From nobody Sun May 19 04:39:59 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vhp156Bkxz5KjCc for ; Sun, 19 May 2024 04:40:57 +0000 (UTC) (envelope-from pfg@freebsd.org) Received: from sonic312-25.consmr.mail.ne1.yahoo.com (sonic312-25.consmr.mail.ne1.yahoo.com [66.163.191.206]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vhp1519PRz4YZL for ; Sun, 19 May 2024 04:40:57 +0000 (UTC) (envelope-from pfg@freebsd.org) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1716093655; bh=TfLtg4OGpel4SvEehvOlCRMjTVrEhG9LJ11EqL30rsM=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=BjpvR3QPwttefICEgAFErgtc8voVumOmmILJjFs/FJNYf192DZBcvABecr+UL6Mb0y5HZiOGuInK7fJ/IU5wZGStp7cxZH8gR2Z34PgrsMTb04BKlhZCRFYMNsKkPwPKhBVQ90K3i8fuL6FkrjmYBxE5mHrwbZViEStqA7Vcp27Ytbq2mzTOMc3aBiZCtAAW4qOB6jlLTBbTuamz9gKSpvRkXVOrE85E9OEfTmlfQ/HBC9uwEyXVsYlNrx3ZA11vnyL6zg413vB2qOG/ShxNv/F/9Dz7P82w57tQwzM4I2tQatZNkDr6rNC6XKherNJ7cUncsqmGQuhS2pZ/97BGuQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1716093655; bh=KeEYwaL0r34LTfYnO3TiL1JIGLMcNlCIgcZFOdEBS1U=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=U2NQevDAgpkgM4evZLYKOiNRSPY13gt2qcdCx7vBiS4LqjWKWvEWoZ0ei6JzUQGZ8yLdAOlTNqZcxMp/iNE+CI2DYjvsVD8qWl/rCMiTYWZN0725O5CTITd+5kkOdlRno0niZJ7yd9xhN+ycuITTL9NN7qvUDK/KSlXLnCQ7mQOAQLwFMX//Kw3PGoP3asCCtUz18SCLCCHgEc6G0NwEdd6sIYC0/2jb7L0ZIhpAkGVij0GGcLmy0aAGivVOwW0gLI4QBKnbS0ZnPDJ00jzZQZVmf6IILbUavq6PgnmBHXW5U5y9t3jllr7jRxSQPXcSsPq9O3SryvfKams9tmBh+g== X-YMail-OSG: NfHQxPkVM1lyWSbxTLcy5WjLovkUrES3884IrIcKeD9lCPGUN4mwhCYrY5xaQVs 9RKea8AcaTUSYPbQmzK423cIg0U5FgHx6_3VWWom5d0waA9DbBPgysz81ZHfSQtn3RM3Rnn0gtAe bolesal9I2A2tbm.qFO_uBH7zia4ROpX8EHVLRalqEjYeKkVhNHBzxKpk1mgQ3hN5938i7UDySod glfBhoglaLQ29rBwWhq8TXm49IRoDp8DLpws78sg3tFFoy4wbxfKTaeeaRCf7MeD9XNdGgwLG4KH IFmbJQoGoI3S2FTan0OHkzZS6Ac465TJFRzOv1AE6Hr4ydA2dOwEXZ4RRAheiKtLKmY4Eig0.3oY YplBW0T2.IhT9aVtXu8U7_lL5lu_U36sdRrS2L0dCJyIYOuOAIAjyDNZ5eigKKHSHqd9_.uyuHDB Vvd74abRKb1SGS6goxp90vkabK4TwTOtidtWncXxuUlVfDeXwaPFpP4BDxPw.7VwSitXmGGzDqAW m31RJBbcS4_LMYc1k5Zk26IRqiuQ6Q2oB_WePlo5xnG8ozrYWgLTbUW3eoZzGUPkoygCodKwNynG xl_k.1vnBjyBOFzqfOzcNMVJW3QVr7Xhs0lyekT7Vhfp0fp8Oxp3FlraUuz5RkNmns6DrOnXdQVE zeVkxnxccY_9QMNK5KZNJZGcLa9xLZL9pSx.4HLmEAmCmQZkC04zsUxYJRpi_okSYhEuignDS6Bq pBf.VI0NULNInLnnOFhhtiPIVuBftvsLRAwUC7C6OPTQwVbCIiJfGboiKFaioA4DiG2VJoLZ4mx8 9NQiYvIx4p_JHBVof7XRvmfTHofnxkONMfyeUc5aLEiHBdPfuMHYXNunJbyRjdEsHKccKrIToCzL 7Vo28em78YHgmV6x4oQvzFOJi5QNckotjzTWnBpcBIvwxa4jrh.eXWZP9IiY93.SBpu4u1eEw5G8 ceWnrsrRufDHeCfJfHLLpSwDVA8w7aiHcmYTsWb8dxi7uaWp39GS2iLM2dqL_8KdBLIrqk14xVju ZlzuP2Fw2LJVQh9ublzYWRI3Wp.J79V_7W43Ozh7.79h5Jn.X.wrlE9B6pe7H3kc4jLW8pYMRgMA ofZ5oxnBeKjOVSuBp92crHapEYRntqMqIsQKxAmtKysDPDibJ7ahOQ.wWFu2hg94JoxJlQOwGM8C quCN5sw4OORJqalnky0IqSR6Ia.uAXB4YWBkxSobp9cIVMENW5dfsO6DEN3gw_Z4LocTLZGIaLVL zpnCWIr2pi4qArT8d6r62RQXfgjNGoXo9Y4gcv.eVIl2fUy1kBG3AJGKBsEYdrVtlmzYIcg73xK_ y.Uzuo9gQbUVxt9TWjKAHj7npc0X0pwAb2FwI8meYl_4mZN_SRSsyTnBxKeN8dKBrHkM70QFGC.p nsZEaTEbYKvlXRTPDIPW2NWXuwWQaMcGEQNDYtnxa2lp2fq67dJTzUW6Uc9M.HHUsWHNC7rBjEn4 ze.Imto301kH.VNuR6GNzyAvoF3W9ch9vu7wOsI9RK4ZVYruU7Yr0T1XGwr8NLk30P3KRrREXrC_ wmTicFwKYoMNZUnOQsmWChcEFT9CQvu8aIJtYX68Has0V5qyVgfO1E2_RC6nRxELLLWNjpngmKfv kZL2L.II4p0OrFQ25AxaI__Lz3Z5r1yWiFlKsYdrTIlKCHxWfirxQ2iRSLnxmjuaVZh5f4f33yzW YGggKHU5gfO_NFcYV.1Fr6W0Xuebzu1g8pIu248iu_Gn1_epsB6ZWkg7c1F2pH1SHnq.df4i8RTH PwPsMRBIAby9Ds0tjdTiSYEBlNyGsjrUtBDEWlkzSGu9rirJYO_JJCBw3gq7b_jIwEzs4icq9LYQ K8sUUcKvkZNDywd_Ar4nymtCuhZoJhBQES4vuCSBSiEMTXeC150lAd.M5atty3egyQ4HBPsPunWv HPE6aiZVVVdeBCI5A4YaEgwizbRU0wT4FwpJyNl2aEOpRZldCms5PUZeOTxOY40ZV9E_g7tPuNpt MyvTf7i.p4V4h9cVyh9ANVzfyc8gWdAB0Uv1uspM7WTJojZVB7PU4I89IhJCJv7c4efynbUGUrKf o4WyVYXcXDoCoHN4fCfHLkPo01WmzBZNsaYnS42PuRWMWK6JXIGbpN4nvihYW9p1qGgif8TILdYa eEgugXE4.cg_4kTH68LfbRYSq9m5nno5MqNG7aDwrTlting-- X-Sonic-MF: X-Sonic-ID: 48b962ac-1ce0-4092-8985-2219a3a1900a Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.ne1.yahoo.com with HTTP; Sun, 19 May 2024 04:40:55 +0000 Date: Sun, 19 May 2024 04:39:59 +0000 (UTC) From: Pedro Giffuni To: Kyle Evans Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Message-ID: <1413980952.1357400.1716093599901@mail.yahoo.com> In-Reply-To: <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> References: <02326b5e-a1fe-4411-a869-d21f9a76130c@email.android.com> <999469960.1638478.1716080957814@mail.yahoo.com> <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> Subject: Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_1357399_2058372477.1716093599883" X-Mailer: WebService/1.1.22356 YMailNorrin X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36646, ipnet:66.163.184.0/21, country:US] X-Rspamd-Queue-Id: 4Vhp1519PRz4YZL ------=_Part_1357399_2058372477.1716093599883 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable FWIW .. and let me be clear I haven't worked on this in ages and I am not = planning to retake this either... clang just couldn't do the static=C2=A0 fortify_source checks=C2=A0 due to = the way llvm uses an intermediate representation; the size just couldn't be= handled in the preprocessor. Google did spend some time adding extra attri= butes to clang to improve the debugging and you can see that implemented in= bionic libc but that was it. musl didn't even try. fortify_source does replace some key libc functions with memory checking al= ternatives and that turns out to be annoying when debugging. In a way it br= eaks that principle C programmers once had, where developers are expected t= o know what they are doing, and if the error is caught at runtime by the st= ack protector anyways it ends up being redundant. One more thing about the static checks. Most of the linux distributions out= there indeed have built their software packages with GCC and fortify_sourc= e >=3D2. As a consequence, when we ran an exp-run on the ports tree (with G= CC), fortify_source didn't find anything: it was basically a waste of time. Another reason for not setting it by default is performance. And here I ans= wer Shawn's comment on why not enable stack-protector-all and safestack and= fortify_source at the same time: running unnecessary checks over and over = again wastes energy and can have some performance hit. The later may seem n= egligible in modern processors, but why do them if they bring no benefit? (= No need to answer ... just left as food for thought) Pedro. On Saturday, May 18, 2024 at 09:08:52 PM GMT-5, Kyle Evans wrote: =20 =20 =20 On 5/18/24 20:09, Pedro Giffuni wrote: > (sorry for top posting .. my mailer just sucks) > Hi; >=20 > I used to like the limited static checking FORTIFY_SOURCE provides and=20 > when I ran it over FreeBSD it did find a couple of minor issues. It only= =20 > works for GCC though. >=20 I don't think this is particularly true anymore; I haven't found a case=20 yet where __builtin_object_size(3) doesn't give me the correct size=20 while GCC did.=C2=A0 I'd welcome counter-examples here, though -- we have= =20 funding to both finish the project (widen the _FORTIFY_SOURCE net to=20 more of libc/libsys) and add tests to demonstrate that it's both=20 functional and correct.=C2=A0 It would be useful to also document=20 deficiencies in the tests. > I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD= =20 > had the least intrusive implementation the last time I checked but I=20 > would certainly request it should never be activated by default,=20 > specially with clang. The GCC version has seen more development on glibc= =20 > but I still think its a dead end. >=20 I don't see a compelling reason to avoid enabling it by default; see=20 above, the functionality that we need in clang appears to be just fine=20 (and, iirc, was also fine when I checked at the beginning of working on=20 this in 2021) and it provides useful > What I would like to see working on FreeBSD is Safestack as a=20 > replacement for the stack protector, which we were so very slow to adopt= =20 > even when it was originally developed in FreeBSD. I think other projects= =20 > based on FreeBSD (Chimera and hardenedBSD) have been using it but I=20 > don't know the details. >=20 No comment there, though I think Shawn Webb / HardenedBSD had been=20 playing around with SafeStack (and might have enabled it? I haven't=20 actually looked in a while now). > This is just all my $0.02 >=20 > Pedro. Thanks, Kyle Evans >=20 > On Saturday, May 18, 2024 at 05:54:42 PM GMT-5, Kyle Evans=20 > wrote: >=20 >=20 >=20 >=20 > On May 18, 2024 13:42, Pedro Giffuni wrote: >=20 >=C2=A0 =C2=A0 Oh no .. please not... >=20 >=C2=A0 =C2=A0 We went into that in a GSoC: >=20 >=C2=A0 =C2=A0 https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurit= yExtensions >=20 >=20 >=C2=A0 =C2=A0 Ultimately it proved to be useless since stack-protector-str= ong. >=20 >=20 > Respectfully, I disagree with your conclusion here: >=20 > 1.) _FORTIFY_SOURCE provides more granular detection of overflow; I=20 > don't have to overflow all the way into the canary at the end of the=20 > frame to be detected, so my minor bug now can be caught before something= =20 > causes the stack frame to be rearranged and turn it into a security=20 > issue later >=20 > 2.) __builtin_object_size doesn't work on heap objects, but it actually= =20 > can work on subobjects from a heap allocation (e.g., &foo->name), so the= =20 > coverage extends beyond the stack into starting to detect other kinds of= =20 > overflow >=20 > While the security value over stack-protector-strong may be marginal (I= =20 > won't debate this specifically), the feature still has value in general. >=20 > Thanks, >=20 > Kyle Evans >=20 >=C2=A0 =C2=A0 The NetBSD code was not well adapted to clang either. >=20 >=C2=A0 =C2=A0 Ask me more if you really want to dig into it, but we don't = want this. >=20 >=C2=A0 =C2=A0 Pedro. >=20 >=20 >=C2=A0 =C2=A0 On Monday, May 13, 2024 at 12:24:13 AM GMT-5, Kyle Evans >=C2=A0 =C2=A0 wrote: >=20 >=20 >=C2=A0 =C2=A0 The branch main has been updated by kevans: >=20 >=C2=A0 =C2=A0 URL: >=C2=A0 =C2=A0 https://cgit.FreeBSD.org/src/commit/?id=3Dbe04fec42638f30f50= b5b55fd8e3634c0fb89928 >=20 >=C2=A0 =C2=A0 commit be04fec42638f30f50b5b55fd8e3634c0fb89928 >=C2=A0 =C2=A0 Author:=C2=A0 =C2=A0 Kyle Evans > >=C2=A0 =C2=A0 AuthorDate: 2024-05-13 05:23:49 +0000 >=C2=A0 =C2=A0 Commit:=C2=A0 =C2=A0 Kyle Evans > >=C2=A0 =C2=A0 CommitDate: 2024-05-13 05:23:49 +0000 >=20 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Import _FORTIFY_SOURCE implementation f= rom NetBSD >=20 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 This is a mostly-unmodified copy of the= various *_chk >=C2=A0 =C2=A0 implementations >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 and headers from NetBSD, without yet mo= difying system headers >=C2=A0 =C2=A0 to start >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 actually including them.