++++++ > lib/libc/secure/memcpy_chk.c      |  53 +++++++++++++++ > lib/libc/secure/memmove_chk.c      |  47 +++++++++++++ > lib/libc/secure/memset_chk.c      |  46 +++++++++++++ > lib/libc/secure/snprintf_chk.c    |  56 ++++++++++++++++ > lib/libc/secure/sprintf_chk.c      |  61 +++++++++++++++++ > lib/libc/secure/ssp_internal.h    |  37 +++++++++++ > lib/libc/secure/stpcpy_chk.c      |  55 ++++++++++++++++ > lib/libc/secure/stpncpy_chk.c      |  53 +++++++++++++++ > lib/libc/secure/strcat_chk.c      |  60 +++++++++++++++++ > lib/libc/secure/strcpy_chk.c      |  54 +++++++++++++++ > lib/libc/secure/strncat_chk.c      |  70 ++++++++++++++++++++ > lib/libc/secure/strncpy_chk.c      |  53 +++++++++++++++ > lib/libc/secure/vsnprintf_chk.c    |  49 ++++++++++++++ > lib/libc/secure/vsprintf_chk.c    |  58 ++++++++++++++++ > lib/libssp/Makefile                |  20 +++++- > lib/libssp/Symbol.map              |  12 ++-- > lib/libssp/Versions.def            |  5 ++ > lib/libssp/__builtin_object_size.3 | 110 +++++++++++++++++++++++++++++++ > lib/libssp/fortify_stubs.c        | 131 > ------------------------------------- > lib/libssp/ssp.3                  | 130 > ++++++++++++++++++++++++++++++++++++ > 32 files changed, 1621 insertions(+), 140 deletions(-) > > diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist > index a6bd5880bf61..f8c83d6dde7a 100644 > --- a/etc/mtree/BSD.include.dist > +++ b/etc/mtree/BSD.include.dist > @@ -372,6 +372,8 @@ >         mac_veriexec >         .. >     .. > +    ssp > +    .. >     sys >         disk >         .. > diff --git a/include/Makefile b/include/Makefile > index 19e6beb95203..32774419f162 100644 > --- a/include/Makefile > +++ b/include/Makefile > @@ -4,7 +4,7 @@ > > PACKAGE=clibs > CLEANFILES= osreldate.h version > -SUBDIR= arpa protocols rpcsvc rpc xlocale > +SUBDIR= arpa protocols rpcsvc rpc ssp xlocale > .if ${MACHINE_CPUARCH} == "amd64" > SUBDIR+=        i386 > INCLUDE_SUBDIRS+=    i386 > diff --git a/include/ssp/Makefile b/include/ssp/Makefile > new file mode 100644 > index 000000000000..dff19f43c920 > --- /dev/null > +++ b/include/ssp/Makefile > @@ -0,0 +1,6 @@ > +# $FreeBSD$ > + > +INCS=    ssp.h stdio.h string.h strings.h unistd.h > +INCSDIR=    ${INCLUDEDIR}/ssp > + > +.include > diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h > new file mode 100644 > index 000000000000..35a9aeee02df > --- /dev/null > +++ b/include/ssp/ssp.h > @@ -0,0 +1,91 @@ > +/*    $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $    */ > + > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#ifndef _SSP_SSP_H_ > +#define _SSP_SSP_H_ > + > +#include > + > +#if !defined(__cplusplus) > +# if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ > +    (__OPTIMIZE__ > 0 || defined(__clang__)) > +#  if _FORTIFY_SOURCE > 1 > +#  define __SSP_FORTIFY_LEVEL 2 > +#  else > +#  define __SSP_FORTIFY_LEVEL 1 > +#  endif > +# else > +#  define __SSP_FORTIFY_LEVEL 0 > +# endif > +#else > +# define __SSP_FORTIFY_LEVEL 0 > +#endif > + > +#define    __ssp_var(type)    __CONCAT(__ssp_ ## type, __COUNTER__) > + > +/* __ssp_real is used by the implementation in libc */ > +#if __SSP_FORTIFY_LEVEL == 0 > +#define __ssp_real_(fun)    fun > +#else > +#define __ssp_real_(fun)    __ssp_real_ ## fun > +#endif > +#define __ssp_real(fun)        __ssp_real_(fun) > + > +#define __ssp_inline static __inline __attribute__((__always_inline__)) > + > +#define __ssp_bos(ptr) __builtin_object_size(ptr, > __SSP_FORTIFY_LEVEL > 1) > +#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0) > + > +#define __ssp_check(buf, len, bos) \ > +    if (bos(buf) != (size_t)-1 && len > bos(buf)) \ > +        __chk_fail() > +#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \ > +rtype __ssp_real_(fun) args __RENAME(symbol); \ > +__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \ > +__ssp_inline rtype fun args { \ > +    if (cond) \ > +        __ssp_check(__buf, __len, bos); \ > +    return __ssp_real_(fun) call; \ > +} > + > +#define __ssp_redirect(rtype, fun, args, call) \ > +    __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos) > +#define __ssp_redirect0(rtype, fun, args, call) \ > +    __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0) > + > +__BEGIN_DECLS > +void __stack_chk_fail(void) __dead2; > +void __chk_fail(void) __dead2; > +__END_DECLS > + > +#endif /* _SSP_SSP_H_ */ > diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h > new file mode 100644 > index 000000000000..72e3236eac80 > --- /dev/null > +++ b/include/ssp/stdio.h > @@ -0,0 +1,93 @@ > +/*    $NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $    */ > + > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#ifndef _SSP_STDIO_H_ > +#define _SSP_STDIO_H_ > + > +#include > + > +__BEGIN_DECLS > +int __sprintf_chk(char *__restrict, int, size_t, const char > *__restrict, ...) > +    __printflike(4, 5); > +int __vsprintf_chk(char *__restrict, int, size_t, const char > *__restrict, > +    __va_list) > +    __printflike(4, 0); > +int __snprintf_chk(char *__restrict, size_t, int, size_t, > +    const char *__restrict, ...) > +    __printflike(5, 6); > +int __vsnprintf_chk(char *__restrict, size_t, int, size_t, > +    const char *__restrict, __va_list) > +    __printflike(5, 0); > +char *__gets_chk(char *, size_t); > +char *__fgets_chk(char *, int, size_t, FILE *); > +__END_DECLS > + > +#if __SSP_FORTIFY_LEVEL > 0 > + > +#define sprintf(str, ...) ({    \ > +    char *_ssp_str = (str);    \ > +    __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),        \ > +        __VA_ARGS__); \ > +}) > + > +#define vsprintf(str, fmt, ap) ({    \ > +    char *_ssp_str = (str);        \ > +    __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), > fmt,    \ > +        ap);                \ > +}) > + > +#define snprintf(str, len, ...) ({    \ > +    char *_ssp_str = (str);        \ > +    __builtin___snprintf_chk(_ssp_str, len, 0, > __ssp_bos(_ssp_str),    \ > +        __VA_ARGS__);            \ > +}) > + > +#define vsnprintf(str, len, fmt, ap) ({    \ > +    char *_ssp_str = (str);        \ > +    __builtin___vsnprintf_chk(_ssp_str, len, 0, > __ssp_bos(_ssp_str),    \ > +        fmt, ap);            \ > +}) > + > +#define gets(str) ({            \ > +  char *_ssp_str = (str);        \ > +    __gets_chk(_ssp_str, __ssp_bos(_ssp_str));    \ > +}) > + > +#define fgets(str, len, fp) ({        \ > +    char *_ssp_str = (str);        \ > +    __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp);    \ > +}) > + > +#endif /* __SSP_FORTIFY_LEVEL > 0 */ > + > +#endif /* _SSP_STDIO_H_ */ > diff --git a/include/ssp/string.h b/include/ssp/string.h > new file mode 100644 > index 000000000000..996020fda778 > --- /dev/null > +++ b/include/ssp/string.h > @@ -0,0 +1,129 @@ > +/*    $NetBSD: string.h,v 1.14 2020/09/05 13:37:59 mrg Exp $    */ > + > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#ifndef _SSP_STRING_H_ > +#define _SSP_STRING_H_ > + > +#include > + > +__BEGIN_DECLS > +void *__memcpy_chk(void *, const void *, size_t, size_t); > +void *__memmove_chk(void *, const void *, size_t, size_t); > +void *__memset_chk(void *, int, size_t, size_t); > +char *__stpcpy_chk(char *, const char *, size_t); > +char *__stpncpy_chk(char *, const char *, size_t, size_t); > +char *__strcat_chk(char *, const char *, size_t); > +char *__strcpy_chk(char *, const char *, size_t); > +char *__strncat_chk(char *, const char *, size_t, size_t); > +char *__strncpy_chk(char *, const char *, size_t, size_t); > +__END_DECLS > + > +#if __SSP_FORTIFY_LEVEL > 0 > + > +#define __ssp_bos_check3_typed_var(fun, dsttype, dsrvar, dst, > srctype, srcvar, \ > +    src, lenvar, len) ({                \ > +    srctype srcvar = (src);                \ > +    dsttype dstvar = (dst);                \ > +    size_t lenvar = (len);                \ > +    ((__ssp_bos0(dstvar) != (size_t)-1) ?        \ > +    __builtin___ ## fun ## _chk(dstvar, srcvar, lenvar,    \ > +        __ssp_bos0(dstvar)) :                \ > +    __ ## fun ## _ichk(dstvar, srcvar, lenvar));    \ > +}) > + > +#define __ssp_bos_check3_typed(fun, dsttype, dst, srctype, src, > len)    \ > +    __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), dst,    \ > +        srctype, __ssp_var(srcv), src, __ssp_var(lenv), len) > + > +#define __ssp_bos_check3(fun, dst, src, len)        \ > +    __ssp_bos_check3_typed_var(fun, void *, __ssp_var(dstv), dst,    \ > +        const void *, __ssp_var(srcv), src, __ssp_var(lenv), len) > + > +#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src) ({        \ > +    const void *srcvar = (src);                \ > +    void *dstvar = (dst);                \ > +    ((__ssp_bos0(dstvar) != (size_t)-1) ?        \ > +    __builtin___ ## fun ## _chk(dstvar, srcvar,        \ > +        __ssp_bos0(dstvar)) :                \ > +    __ ## fun ## _ichk(dstvar, srcvar));        \ > +}) > + > +#define __ssp_bos_check2(fun, dst, src)            \ > +    __ssp_bos_check2_var(fun, __ssp_var(dstv), dst, > __ssp_var(srcv), src) > + > +#define __ssp_bos_icheck3_restrict(fun, type1, type2) \ > +static __inline type1 __ ## fun ## _ichk(type1 __restrict, type2 > __restrict, size_t); \ > +static __inline __attribute__((__always_inline__)) type1 \ > +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src, > size_t len) { \ > +    return __builtin___ ## fun ## _chk(dst, src, len, > __ssp_bos0(dst)); \ > +} > + > +#define __ssp_bos_icheck3(fun, type1, type2) \ > +static __inline type1 __ ## fun ## _ichk(type1, type2, size_t); \ > +static __inline __attribute__((__always_inline__)) type1 \ > +__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \ > +    return __builtin___ ## fun ## _chk(dst, src, len, > __ssp_bos0(dst)); \ > +} > + > +#define __ssp_bos_icheck2_restrict(fun, type1, type2) \ > +static __inline type1 __ ## fun ## _ichk(type1, type2); \ > +static __inline __attribute__((__always_inline__)) type1 \ > +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \ > +    return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \ > +} > + > +__BEGIN_DECLS > +__ssp_bos_icheck3_restrict(memcpy, void *, const void *) > +__ssp_bos_icheck3(memmove, void *, const void *) > +__ssp_bos_icheck3(memset, void *, int) > +__ssp_bos_icheck2_restrict(stpcpy, char *, const char *) > +__ssp_bos_icheck3_restrict(stpncpy, char *, const char *) > +__ssp_bos_icheck2_restrict(strcpy, char *, const