=C2=A0 A future= commit will also apply the >=C2=A0 =C2=A0 needed >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 bits to fix ssp/unistd.h. >=20 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Reviewed by:=C2=A0 =C2=A0 imp, pauamma_= gundo.com (both previous >=C2=A0 =C2=A0 versions), kib >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Sponsored by:=C2=A0 Stormshield >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Sponsored by:=C2=A0 Klara, Inc. >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Differential Revision: https://reviews.= freebsd.org/D32306 >=C2=A0 =C2=A0 >=C2=A0 =C2=A0 --- >=C2=A0 =C2=A0 etc/mtree/BSD.include.dist=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2= =A0 2 + >=C2=A0 =C2=A0 include/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 |=C2=A0 2 +- >=C2=A0 =C2=A0 include/ssp/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 |=C2=A0 6 ++ >=C2=A0 =C2=A0 include/ssp/ssp.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 |=C2=A0 91 ++++++++++++++++++++++++++ >=C2=A0 =C2=A0 include/ssp/stdio.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 |=C2=A0 93 ++++++++++++++++++++++++++ >=C2=A0 =C2=A0 include/ssp/string.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 | 129 >=C2=A0 =C2=A0 ++++++++++++++++++++++++++++++++++++ >=C2=A0 =C2=A0 include/ssp/strings.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 |=C2=A0 67 +++++++++++++++++++ >=C2=A0 =C2=A0 include/ssp/unistd.h=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 |=C2=A0 54 +++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/Makefile.inc=C2=A0 =C2=A0 =C2=A0 |=C2=A0 11 = ++++ >=C2=A0 =C2=A0 lib/libc/secure/Symbol.map=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2= =A0 18 +++++ >=C2=A0 =C2=A0 lib/libc/secure/fgets_chk.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2= =A0 54 +++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/gets_chk.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 |=C2= =A0 74 +++++++++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/memcpy_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 53 = +++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/memmove_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 47= +++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/memset_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 46 = +++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/snprintf_chk.c=C2=A0 =C2=A0 |=C2=A0 56 +++++= +++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/sprintf_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 61= +++++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/ssp_internal.h=C2=A0 =C2=A0 |=C2=A0 37 +++++= ++++++ >=C2=A0 =C2=A0 lib/libc/secure/stpcpy_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 55 = ++++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/stpncpy_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 53= +++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/strcat_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 60 = +++++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/strcpy_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 54 = +++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/strncat_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 70= ++++++++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/strncpy_chk.c=C2=A0 =C2=A0 =C2=A0 |=C2=A0 53= +++++++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/vsnprintf_chk.c=C2=A0 =C2=A0 |=C2=A0 49 ++++= ++++++++++ >=C2=A0 =C2=A0 lib/libc/secure/vsprintf_chk.c=C2=A0 =C2=A0 |=C2=A0 58 +++++= +++++++++++ >=C2=A0 =C2=A0 lib/libssp/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 |=C2=A0 20 +++++- >=C2=A0 =C2=A0 lib/libssp/Symbol.map=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 |=C2=A0 12 ++-- >=C2=A0 =C2=A0 lib/libssp/Versions.def=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 |=C2=A0 5 ++ >=C2=A0 =C2=A0 lib/libssp/__builtin_object_size.3 | 110 +++++++++++++++++++= ++++++++++++ >=C2=A0 =C2=A0 lib/libssp/fortify_stubs.c=C2=A0 =C2=A0 =C2=A0 =C2=A0 | 131 >=C2=A0 =C2=A0 ------------------------------------- >=C2=A0 =C2=A0 lib/libssp/ssp.3=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 | 130 >=C2=A0 =C2=A0 ++++++++++++++++++++++++++++++++++++ >=C2=A0 =C2=A0 32 files changed, 1621 insertions(+), 140 deletions(-) >=20 >=C2=A0 =C2=A0 diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.incl= ude.dist >=C2=A0 =C2=A0 index a6bd5880bf61..f8c83d6dde7a 100644 >=C2=A0 =C2=A0 --- a/etc/mtree/BSD.include.dist >=C2=A0 =C2=A0 +++ b/etc/mtree/BSD.include.dist >=C2=A0 =C2=A0 @@ -372,6 +372,8 @@ >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 mac_veriexec >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 .. >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 .. >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 ssp >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 .. >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sys >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 disk >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 .. >=C2=A0 =C2=A0 diff --git a/include/Makefile b/include/Makefile >=C2=A0 =C2=A0 index 19e6beb95203..32774419f162 100644 >=C2=A0 =C2=A0 --- a/include/Makefile >=C2=A0 =C2=A0 +++ b/include/Makefile >=C2=A0 =C2=A0 @@ -4,7 +4,7 @@ >=20 >=C2=A0 =C2=A0 PACKAGE=3Dclibs >=C2=A0 =C2=A0 CLEANFILES=3D osreldate.h version >=C2=A0 =C2=A0 -SUBDIR=3D arpa protocols rpcsvc rpc xlocale >=C2=A0 =C2=A0 +SUBDIR=3D arpa protocols rpcsvc rpc ssp xlocale >=C2=A0 =C2=A0 .if ${MACHINE_CPUARCH} =3D=3D "amd64" >=C2=A0 =C2=A0 SUBDIR+=3D=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 i386 >=C2=A0 =C2=A0 INCLUDE_SUBDIRS+=3D=C2=A0=C2=A0=C2=A0 i386 >=C2=A0 =C2=A0 diff --git a/include/ssp/Makefile b/include/ssp/Makefile >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..dff19f43c920 >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/include/ssp/Makefile >=C2=A0 =C2=A0 @@ -0,0 +1,6 @@ >=C2=A0 =C2=A0 +# $FreeBSD$ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +INCS=3D=C2=A0=C2=A0=C2=A0 ssp.h stdio.h string.h strings.h = unistd.h >=C2=A0 =C2=A0 +INCSDIR=3D=C2=A0=C2=A0=C2=A0 ${INCLUDEDIR}/ssp >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +.include >=C2=A0 =C2=A0 diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..35a9aeee02df >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/include/ssp/ssp.h >=C2=A0 =C2=A0 @@ -0,0 +1,91 @@ >=C2=A0 =C2=A0 +/*=C2=A0=C2=A0=C2=A0 $NetBSD: ssp.h,v 1.13 2015/09/03 20:43= :47 plunky Exp $=C2=A0=C2=A0=C2=A0 */ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#ifndef _SSP_SSP_H_ >=C2=A0 =C2=A0 +#define _SSP_SSP_H_ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#if !defined(__cplusplus) >=C2=A0 =C2=A0 +# if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 (__OPTIMIZE__ > 0 || defined(__clang__)) >=C2=A0 =C2=A0 +#=C2=A0 if _FORTIFY_SOURCE > 1 >=C2=A0 =C2=A0 +#=C2=A0 define __SSP_FORTIFY_LEVEL 2 >=C2=A0 =C2=A0 +#=C2=A0 else >=C2=A0 =C2=A0 +#=C2=A0 define __SSP_FORTIFY_LEVEL 1 >=C2=A0 =C2=A0 +#=C2=A0 endif >=C2=A0 =C2=A0 +# else >=C2=A0 =C2=A0 +#=C2=A0 define __SSP_FORTIFY_LEVEL 0 >=C2=A0 =C2=A0 +# endif >=C2=A0 =C2=A0 +#else >=C2=A0 =C2=A0 +# define __SSP_FORTIFY_LEVEL 0 >=C2=A0 =C2=A0 +#endif >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define=C2=A0=C2=A0=C2=A0 __ssp_var(type)=C2=A0=C2=A0=C2=A0= __CONCAT(__ssp_ ## type, __COUNTER__) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +/* __ssp_real is used by the implementation in libc */ >=C2=A0 =C2=A0 +#if __SSP_FORTIFY_LEVEL =3D=3D 0 >=C2=A0 =C2=A0 +#define __ssp_real_(fun)=C2=A0=C2=A0=C2=A0 fun >=C2=A0 =C2=A0 +#else >=C2=A0 =C2=A0 +#define __ssp_real_(fun)=C2=A0=C2=A0=C2=A0 __ssp_real_ ## f= un >=C2=A0 =C2=A0 +#endif >=C2=A0 =C2=A0 +#define __ssp_real(fun)=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2= =A0 __ssp_real_(fun) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_inline static __inline __attribute__((__alway= s_inline__)) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos(ptr) __builtin_object_size(ptr, >=C2=A0 =C2=A0 __SSP_FORTIFY_LEVEL > 1) >=C2=A0 =C2=A0 +#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_check(buf, len, bos) \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (bos(buf) !=3D (size_t)-1 && len > bo= s(buf)) \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail() >=C2=A0 =C2=A0 +#define __ssp_redirect_raw(rtype, fun, symbol, args, call, = cond, bos) \ >=C2=A0 =C2=A0 +rtype __ssp_real_(fun) args __RENAME(symbol); \ >=C2=A0 =C2=A0 +__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fu= n); \ >=C2=A0 =C2=A0 +__ssp_inline rtype fun args { \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (cond) \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __ssp_check(__buf, __= len, bos); \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return __ssp_real_(fun) call; \ >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_redirect(rtype, fun, args, call) \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ssp_redirect_raw(rtype, fun, fun, args, cal= l, 1, __ssp_bos) >=C2=A0 =C2=A0 +#define __ssp_redirect0(rtype, fun, args, call) \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ssp_redirect_raw(rtype, fun, fun, args, cal= l, 1, __ssp_bos0) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__BEGIN_DECLS >=C2=A0 =C2=A0 +void __stack_chk_fail(void) __dead2; >=C2=A0 =C2=A0 +void __chk_fail(void) __dead2; >=C2=A0 =C2=A0 +__END_DECLS >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#endif /* _SSP_SSP_H_ */ >=C2=A0 =C2=A0 diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..72e3236eac80 >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/include/ssp/stdio.h >=C2=A0 =C2=A0 @@ -0,0 +1,93 @@ >=C2=A0 =C2=A0 +/*=C2=A0=C2=A0=C2=A0 $NetBSD: stdio.h,v 1.5 2011/07/17 20:5= 4:34 joerg Exp $=C2=A0=C2=A0=C2=A0 */ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#ifndef _SSP_STDIO_H_ >=C2=A0 =C2=A0 +#define _SSP_STDIO_H_ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__BEGIN_DECLS >=C2=A0 =C2=A0 +int __sprintf_chk(char *__restrict, int, size_t, const char >=C2=A0 =C2=A0 *__restrict, ...) >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __printflike(4, 5); >=C2=A0 =C2=A0 +int __vsprintf_chk(char *__restrict, int, size_t, const cha= r >=C2=A0 =C2=A0 *__restrict, >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __va_list) >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __printflike(4, 0); >=C2=A0 =C2=A0 +int __snprintf_chk(char *__restrict, size_t, int, size_t, >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 const char *__restrict, ...) >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __printflike(5, 6); >=C2=A0 =C2=A0 +int __vsnprintf_chk(char *__restrict, size_t, int, size_t, >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 const char *__restrict, __va_list) >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __printflike(5, 0); >=C2=A0 =C2=A0 +char *__gets_chk(char *, size_t); >=C2=A0 =C2=A0 +char *__fgets_chk(char *, int, size_t, FILE *); >=C2=A0 =C2=A0 +__END_DECLS >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#if __SSP_FORTIFY_LEVEL > 0 >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define sprintf(str, ...) ({=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 char *_ssp_str =3D (str);=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___sprintf_chk(_ssp_str, 0, __ssp_bo= s(_ssp_str),=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 __VA_ARGS__); \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define vsprintf(str, fmt, ap) ({=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 char *_ssp_str =3D (str);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___vsprintf_chk(_ssp_str, 0, __ssp_b= os(_ssp_str), >=C2=A0 =C2=A0 fmt,=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 ap);=C2=A0=C2=A0=C2=A0 =C2=A0= =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define snprintf(str, len, ...) ({=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 char *_ssp_str =3D (str);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___snprintf_chk(_ssp_str, len, 0, >=C2=A0 =C2=A0 __ssp_bos(_ssp_str),=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 __VA_ARGS__);=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define vsnprintf(str, len, fmt, ap) ({=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 char *_ssp_str =3D (str);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___vsnprintf_chk(_ssp_str, len, 0, >=C2=A0 =C2=A0 __ssp_bos(_ssp_str),=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 fmt, ap);=C2=A0=C2=A0=C2=A0 =C2= =A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define gets(str) ({=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 char *_ssp_str =3D (str);=C2=A0=C2=A0=C2=A0 =C2=A0= =C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __gets_chk(_ssp_str, __ssp_bos(_ssp_str));=C2= =A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define fgets(str, len, fp) ({=C2=A0=C2=A0=C2=A0 =C2=A0=C2= =A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 char *_ssp_str =3D (str);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str= ), fp);=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#endif /* __SSP_FORTIFY_LEVEL > 0 */ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#endif /* _SSP_STDIO_H_ */ >=C2=A0 =C2=A0 diff --git a/include/ssp/string.h b/include/ssp/string.h >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..996020fda778 >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/include/ssp/string.h >=C2=A0 =C2=A0 @@ -0,0 +1,129 @@ >=C2=A0 =C2=A0 +/*=C2=A0=C2=A0=C2=A0 $NetBSD: string.h,v 1.14 2020/09/05 13= :37:59 mrg Exp $=C2=A0=C2=A0=C2=A0 */ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#ifndef _SSP_STRING_H_ >=C2=A0 =C2=A0 +#define _SSP_STRING_H_ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__BEGIN_DECLS >=C2=A0 =C2=A0 +void *__memcpy_chk(void *, const void *, size_t, size_t); >=C2=A0 =C2=A0 +void *__memmove_chk(void *, const void *, size_t, size_t); >=C2=A0 =C2=A0 +void *__memset_chk(void *, int, size_t, size_t); >=C2=A0 =C2=A0 +char *__stpcpy_chk(char *, const char *, size_t); >=C2=A0 =C2=A0 +char *__stpncpy_chk(char *, const char *, size_t, size_t); >=C2=A0 =C2=A0 +char *__strcat_chk(char *, const char *, size_t); >=C2=A0 =C2=A0 +char *__strcpy_chk(char *, const char *, size_t); >=C2=A0 =C2=A0 +char *__strncat_chk(char *, const char *, size_t, size_t); >=C2=A0 =C2=A0 +char *__strncpy_chk(char *, const char *, size_t, size_t); >=C2=A0 =C2=A0 +__END_DECLS >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#if __SSP_FORTIFY_LEVEL > 0 >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_check3_typed_var(fun, dsttype, dsrvar, ds= t, >=C2=A0 =C2=A0 srctype, srcvar, \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 src, lenvar, len) ({=C2=A0=C2=A0=C2=A0 =C2=A0= =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 srctype srcvar =3D (src);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 dsttype dstvar =3D (dst);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 size_t lenvar =3D (len);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 ((__ssp_bos0(dstvar) !=3D (size_t)-1) ?=C2=A0= =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___ ## fun ## _chk(dstvar, srcvar, l= envar,=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 __ssp_bos0(dstvar)) :=C2=A0=C2= =A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ ## fun ## _ichk(dstvar, srcvar, lenvar));= =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_check3_typed(fun, dsttype, dst, srctype, = src, >=C2=A0 =C2=A0 len)=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ssp_bos_check3_typed_var(fun, dsttype, __ss= p_var(dstv), dst,=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 srctype, __ssp_var(srcv), src, = __ssp_var(lenv), len) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_check3(fun, dst, src, len)=C2=A0=C2=A0=C2= =A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ssp_bos_check3_typed_var(fun, void *, __ssp= _var(dstv), dst,=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 const void *, __ssp_var(srcv), = src, __ssp_var(lenv), len) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src)= ({=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 const void *srcvar =3D (src);=C2=A0=C2=A0=C2= =A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 void *dstvar =3D (dst);=C2=A0=C2=A0=C2=A0 =C2= =A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 ((__ssp_bos0(dstvar) !=3D (size_t)-1) ?