char *) > +__ssp_bos_icheck2_restrict(strcat, char *, const char *) > +__ssp_bos_icheck3_restrict(strncpy, char *, const char *) > +__ssp_bos_icheck3_restrict(strncat, char *, const char *) > +__END_DECLS > + > +#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len) > +#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len) > +#define memset(dst, val, len) \ > +    __ssp_bos_check3_typed(memset, void *, dst, int, val, len) > +#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src) > +#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len) > +#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src) > +#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src) > +#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len) > +#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len) > + > +#endif /* __SSP_FORTIFY_LEVEL > 0 */ > +#endif /* _SSP_STRING_H_ */ > diff --git a/include/ssp/strings.h b/include/ssp/strings.h > new file mode 100644 > index 000000000000..06c9c7cc0a09 > --- /dev/null > +++ b/include/ssp/strings.h > @@ -0,0 +1,67 @@ > +/*    $NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp $    */ > + > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2007 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#ifndef _SSP_STRINGS_H_ > +#define _SSP_STRINGS_H_ > + > +#include > +#include > + > +#if __SSP_FORTIFY_LEVEL > 0 > + > +#define _ssp_bcopy(srcvar, src, dstvar, dst, lenvar,  len) ({    \ > +    const void *srcvar = (src);            \ > +    void *dstvar = (dst);            \ > +    size_t lenvar = (len);            \ > +    ((__ssp_bos0(dstvar) != (size_t)-1) ?    \ > +    __builtin___memmove_chk(dstvar, srcvar, lenvar,    \ > +        __ssp_bos0(dstvar)) :            \ > +    __memmove_ichk(dstvar, srcvar, lenvar));    \ > +}) > + > +#define    bcopy(src, dst, len)            \ > +    _ssp_bcopy(__ssp_var(srcv), src, __ssp_var(dstv), dst, > __ssp_var(lenv), len) > + > +#define _ssp_bzero(dstvar, dst, lenvar, len) ({        \ > +    void *dstvar = (dst);            \ > +    size_t lenvar = (len);            \ > +    ((__ssp_bos0(dstvar) != (size_t)-1) ?    \ > +    __builtin___memset_chk(dstvar, 0, lenvar,    \ > +        __ssp_bos0(dstvar)) : \ > +    __memset_ichk(dstvar, 0, lenvar));        \ > +}) > + > +#define    bzero(dst, len)    _ssp_bzero(__ssp_var(dstv), dst, > __ssp_var(lenv), len) > + > +#endif /* __SSP_FORTIFY_LEVEL > 0 */ > +#endif /* _SSP_STRINGS_H_ */ > diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h > new file mode 100644 > index 000000000000..2414e2baa96b > --- /dev/null > +++ b/include/ssp/unistd.h > @@ -0,0 +1,54 @@ > +/*    $NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $    */ > + > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#ifndef _SSP_UNISTD_H_ > +#define _SSP_UNISTD_H_ > + > +#include > + > +#if __SSP_FORTIFY_LEVEL > 0 > +__BEGIN_DECLS > + > +__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \ > +    (__fd, __buf, __len)); > + > +__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \ > +    char *__restrict __buf, size_t __len), (__path, __buf, __len)); > + > +__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len), > +    (__buf, __len), __buf != 0, __ssp_bos); > + > +__END_DECLS > + > +#endif /* __SSP_FORTIFY_LEVEL > 0 */ > +#endif /* _SSP_UNISTD_H_ */ > diff --git a/lib/libc/secure/Makefile.inc b/lib/libc/secure/Makefile.inc > index 8574c5a05dc5..3b1ad879c715 100644 > --- a/lib/libc/secure/Makefile.inc > +++ b/lib/libc/secure/Makefile.inc > @@ -3,6 +3,17 @@ > > .PATH: ${LIBC_SRCTOP}/secure > > +# _FORTIFY_SOURCE > +SRCS+=    gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c > memset_chk.c \ > +    snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \ > +    strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \ > +    vsnprintf_chk.c vsprintf_chk.c > + > +CFLAGS.snprintf_chk.c+=    -Wno-unused-parameter > +CFLAGS.sprintf_chk.c+=    -Wno-unused-parameter > +CFLAGS.vsnprintf_chk.c+=    -Wno-unused-parameter > +CFLAGS.vsprintf_chk.c+=    -Wno-unused-parameter > + > # Sources common to both syscall interfaces: > SRCS+=    stack_protector.c \ >     stack_protector_compat.c > diff --git a/lib/libc/secure/Symbol.map b/lib/libc/secure/Symbol.map > index 641f451b5421..7859fcee3821 100644 > --- a/lib/libc/secure/Symbol.map > +++ b/lib/libc/secure/Symbol.map > @@ -3,3 +3,21 @@ FBSD_1.0 { >     __stack_chk_fail; >     __stack_chk_guard; > }; > + > +FBSD_1.8 { > +    __gets_chk; > +    __fgets_chk; > +    __memcpy_chk; > +    __memmove_chk; > +    __memset_chk; > +    __snprintf_chk; > +    __sprintf_chk; > +    __stpcpy_chk; > +    __stpncpy_chk; > +    __strcat_chk; > +    __strcpy_chk; > +    __strncat_chk; > +    __strncpy_chk; > +    __vsnprintf_chk; > +    __vsprintf_chk; > +}; > diff --git a/lib/libc/secure/fgets_chk.c b/lib/libc/secure/fgets_chk.c > new file mode 100644 > index 000000000000..72aa1d816ce1 > --- /dev/null > +++ b/lib/libc/secure/fgets_chk.c > @@ -0,0 +1,54 @@ > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#include > +__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $"); > + > +#include > +#include > +#include > +#include > + > +#include > +#include > +#undef fgets > + > +char * > +__fgets_chk(char * __restrict buf, int len, size_t slen, FILE *fp) > +{ > +    if (slen >= (size_t)INT_MAX) > +        return (fgets(buf, len, fp)); > + > +    if (len >= 0 && (size_t)len > slen) > +        __chk_fail(); > + > +    return (fgets(buf, len, fp)); > +} > diff --git a/lib/libc/secure/gets_chk.c b/lib/libc/secure/gets_chk.c > new file mode 100644 > index 000000000000..18c1e2d18f43 > --- /dev/null > +++ b/lib/libc/secure/gets_chk.c > @@ -0,0 +1,74 @@ > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#include > +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp > $"); > + > +#include > +#include > +#include > +#include > + > +#include > +#include > + > +char *__gets_unsafe(char *); > + > +char * > +__gets_chk(char * __restrict buf, size_t slen) > +{ > +    char *abuf; > +    size_t len; > + > +    if (slen >= (size_t)INT_MAX) > +        return (__gets_unsafe(buf)); > + > +    if ((abuf = malloc(slen + 1)) == NULL) > +        return (__gets_unsafe(buf)); > + > +    if (fgets(abuf, (int)(slen + 1), stdin) == NULL) { > +        free(abuf); > +        return (NULL); > +    } > + > +    len = strlen(abuf); > +    if (len > 0 && abuf[len - 1] == '\n') > +        --len; > + > +    if (len >= slen) > +        __chk_fail(); > + > +    (void)memcpy(buf, abuf, len); > + > +    buf[len] = '\0'; > +    free(abuf); > +    return (buf); > +} > diff --git a/lib/libc/secure/memcpy_chk.c b/lib/libc/secure/memcpy_chk.c > new file mode 100644 > index 000000000000..99cf2d5f13ff > --- /dev/null > +++ b/lib/libc/secure/memcpy_chk.c > @@ -0,0 +1,53 @@ > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#include > +__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $"); > + > +#include > + > +#include > +#undef memcpy > + > +#include "ssp_internal.h" > + > +void * > +__memcpy_chk(void * __restrict dst, const void * __restrict src, > size_t len, > +    size_t slen) > +{ > +    if (len > slen) > +        __chk_fail(); > + > +    if (__ssp_overlap((const char *)src, (const char *)dst, len)) > +        __chk_fail(); > + > +    return (memcpy(dst, src, len)); > +} > diff --git a/lib/libc/secure/memmove_chk.c > b/lib/libc/secure/memmove_chk.c > new file mode 100644 > index 000000000000..07f965d608fc > --- /dev/null > +++ b/lib/libc/secure/memmove_chk.c > @@ -0,0 +1,47 @@ > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#include > +__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:37:59 mrg Exp $"); > + > +#include > + > +#include > +#undef memmove > + > +void * > +__memmove_chk(void *dst, const void *src, size_t len, > +    size_t slen) > +{ > +    if (len > slen) > +        __chk_fail(); > +    return (memmove(dst, src, len)); > +} > diff --git a/lib/libc/secure/memset_chk.c b/lib/libc/secure/memset_chk.c > new file mode 100644 > index 000000000000..f337be98b46d > --- /dev/null > +++ b/lib/libc/secure/memset_chk.c > @@ -0,0 +1,46 @@ > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#include > +__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $"); > + > +#include > + > +#include > +#undef memset > + > +void * > +__memset_chk(void * __restrict dst, int val, size_t len, size_t slen) > +{ > +    if (len > slen) > +        __chk_fail(); > +    return (memset(dst, val, len)); > +} > diff --git a/lib/libc/secure/snprintf_chk.c > b/lib/libc/secure/snprintf_chk.c > new file mode 100644 > index 000000000000..52ef874ede5b > --- /dev/null > +++ b/lib/libc/secure/snprintf_chk.c > @@ -0,0 +1,56 @@ > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > + * by Christos Zoulas. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + *    notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + *    notice, this list of conditions and the following disclaimer > in the > + *    documentation and/or other materials provided with the > distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND > CONTRIBUTORS > + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT > NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR > + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR > CONTRIBUTORS > + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, > EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF THE > + * POSSIBILITY OF SUCH DAMAGE. > + */ > +#include > +__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin > Exp $"); > + > +#include > +#include > + > +#include > +#undef vsnprintf > + > +int > +__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t > slen, > +    const char * __restrict fmt, ...) > +{ > +    va_list ap; > +    int rv; > + > +    if (len > slen) > +        __chk_fail(); > + > +    va_start(ap, fmt); > +    rv = vsnprintf(buf, len, fmt, ap); > +    va_end(ap); > + > +    return (rv); > +} > diff --git a/lib/libc/secure/sprintf_chk.c > b/lib/libc/secure/sprintf_chk.c > new file mode 100644 > index 000000000000..d4c42ccba3ce > --- /dev/null > +++ b/lib/libc/secure/sprintf_chk.c > @@ -0,0 +1,61 @@ > +/*- > + * > + * SPDX-License-Identifier: BSD-2-Clause > + * > + * Copyright (c) 2006 The NetBSD Foundation, Inc. > + * All rights reserved. > + * > + * This code is derived from software contributed to The NetBSD > Foundation > *** 1063 LINES SKIPPED *** > >