=C2=A0= =C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___ ## fun ## _chk(dstvar, srcvar,= =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 __ssp_bos0(dstvar)) :=C2=A0=C2= =A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ ## fun ## _ichk(dstvar, srcvar));=C2=A0=C2= =A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_check2(fun, dst, src)=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ssp_bos_check2_var(fun, __ssp_var(dstv), ds= t, >=C2=A0 =C2=A0 __ssp_var(srcv), src) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_icheck3_restrict(fun, type1, type2) \ >=C2=A0 =C2=A0 +static __inline type1 __ ## fun ## _ichk(type1 __restrict, = type2 >=C2=A0 =C2=A0 __restrict, size_t); \ >=C2=A0 =C2=A0 +static __inline __attribute__((__always_inline__)) type1 \ >=C2=A0 =C2=A0 +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict s= rc, >=C2=A0 =C2=A0 size_t len) { \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return __builtin___ ## fun ## _chk(dst, = src, len, >=C2=A0 =C2=A0 __ssp_bos0(dst)); \ >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_icheck3(fun, type1, type2) \ >=C2=A0 =C2=A0 +static __inline type1 __ ## fun ## _ichk(type1, type2, size= _t); \ >=C2=A0 =C2=A0 +static __inline __attribute__((__always_inline__)) type1 \ >=C2=A0 =C2=A0 +__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return __builtin___ ## fun ## _chk(dst, = src, len, >=C2=A0 =C2=A0 __ssp_bos0(dst)); \ >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define __ssp_bos_icheck2_restrict(fun, type1, type2) \ >=C2=A0 =C2=A0 +static __inline type1 __ ## fun ## _ichk(type1, type2); \ >=C2=A0 =C2=A0 +static __inline __attribute__((__always_inline__)) type1 \ >=C2=A0 =C2=A0 +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict s= rc) { \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return __builtin___ ## fun ## _chk(dst, = src, __ssp_bos0(dst)); \ >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__BEGIN_DECLS >=C2=A0 =C2=A0 +__ssp_bos_icheck3_restrict(memcpy, void *, const void *) >=C2=A0 =C2=A0 +__ssp_bos_icheck3(memmove, void *, const void *) >=C2=A0 =C2=A0 +__ssp_bos_icheck3(memset, void *, int) >=C2=A0 =C2=A0 +__ssp_bos_icheck2_restrict(stpcpy, char *, const char *) >=C2=A0 =C2=A0 +__ssp_bos_icheck3_restrict(stpncpy, char *, const char *) >=C2=A0 =C2=A0 +__ssp_bos_icheck2_restrict(strcpy, char *, const char *) >=C2=A0 =C2=A0 +__ssp_bos_icheck2_restrict(strcat, char *, const char *) >=C2=A0 =C2=A0 +__ssp_bos_icheck3_restrict(strncpy, char *, const char *) >=C2=A0 =C2=A0 +__ssp_bos_icheck3_restrict(strncat, char *, const char *) >=C2=A0 =C2=A0 +__END_DECLS >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst,= src, len) >=C2=A0 =C2=A0 +#define memmove(dst, src, len) __ssp_bos_check3(memmove, ds= t, src, len) >=C2=A0 =C2=A0 +#define memset(dst, val, len) \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __ssp_bos_check3_typed(memset, void *, dst, i= nt, val, len) >=C2=A0 =C2=A0 +#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src) >=C2=A0 =C2=A0 +#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, ds= t, src, len) >=C2=A0 =C2=A0 +#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src) >=C2=A0 =C2=A0 +#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src) >=C2=A0 =C2=A0 +#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, ds= t, src, len) >=C2=A0 =C2=A0 +#define strncat(dst, src, len) __ssp_bos_check3(strncat, ds= t, src, len) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#endif /* __SSP_FORTIFY_LEVEL > 0 */ >=C2=A0 =C2=A0 +#endif /* _SSP_STRING_H_ */ >=C2=A0 =C2=A0 diff --git a/include/ssp/strings.h b/include/ssp/strings.h >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..06c9c7cc0a09 >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/include/ssp/strings.h >=C2=A0 =C2=A0 @@ -0,0 +1,67 @@ >=C2=A0 =C2=A0 +/*=C2=A0=C2=A0=C2=A0 $NetBSD: strings.h,v 1.3 2008/04/28 20= :22:54 martin Exp $=C2=A0=C2=A0=C2=A0 */ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2007 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#ifndef _SSP_STRINGS_H_ >=C2=A0 =C2=A0 +#define _SSP_STRINGS_H_ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#if __SSP_FORTIFY_LEVEL > 0 >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define _ssp_bcopy(srcvar, src, dstvar, dst, lenvar,=C2=A0 = len) ({=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 const void *srcvar =3D (src);=C2=A0=C2=A0=C2= =A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 void *dstvar =3D (dst);=C2=A0=C2=A0=C2=A0 =C2= =A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 size_t lenvar =3D (len);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 ((__ssp_bos0(dstvar) !=3D (size_t)-1) ?=C2=A0= =C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___memmove_chk(dstvar, srcvar, lenva= r,=C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 __ssp_bos0(dstvar)) :=C2=A0=C2= =A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __memmove_ichk(dstvar, srcvar, lenvar));=C2= =A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define=C2=A0=C2=A0=C2=A0 bcopy(src, dst, len)=C2=A0=C2=A0= =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 _ssp_bcopy(__ssp_var(srcv), src, __ssp_var(ds= tv), dst, >=C2=A0 =C2=A0 __ssp_var(lenv), len) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define _ssp_bzero(dstvar, dst, lenvar, len) ({=C2=A0=C2=A0= =C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 void *dstvar =3D (dst);=C2=A0=C2=A0=C2=A0 =C2= =A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 size_t lenvar =3D (len);=C2=A0=C2=A0=C2=A0 = =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 ((__ssp_bos0(dstvar) !=3D (size_t)-1) ?=C2=A0= =C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __builtin___memset_chk(dstvar, 0, lenvar,=C2= =A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 =C2=A0 =C2=A0 __ssp_bos0(dstvar)) : \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 __memset_ichk(dstvar, 0, lenvar));=C2=A0=C2= =A0=C2=A0 =C2=A0=C2=A0=C2=A0 \ >=C2=A0 =C2=A0 +}) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#define=C2=A0=C2=A0=C2=A0 bzero(dst, len)=C2=A0=C2=A0=C2=A0= _ssp_bzero(__ssp_var(dstv), dst, >=C2=A0 =C2=A0 __ssp_var(lenv), len) >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#endif /* __SSP_FORTIFY_LEVEL > 0 */ >=C2=A0 =C2=A0 +#endif /* _SSP_STRINGS_H_ */ >=C2=A0 =C2=A0 diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..2414e2baa96b >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/include/ssp/unistd.h >=C2=A0 =C2=A0 @@ -0,0 +1,54 @@ >=C2=A0 =C2=A0 +/*=C2=A0=C2=A0=C2=A0 $NetBSD: unistd.h,v 1.7 2015/06/25 18:= 41:03 joerg Exp $=C2=A0=C2=A0=C2=A0 */ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#ifndef _SSP_UNISTD_H_ >=C2=A0 =C2=A0 +#define _SSP_UNISTD_H_ >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#if __SSP_FORTIFY_LEVEL > 0 >=C2=A0 =C2=A0 +__BEGIN_DECLS >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size= _t __len), \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 (__fd, __buf, __len)); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__ssp_redirect(ssize_t, readlink, (const char *__restrict _= _path, \ >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 char *__restrict __buf, size_t __len), (__pat= h, __buf, __len)); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, si= ze_t __len), >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 (__buf, __len), __buf !=3D 0, __ssp_bos); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +__END_DECLS >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#endif /* __SSP_FORTIFY_LEVEL > 0 */ >=C2=A0 =C2=A0 +#endif /* _SSP_UNISTD_H_ */ >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/Makefile.inc b/lib/libc/secure/= Makefile.inc >=C2=A0 =C2=A0 index 8574c5a05dc5..3b1ad879c715 100644 >=C2=A0 =C2=A0 --- a/lib/libc/secure/Makefile.inc >=C2=A0 =C2=A0 +++ b/lib/libc/secure/Makefile.inc >=C2=A0 =C2=A0 @@ -3,6 +3,17 @@ >=20 >=C2=A0 =C2=A0 .PATH: ${LIBC_SRCTOP}/secure >=20 >=C2=A0 =C2=A0 +# _FORTIFY_SOURCE >=C2=A0 =C2=A0 +SRCS+=3D=C2=A0=C2=A0=C2=A0 gets_chk.c fgets_chk.c memcpy_ch= k.c memmove_chk.c >=C2=A0 =C2=A0 memset_chk.c \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 snprintf_chk.c sprintf_chk.c stpcpy_chk.= c stpncpy_chk.c \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 strcat_chk.c strcpy_chk.c strncat_chk.c = strncpy_chk.c \ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 vsnprintf_chk.c vsprintf_chk.c >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +CFLAGS.snprintf_chk.c+=3D=C2=A0=C2=A0=C2=A0 -Wno-unused-par= ameter >=C2=A0 =C2=A0 +CFLAGS.sprintf_chk.c+=3D=C2=A0=C2=A0=C2=A0 -Wno-unused-para= meter >=C2=A0 =C2=A0 +CFLAGS.vsnprintf_chk.c+=3D=C2=A0=C2=A0=C2=A0 -Wno-unused-pa= rameter >=C2=A0 =C2=A0 +CFLAGS.vsprintf_chk.c+=3D=C2=A0=C2=A0=C2=A0 -Wno-unused-par= ameter >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 # Sources common to both syscall interfaces: >=C2=A0 =C2=A0 SRCS+=3D=C2=A0=C2=A0=C2=A0 stack_protector.c \ >=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 stack_protector_compat.c >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/Symbol.map b/lib/libc/secure/Sy= mbol.map >=C2=A0 =C2=A0 index 641f451b5421..7859fcee3821 100644 >=C2=A0 =C2=A0 --- a/lib/libc/secure/Symbol.map >=C2=A0 =C2=A0 +++ b/lib/libc/secure/Symbol.map >=C2=A0 =C2=A0 @@ -3,3 +3,21 @@ FBSD_1.0 { >=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 __stack_chk_fail; >=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 __stack_chk_guard; >=C2=A0 =C2=A0 }; >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +FBSD_1.8 { >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __gets_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __fgets_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __memcpy_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __memmove_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __memset_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __snprintf_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __sprintf_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __stpcpy_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __stpncpy_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __strcat_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __strcpy_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __strncat_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __strncpy_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __vsnprintf_chk; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 __vsprintf_chk; >=C2=A0 =C2=A0 +}; >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/fgets_chk.c b/lib/libc/secure/f= gets_chk.c >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..72aa1d816ce1 >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/lib/libc/secure/fgets_chk.c >=C2=A0 =C2=A0 @@ -0,0 +1,54 @@ >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 luk= em Exp $"); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#undef fgets >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +char * >=C2=A0 =C2=A0 +__fgets_chk(char * __restrict buf, int len, size_t slen, FI= LE *fp) >=C2=A0 =C2=A0 +{ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (slen >=3D (size_t)INT_MAX) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 return (fgets(buf, le= n, fp)); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (len >=3D 0 && (size_t)len > slen) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail(); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return (fgets(buf, len, fp)); >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/gets_chk.c b/lib/libc/secure/ge= ts_chk.c >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..18c1e2d18f43 >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/lib/libc/secure/gets_chk.c >=C2=A0 =C2=A0 @@ -0,0 +1,74 @@ >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 chri= stos Exp >=C2=A0 =C2=A0 $"); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +char *__gets_unsafe(char *); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +char * >=C2=A0 =C2=A0 +__gets_chk(char * __restrict buf, size_t slen) >=C2=A0 =C2=A0 +{ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 char *abuf; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 size_t len; >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (slen >=3D (size_t)INT_MAX) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 return (__gets_unsafe= (buf)); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if ((abuf =3D malloc(slen + 1)) =3D=3D N= ULL) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 return (__gets_unsafe= (buf)); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (fgets(abuf, (int)(slen + 1), stdin) = =3D=3D NULL) { >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 free(abuf); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 return (NULL); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 } >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 len =3D strlen(abuf); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (len > 0 && abuf[len - 1] =3D=3D '\n'= ) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 --len; >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (len >=3D slen) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail(); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 (void)memcpy(buf, abuf, len); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 buf[len] =3D '\0'; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 free(abuf); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return (buf); >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/memcpy_chk.c b/lib/libc/secure/= memcpy_chk.c >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..99cf2d5f13ff >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/lib/libc/secure/memcpy_chk.c >=C2=A0 =C2=A0 @@ -0,0 +1,53 @@ >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 jo= erg Exp $"); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#undef memcpy >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include "ssp_internal.h" >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +void * >=C2=A0 =C2=A0 +__memcpy_chk(void * __restrict dst, const void * __restrict= src, >=C2=A0 =C2=A0 size_t len, >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 size_t slen) >=C2=A0 =C2=A0 +{ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (len > slen) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail(); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (__ssp_overlap((const char *)src, (co= nst char *)dst, len)) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail(); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return (memcpy(dst, src, len)); >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/memmove_chk.c >=C2=A0 =C2=A0 b/lib/libc/secure/memmove_chk.c >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..07f965d608fc >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/lib/libc/secure/memmove_chk.c >=C2=A0 =C2=A0 @@ -0,0 +1,47 @@ >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:37:59 m= rg Exp $"); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#undef memmove >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +void * >=C2=A0 =C2=A0 +__memmove_chk(void *dst, const void *src, size_t len, >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 size_t slen) >=C2=A0 =C2=A0 +{ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (len > slen) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail(); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return (memmove(dst, src, len)); >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/memset_chk.c b/lib/libc/secure/= memset_chk.c >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..f337be98b46d >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/lib/libc/secure/memset_chk.c >=C2=A0 =C2=A0 @@ -0,0 +1,46 @@ >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 jo= erg Exp $"); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#undef memset >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +void * >=C2=A0 =C2=A0 +__memset_chk(void * __restrict dst, int val, size_t len, si= ze_t slen) >=C2=A0 =C2=A0 +{ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (len > slen) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail(); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return (memset(dst, val, len)); >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/snprintf_chk.c >=C2=A0 =C2=A0 b/lib/libc/secure/snprintf_chk.c >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..52ef874ede5b >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/lib/libc/secure/snprintf_chk.c >=C2=A0 =C2=A0 @@ -0,0 +1,56 @@ >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 + * by Christos Zoulas. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Redistribution and use in source and binary forms, with = or without >=C2=A0 =C2=A0 + * modification, are permitted provided that the following = conditions >=C2=A0 =C2=A0 + * are met: >=C2=A0 =C2=A0 + * 1. Redistributions of source code must retain the above = copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer. >=C2=A0 =C2=A0 + * 2. Redistributions in binary form must reproduce the abo= ve copyright >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 notice, this list of conditions and the fol= lowing disclaimer >=C2=A0 =C2=A0 in the >=C2=A0 =C2=A0 + *=C2=A0 =C2=A0 documentation and/or other materials provid= ed with the >=C2=A0 =C2=A0 distribution. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC.= AND >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDI= NG, BUT >=C2=A0 =C2=A0 NOT LIMITED >=C2=A0 =C2=A0 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNES= S FOR A >=C2=A0 =C2=A0 PARTICULAR >=C2=A0 =C2=A0 + * PURPOSE ARE DISCLAIMED.=C2=A0 IN NO EVENT SHALL THE FOUN= DATION OR >=C2=A0 =C2=A0 CONTRIBUTORS >=C2=A0 =C2=A0 + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >=C2=A0 =C2=A0 EXEMPLARY, OR >=C2=A0 =C2=A0 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PR= OCUREMENT OF >=C2=A0 =C2=A0 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR >=C2=A0 =C2=A0 BUSINESS >=C2=A0 =C2=A0 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY, >=C2=A0 =C2=A0 WHETHER IN >=C2=A0 =C2=A0 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENC= E OR >=C2=A0 =C2=A0 OTHERWISE) >=C2=A0 =C2=A0 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN= IF >=C2=A0 =C2=A0 ADVISED OF THE >=C2=A0 =C2=A0 + * POSSIBILITY OF SUCH DAMAGE. >=C2=A0 =C2=A0 + */ >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 = martin >=C2=A0 =C2=A0 Exp $"); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +#include >=C2=A0 =C2=A0 +#undef vsnprintf >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +int >=C2=A0 =C2=A0 +__snprintf_chk(char * __restrict buf, size_t len, int flags= , size_t >=C2=A0 =C2=A0 slen, >=C2=A0 =C2=A0 +=C2=A0 =C2=A0 const char * __restrict fmt, ...) >=C2=A0 =C2=A0 +{ >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 va_list ap; >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 int rv; >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 if (len > slen) >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 __chk_fail(); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 va_start(ap, fmt); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 rv =3D vsnprintf(buf, len, fmt, ap); >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 va_end(ap); >=C2=A0 =C2=A0 + >=C2=A0 =C2=A0 +=C2=A0=C2=A0=C2=A0 return (rv); >=C2=A0 =C2=A0 +} >=C2=A0 =C2=A0 diff --git a/lib/libc/secure/sprintf_chk.c >=C2=A0 =C2=A0 b/lib/libc/secure/sprintf_chk.c >=C2=A0 =C2=A0 new file mode 100644 >=C2=A0 =C2=A0 index 000000000000..d4c42ccba3ce >=C2=A0 =C2=A0 --- /dev/null >=C2=A0 =C2=A0 +++ b/lib/libc/secure/sprintf_chk.c >=C2=A0 =C2=A0 @@ -0,0 +1,61 @@ >=C2=A0 =C2=A0 +/*- >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * SPDX-License-Identifier: BSD-2-Clause >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * Copyright (c) 2006 The NetBSD Foundation, Inc. >=C2=A0 =C2=A0 + * All rights reserved. >=C2=A0 =C2=A0 + * >=C2=A0 =C2=A0 + * This code is derived from software contributed to The Ne= tBSD >=C2=A0 =C2=A0 Foundation >=C2=A0 =C2=A0 *** 1063 LINES SKIPPED *** >=20 >=20 =20 ------=_Part_1357399_2058372477.1716093599883 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
=
FWIW .. and let me be clear = I haven't worked on this in ages and I am not planning to retake this eithe= r...

clang just couldn't do the static  fortify_sour= ce checks  d= ue to the way llvm uses an intermediate representation; the size just could= n't be handled in the preprocessor. Google did spend some time adding extra= attributes to clang to improve the debugging and you can see that implemen= ted in bionic libc but that was it. musl didn't even try.

fortify_source does replace some key libc functions with memory checking a= lternatives and that turns out to be annoying when debugging. In a way it b= reaks that principle C programmers once had, where developers are expected = to know what they are doing, and if the error is caught at runtime by the s= tack protector anyways it ends up being redundant.

One mo= re thing about the static checks. Most of the linux distributions out there= indeed have built their software packages with GCC and fortify_source >= =3D2. As a consequence, when we ran an exp-run on the ports tree (with GCC)= , fortify_source didn't find anything: it was basically a waste of time.

Another reason for not setting it by default is performance= . And here I answer Shawn's comment on why not enable stack-protector-all a= nd safestack and fortify_source at the same time: running unnecessary check= s over and over again wastes energy and can have some performance hit. The = later may seem negligible in modern processors, but why do them if they bri= ng no benefit? (No need to answer ... just left as food for thought)
<= div dir=3D"ltr" data-setdir=3D"false">
Pedro.

=20
=20
On Saturday, May 18, 2024 at 09:08:52 PM GMT-5, Kyl= e Evans <kevans@freebsd.org> wrote:


=20 =20


=
On 5/18/24 20:09, Pedro Giffuni wrote:
> (sorry for top posting .. my mailer just sucks)
> Hi;
>
> I used to like the limited static checking FORTIFY_SOURCE provide= s and
> when I ran it over FreeBSD it did fin= d a couple of minor issues. It only
> works f= or GCC though.
>
I don't think this is particularly true anymore; I= haven't found a case
yet where __builtin_object= _size(3) doesn't give me the correct size
while = GCC did.  I'd welcome counter-examples here, though -- we have
funding to both finish the project (widen the _FORTIFY_= SOURCE net to
more of libc/libsys) and add tests= to demonstrate that it's both
functional and co= rrect.  It would be useful to also document
deficiencies in the tests.

> I guess it doesn't really hurt to have FORTIFY_SOURCE around and= NetBSD
> had the least intrusive implementat= ion the last time I checked but I
> would cer= tainly request it should never be activated by default,
> specially with clang. The GCC version has seen more developme= nt on glibc
> but I still think its a dead en= d.
>

I don't see a compelling reason to avoid enabling it by defaul= t; see
above, the functionality that we need in = clang appears to be just fine
(and, iirc, was al= so fine when I checked at the beginning of working on
this in 2021) and it provides useful

> What I would like to see working on FreeBSD is Sa= festack as a
> replacement for the stack prot= ector, which we were so very slow to adopt
> = even when it was originally developed in FreeBSD. I think other projects
> based on FreeBSD (Chimera and hardenedBSD) ha= ve been using it but I
> don't know the detai= ls.
>

No comment there, though I think Shawn Webb / HardenedBSD had= been
playing around with SafeStack (and might h= ave enabled it? I haven't
actually looked in a w= hile now).

> This i= s just all my $0.02
>
> Pedro.

Thanks,=

Kyle Evans
<= div dir=3D"ltr">
>
= > On Saturday, May 18, 2024 at 05:54:42 PM GMT-5, Kyle Evans
<= div dir=3D"ltr">> <kaevans@fastmail.com> wrote:
>
>
>
>
> On Ma= y 18, 2024 13:42, Pedro Giffuni <pfg@freebsd.org> wrote:
>
>    Oh no .. p= lease not...
>
>=     We went into that in a GSoC:
> =
>    https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurit= yExtensions <https://wik= i.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions>
>
>
>    Ultimately it proved to be useless since stack-= protector-strong.
>
>
> Respectfully, I disagree with your co= nclusion here:
>
&g= t; 1.) _FORTIFY_SOURCE provides more granular detection of overflow; I
=
> don't have to overflow all the way into the can= ary at the end of the
> frame to be detected,= so my minor bug now can be caught before something
> causes the stack frame to be rearranged and turn it into a securit= y
> issue later
>= ;
> 2.) __builtin_object_size doesn't work on= heap objects, but it actually
> can work on = subobjects from a heap allocation (e.g., &foo->name), so the
> coverage extends beyond the stack into starting to= detect other kinds of
> overflow
>
> While the security valu= e over stack-protector-strong may be marginal (I
> won't debate this specifically), the feature still has value in gener= al.
>
> Thanks,<= br>
>
> Kyle Evans
>
>    = The NetBSD code was not well adapted to clang either.
>
>    Ask me more if you= really want to dig into it, but we don't want this.
>
>    Pedro.
>
>
>    On Monday, May 13, 2024 at 12:24:13 AM GMT-5, Kyle Eva= ns
>    <kevans@freebsd.org>= ; wrote:
>
>
>    The branch main has been updated= by kevans:
>
>&= nbsp;   URL:
>
>    commit be04fec4= 2638f30f50b5b55fd8e3634c0fb89928
>   = ; Author:    Kyle Evans <kevans@FreeBSD.org <mailto:keva= ns@FreeBSD.org>>
>    AuthorD= ate: 2024-05-13 05:23:49 +0000
>    = Commit:    Kyle Evans <kevans@FreeBSD.org <mailto:kevans= @FreeBSD.org>>
>    CommitDat= e: 2024-05-13 05:23:49 +0000
>
>          Import _FORTIFY_SOURCE i= mplementation from NetBSD
>
>          This is a mostly-unmodified= copy of the various *_chk
>    imp= lementations
>        &nbs= p; and headers from NetBSD, without yet modifying system headers
<= div dir=3D"ltr">>    to start
>&= nbsp;         actually including them.  A future c= ommit will also apply the
>    need= ed
>          bits to= fix ssp/unistd.h.
>
>          Reviewed by:    imp, pau= amma_gundo.com (both previous
>    = versions), kib
>        &n= bsp; Sponsored by:  Stormshield
>  &= nbsp;       Sponsored by:  Klara, Inc.
>          Differential Revision: https://reviews.freebsd.org/D32306
>&n= bsp;   <https://reviews.freebsd.org/D32306>
>    ---
>&nbs= p;   etc/mtree/BSD.include.dist        |  2 = +
>    include/Makefile   = ;               |  2 +-
>    include/ssp/Makefile      =         |  6 ++
>&nbs= p;   include/ssp/ssp.h             = ;     |  91 ++++++++++++++++++++++++++
>    include/ssp/stdio.h        &nbs= p;       |  93 ++++++++++++++++++++++++++
>    include/ssp/string.h      &n= bsp;       | 129
>   = ++++++++++++++++++++++++++++++++++++
> =   include/ssp/strings.h            &nb= sp; |  67 +++++++++++++++++++
>  &nb= sp; include/ssp/unistd.h              |=   54 +++++++++++++++
>    lib/= libc/secure/Makefile.inc      |  11 ++++
>    lib/libc/secure/Symbol.map    &nbs= p;   |  18 +++++
>    lib= /libc/secure/fgets_chk.c        |  54 ++++++++++++= +++
>    lib/libc/secure/gets_chk.c=         |  74 +++++++++++++++++++++
>    lib/libc/secure/memcpy_chk.c    &n= bsp; |  53 +++++++++++++++
>   = lib/libc/secure/memmove_chk.c      |  47 ++++++++++++= +
>    lib/libc/secure/memset_chk.c=       |  46 +++++++++++++
>= ;    lib/libc/secure/snprintf_chk.c    |  56 ++++= ++++++++++++
>    lib/libc/secure/s= printf_chk.c      |  61 +++++++++++++++++
>    lib/libc/secure/ssp_internal.h   = |  37 +++++++++++
>    lib/li= bc/secure/stpcpy_chk.c      |  55 ++++++++++++++++
<= /div>
>    lib/libc/secure/stpncpy_chk.c = ;     |  53 +++++++++++++++
>&n= bsp;   lib/libc/secure/strcat_chk.c      |  60 ++= +++++++++++++++
>    lib/libc/secur= e/strcpy_chk.c      |  54 +++++++++++++++
>    lib/libc/secure/strncat_chk.c    =   |  70 ++++++++++++++++++++
> =   lib/libc/secure/strncpy_chk.c      |  53 +++++= ++++++++++
>    lib/libc/secure/vsn= printf_chk.c    |  49 ++++++++++++++
>    lib/libc/secure/vsprintf_chk.c    |  5= 8 ++++++++++++++++
>    lib/libssp/= Makefile                |  20 = +++++-
>    lib/libssp/Symbol.map&n= bsp;             |  12 ++--
>    lib/libssp/Versions.def     = ;       |  5 ++
>  &n= bsp; lib/libssp/__builtin_object_size.3 | 110 ++++++++++++++++++++++++++++= +++
>    lib/libssp/fortify_stubs.c=         | 131
>  &nbs= p; -------------------------------------
>&nb= sp;   lib/libssp/ssp.3             = ;     | 130
>    ++++++++= ++++++++++++++++++++++++++++
>    3= 2 files changed, 1621 insertions(+), 140 deletions(-)
>
>    diff --git a/etc/mt= ree/BSD.include.dist b/etc/mtree/BSD.include.dist
>    index a6bd5880bf61..f8c83d6dde7a 100644
>    --- a/etc/mtree/BSD.include.dist
>    +++ b/etc/mtree/BSD.include.dist
=
>    @@ -372,6 +372,8 @@
>              mac_veriexec<= br>
>            &nb= sp; ..
>          ..<= br>
>    +    ssp
>    +    ..
>          sys
>= ;              disk
>              ..
>    diff --git a/include/Makefile b/include/Mak= efile
>    index 19e6beb95203..3277= 4419f162 100644
>    --- a/include/= Makefile
>    +++ b/include/Makefil= e
>    @@ -4,7 +4,7 @@
>
>    PACKAGE=3D= clibs
>    CLEANFILES=3D osreldate.= h version
>    -SUBDIR=3D arpa prot= ocols rpcsvc rpc xlocale
>    +SUBD= IR=3D arpa protocols rpcsvc rpc ssp xlocale
>&= nbsp;   .if ${MACHINE_CPUARCH} =3D=3D "amd64"
>    SUBDIR+=3D        i386<= br>
>    INCLUDE_SUBDIRS+=3D  = ;  i386
>    diff --git a/incl= ude/ssp/Makefile b/include/ssp/Makefile
> = ;   new file mode 100644
>    = index 000000000000..dff19f43c920
>  &nbs= p; --- /dev/null
>    +++ b/includ= e/ssp/Makefile
>    @@ -0,0 +1,6 @@=
>    +# $FreeBSD$
>    +
>    = +INCS=3D    ssp.h stdio.h string.h strings.h unistd.h
>    +INCSDIR=3D    ${INC= LUDEDIR}/ssp
>    +
>    +.include <bsd.prog.mk>
>    diff --git a/include/ssp/ssp.h b/include/ssp/= ssp.h
>    new file mode 100644
=
>    index 000000000000..35a9aeee02df<= br>
>    --- /dev/null
>    +++ b/include/ssp/ssp.h
>    @@ -0,0 +1,91 @@
> = ;   +/*    $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 p= lunky Exp $    */
>   = ; +
>    +/*-
>    + *
>    += * SPDX-License-Identifier: BSD-2-Clause
>&nbs= p;   + *
>    + * Copyright (= c) 2006, 2011 The NetBSD Foundation, Inc.
>&nb= sp;   + * All rights reserved.
>  &= nbsp; + *
>    + * This code is de= rived from software contributed to The NetBSD
>= ;    Foundation
>    + *= by Christos Zoulas.
>    + *
>    + * Redistribution and use in sourc= e and binary forms, with or without
>  &n= bsp; + * modification, are permitted provided that the following condition= s
>    + * are met:
>    + * 1. Redistributions of source code must re= tain the above copyright
>    + *&n= bsp;   notice, this list of conditions and the following disclaimer.
>    + * 2. Redistributions in binar= y form must reproduce the above copyright
>&nb= sp;   + *    notice, this list of conditions and the follow= ing disclaimer
>    in the
>    + *    documentation and/or = other materials provided with the
>  &nbs= p; distribution.
>    + *
>    + * THIS SOFTWARE IS PROVIDED BY THE N= ETBSD FOUNDATION, INC. AND
>    CON= TRIBUTORS
>    + * ``AS IS'' AND AN= Y EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
&= gt;    NOT LIMITED
>    = + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
>    PARTICULAR
= >    + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE = FOUNDATION OR
>    CONTRIBUTORS
=
>    + * BE LIABLE FOR ANY DIRECT, IND= IRECT, INCIDENTAL, SPECIAL,
>    EX= EMPLARY, OR
>    + * CONSEQUENTIAL = DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>    + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DAT= A, OR PROFITS; OR
>    BUSINESS
=
>    + * INTERRUPTION) HOWEVER CAUSED = AND ON ANY THEORY OF LIABILITY,
>   = WHETHER IN
>    + * CONTRACT, STR= ICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
&= gt;    OTHERWISE)
>    += * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
>    ADVISED OF THE
&= gt;    + * POSSIBILITY OF SUCH DAMAGE.
>    + */
>    +#ifn= def _SSP_SSP_H_
>    +#define _SSP_= SSP_H_
>    +
>    +#include <sys/cdefs.h>
>    +
>    +#if= !defined(__cplusplus)
>    +# if d= efined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \
<= /div>
>    +    (__OPTIMIZE__ > = 0 || defined(__clang__))
>    +#&nb= sp; if _FORTIFY_SOURCE > 1
>    = +#  define __SSP_FORTIFY_LEVEL 2
>  =   +#  else
>    +# = define __SSP_FORTIFY_LEVEL 1
>    = +#  endif
>    +# else
>    +#  define __SSP_FORTIFY_LEVEL 0=
>    +# endif
>    +#else
>   = +# define __SSP_FORTIFY_LEVEL 0
>  &nbs= p; +#endif
>    +
>    +#define    __ssp_var(type)&nbs= p;   __CONCAT(__ssp_ ## type, __COUNTER__)
>    +
>    +/* _= _ssp_real is used by the implementation in libc */
>    +#if __SSP_FORTIFY_LEVEL =3D=3D 0
>    +#define __ssp_real_(fun)    fun
>    +#else
>    +#define __ssp_real_(fun)    __ssp_real_= ## fun
>    +#endif
>    +#define __ssp_real(fun)    &= nbsp;   __ssp_real_(fun)
>  &nb= sp; +
>    +#define __ssp_inline s= tatic __inline __attribute__((__always_inline__))
>    +
>    +#define= __ssp_bos(ptr) __builtin_object_size(ptr,
>&n= bsp;   __SSP_FORTIFY_LEVEL > 1)
>&nbs= p;   +#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)
=
>    +
>  =   +#define __ssp_check(buf, len, bos) \
>= ;    +    if (bos(buf) !=3D (size_t)-1 &&= len > bos(buf)) \
>    + &= nbsp;      __chk_fail()
>&= nbsp;   +#define __ssp_redirect_raw(rtype, fun, symbol, args, call, c= ond, bos) \
>    +rtype __ssp_real_= (fun) args __RENAME(symbol); \
>    = +__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \
>    +__ssp_inline rtype fun args { \
>    +    if (cond) \
=
>    +      &= nbsp; __ssp_check(__buf, __len, bos); \
> = ;   +    return __ssp_real_(fun) call; \
>    +}
>  &nb= sp; +
>    +#define __ssp_redirect= (rtype, fun, args, call) \
>    +&n= bsp;   __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos)
>    +#define __ssp_redirect0(rtype,= fun, args, call) \
>    +  &n= bsp; __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)
>    +
> = ;   +__BEGIN_DECLS
>    +void= __stack_chk_fail(void) __dead2;
>   = ; +void __chk_fail(void) __dead2;
>  &nb= sp; +__END_DECLS
>    +
<= div dir=3D"ltr">>    +#endif /* _SSP_SSP_H_ */
>    diff --git a/include/ssp/stdio.h b/include/s= sp/stdio.h
>    new file mode 10064= 4
>    index 000000000000..72e3236e= ac80
>    --- /dev/null
>    +++ b/include/ssp/stdio.h
>    @@ -0,0 +1,93 @@
&g= t;    +/*    $NetBSD: stdio.h,v 1.5 2011/07/17 20= :54:34 joerg Exp $    */
> = ;   +
>    +/*-
>    + *
>  &n= bsp; + * SPDX-License-Identifier: BSD-2-Clause
&= gt;    + *
>    + * Copy= right (c) 2006 The NetBSD Foundation, Inc.
>&n= bsp;   + * All rights reserved.
>  =   + *
>    + * This code is d= erived from software contributed to The NetBSD
&g= t;    Foundation
>    + = * by Christos Zoulas.
>    + *
<= /div>
>    + * Redistribution and use in sour= ce and binary forms, with or without
>  &= nbsp; + * modification, are permitted provided that the following conditio= ns
>    + * are met:
>    + * 1. Redistributions of source code must r= etain the above copyright
>    + *&= nbsp;   notice, this list of conditions and the following disclaimer.<= br>
>    + * 2. Redistributions in bina= ry form must reproduce the above copyright
>&n= bsp;   + *    notice, this list of conditions and the follo= wing disclaimer
>    in the
>    + *    documentation and/or= other materials provided with the
>  &nb= sp; distribution.
>    + *
>    + * THIS SOFTWARE IS PROVIDED BY THE = NETBSD FOUNDATION, INC. AND
>    CO= NTRIBUTORS
>    + * ``AS IS'' AND A= NY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
= >    NOT LIMITED
>    = + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
>    PARTICULAR
>    + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE= FOUNDATION OR
>    CONTRIBUTORS
>    + * BE LIABLE FOR ANY DIRECT, IN= DIRECT, INCIDENTAL, SPECIAL,
>    E= XEMPLARY, OR
>    + * CONSEQUENTIAL= DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>    + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, = DATA, OR PROFITS; OR
>    BUSINESS<= br>
>    + * INTERRUPTION) HOWEVER CAUS= ED AND ON ANY THEORY OF LIABILITY,
>  &nb= sp; WHETHER IN
>    + * CONTRACT, = STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
>    OTHERWISE)
>   = + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
=
>    ADVISED OF THE
>    + * POSSIBILITY OF SUCH DAMAGE.
>    + */
>    +#= ifndef _SSP_STDIO_H_
>    +#define = _SSP_STDIO_H_
>    +
>    +#include <ssp/ssp.h>
>    +
>    = +__BEGIN_DECLS
>    +int __sprintf= _chk(char *__restrict, int, size_t, const char
&g= t;    *__restrict, ...)
>  &nb= sp; +    __printflike(4, 5);
> = ;   +int __vsprintf_chk(char *__restrict, int, size_t, const char
=
>    *__restrict,
>    +    __va_list)
>    +    __printflike(4, 0);
>    +int __snprintf_chk(char *__restrict, size_t, i= nt, size_t,
>    +    con= st char *__restrict, ...)
>    +&nb= sp;   __printflike(5, 6);
>    = +int __vsnprintf_chk(char *__restrict, size_t, int, size_t,
>    +    const char *__restrict, __va_= list)
>    +    __printfl= ike(5, 0);
>    +char *__gets_chk(c= har *, size_t);
>    +char *__fgets= _chk(char *, int, size_t, FILE *);
>  &nb= sp; +__END_DECLS
>    +
<= div dir=3D"ltr">>    +#if __SSP_FORTIFY_LEVEL > 0
>    +
> =   +#define sprintf(str, ...) ({    \
>    +    char *_ssp_str =3D (str); =    \
>    +    = __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),   =     \
>    +  =       __VA_ARGS__); \
>  &= nbsp; +})
>    +
>    +#define vsprintf(str, fmt, ap) ({  &= nbsp; \
>    +    char *_= ssp_str =3D (str);        \
>    +    __builtin___vsprintf_chk(_ssp_st= r, 0, __ssp_bos(_ssp_str),
>    fmt= ,    \
>    +  =       ap);          =       \
>    +}= )
>    +
= >    +#define snprintf(str, len, ...) ({    \<= br>
>    +    char *_ssp_str = =3D (str);        \
>    +    __builtin___snprintf_chk(_ssp_str, len, = 0,
>    __ssp_bos(_ssp_str), &= nbsp;  \
>    +    &= nbsp;   __VA_ARGS__);          = ;  \
>    +})
>    +
>    = +#define vsnprintf(str, len, fmt, ap) ({    \
>    +    char *_ssp_str =3D (str);&nb= sp;       \
>  &= nbsp; +    __builtin___vsnprintf_chk(_ssp_str, len, 0,
=
>    __ssp_bos(_ssp_str),    = \
>    +       = fmt, ap);            \
>    +})
>&n= bsp;   +
>    +#define gets(s= tr) ({            \
<= div dir=3D"ltr">>    +  char *_ssp_str =3D (str); &= nbsp;      \
>   = ; +    __gets_chk(_ssp_str, __ssp_bos(_ssp_str));  &nb= sp; \
>    +})
>    +
>    +#d= efine fgets(str, len, fp) ({        \
>    +    char *_ssp_str =3D (st= r);        \
>&n= bsp;   +    __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str),= fp);    \
>    +})<= br>
>    +
&g= t;    +#endif /* __SSP_FORTIFY_LEVEL > 0 */
>    +
>    = +#endif /* _SSP_STDIO_H_ */
>    di= ff --git a/include/ssp/string.h b/include/ssp/string.h
>    new file mode 100644
>= ;    index 000000000000..996020fda778
= >    --- /dev/null
>   = ; +++ b/include/ssp/string.h
>    = @@ -0,0 +1,129 @@
>    +/* &nb= sp;  $NetBSD: string.h,v 1.14 2020/09/05 13:37:59 mrg Exp $  = ;  */
>    +
>    +/*-
>   = ; + *
>    + * SPDX-License-Identi= fier: BSD-2-Clause
>    + *
>    + * Copyright (c) 2006 The NetBSD Fou= ndation, Inc.
>    + * All rights r= eserved.
>    + *
>    + * This code is derived from software contribu= ted to The NetBSD
>    Foundation
>    + * by Christos Zoulas.
>    + *
>&nb= sp;   + * Redistribution and use in source and binary forms, with or = without
>    + * modification, are = permitted provided that the following conditions
= >    + * are met:
>   = + * 1. Redistributions of source code must retain the above copyright
=
>    + *    notice, this lis= t of conditions and the following disclaimer.
>= ;    + * 2. Redistributions in binary form must reproduce the ab= ove copyright
>    + *   = notice, this list of conditions and the following disclaimer
>    in the
> =   + *    documentation and/or other materials provided wit= h the
>    distribution.
<= div dir=3D"ltr">>    + *
> =   + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
>    CONTRIBUTORS
>    + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRAN= TIES, INCLUDING, BUT
>    NOT LIMIT= ED
>    + * TO, THE IMPLIED WARRANT= IES OF MERCHANTABILITY AND FITNESS FOR A
>&nbs= p;   PARTICULAR
>    + * PURP= OSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR
>    CONTRIBUTORS
>=     + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,=
>    EXEMPLARY, OR
>    + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT= LIMITED TO, PROCUREMENT OF
>    + = * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
=
>    BUSINESS
>=     + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL= ITY,
>    WHETHER IN
>    + * CONTRACT, STRICT LIABILITY, OR TORT (INC= LUDING NEGLIGENCE OR
>    OTHERWISE= )
>    + * ARISING IN ANY WAY OUT O= F THE USE OF THIS SOFTWARE, EVEN IF
>  &n= bsp; ADVISED OF THE
>    + * POSSI= BILITY OF SUCH DAMAGE.
>    + */
>    +#ifndef _SSP_STRING_H_
>    +#define _SSP_STRING_H_
>    +
>   = ; +#include <ssp/ssp.h>
>    = +
>    +__BEGIN_DECLS
>    +void *__memcpy_chk(void *, const void *, = size_t, size_t);
>    +void *__memm= ove_chk(void *, const void *, size_t, size_t);
&g= t;    +void *__memset_chk(void *, int, size_t, size_t);
>    +char *__stpcpy_chk(char *, const char= *, size_t);
>    +char *__stpncpy_= chk(char *, const char *, size_t, size_t);
>&n= bsp;   +char *__strcat_chk(char *, const char *, size_t);
>    +char *__strcpy_chk(char *, const char *,= size_t);
>    +char *__strncat_chk= (char *, const char *, size_t, size_t);
> = ;   +char *__strncpy_chk(char *, const char *, size_t, size_t);
>    +__END_DECLS
>    +
>    +#if = __SSP_FORTIFY_LEVEL > 0
>    +
>    +#define __ssp_bos_check3_typed= _var(fun, dsttype, dsrvar, dst,
>   = srctype, srcvar, \
>    +  &= nbsp; src, lenvar, len) ({          = ;      \
>    +=     srctype srcvar =3D (src);       = ;         \
>&nb= sp;   +    dsttype dstvar =3D (dst);    &nbs= p;           \
>    +    size_t lenvar =3D (len);  = ;              \
>    +    ((__ssp_bos0(dstvar) != =3D (size_t)-1) ?        \
>    +    __builtin___ ## fun ## _chk(dstv= ar, srcvar, lenvar,    \
> = ;   +        __ssp_bos0(dstvar)) :  &nb= sp;             \
>    +    __ ## fun ## _ichk(dstvar, = srcvar, lenvar));    \
>  =   +})
>    +
>    +#define __ssp_bos_check3_typed(fun, dsttype, = dst, srctype, src,
>    len) &= nbsp;  \
>    +    _= _ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), dst,  &n= bsp; \
>    +      &= nbsp; srctype, __ssp_var(srcv), src, __ssp_var(lenv), len)
>    +
>    = +#define __ssp_bos_check3(fun, dst, src, len)     &nbs= p;  \
>    +    __ss= p_bos_check3_typed_var(fun, void *, __ssp_var(dstv), dst,   = \
>    +       = ; const void *, __ssp_var(srcv), src, __ssp_var(lenv), len)
>    +
>   = +#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src) ({ &nbs= p;      \
>    = +    const void *srcvar =3D (src);      =           \
&g= t;    +    void *dstvar =3D (dst);    &= nbsp;           \
>    +    ((__ssp_bos0(dstvar) !=3D (size_= t)-1) ?        \
&g= t;    +    __builtin___ ## fun ## _chk(dstvar, srcvar,=         \
> = ;   +        __ssp_bos0(dstvar)) :  &nb= sp;             \
>    +    __ ## fun ## _ichk(dstvar, = srcvar));        \
= >    +})
>    +
>    +#define __ssp_bos_check2(fun, dst,= src)            \
>    +    __ssp_bos_check2_var(fun, = __ssp_var(dstv), dst,
>    __ssp_va= r(srcv), src)
>    +
>    +#define __ssp_bos_icheck3_restrict(fun, typ= e1, type2) \
>    +static __inline = type1 __ ## fun ## _ichk(type1 __restrict, type2
= >    __restrict, size_t); \
>&nb= sp;   +static __inline __attribute__((__always_inline__)) type1 \
=
>    +__ ## fun ## _ichk(type1 __restr= ict dst, type2 __restrict src,
>    = size_t len) { \
>    +  =   return __builtin___ ## fun ## _chk(dst, src, len,
>    __ssp_bos0(dst)); \
&= gt;    +}
>    +
>    +#define __ssp_bos_icheck3(fun, type1= , type2) \
>    +static __inline ty= pe1 __ ## fun ## _ichk(type1, type2, size_t); \
&= gt;    +static __inline __attribute__((__always_inline__)) type1= \
>    +__ ## fun ## _ichk(type1 d= st, type2 src, size_t len) { \
>    = +    return __builtin___ ## fun ## _chk(dst, src, len,
<= /div>
>    __ssp_bos0(dst)); \
>    +}
>  &nbs= p; +
>    +#define __ssp_bos_ichec= k2_restrict(fun, type1, type2) \
>   = ; +static __inline type1 __ ## fun ## _ichk(type1, type2); \
>    +static __inline __attribute__((__always_in= line__)) type1 \
>    +__ ## fun ##= _ichk(type1 __restrict dst, type2 __restrict src) { \
>    +    return __builtin___ ## fun ## = _chk(dst, src, __ssp_bos0(dst)); \
>  &nb= sp; +}
>    +
>    +__BEGIN_DECLS
> = ;   +__ssp_bos_icheck3_restrict(memcpy, void *, const void *)
>    +__ssp_bos_icheck3(memmove, void *, c= onst void *)
>    +__ssp_bos_icheck= 3(memset, void *, int)
>    +__ssp_= bos_icheck2_restrict(stpcpy, char *, const char *)
>    +__ssp_bos_icheck3_restrict(stpncpy, char *, const cha= r *)
>    +__ssp_bos_icheck2_restri= ct(strcpy, char *, const char *)
>   = ; +__ssp_bos_icheck2_restrict(strcat, char *, const char *)
>    +__ssp_bos_icheck3_restrict(strncpy, char *,= const char *)
>    +__ssp_bos_iche= ck3_restrict(strncat, char *, const char *)
>&= nbsp;   +__END_DECLS
>    +
>    +#define memcpy(dst, src, len) = __ssp_bos_check3(memcpy, dst, src, len)
> = ;   +#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, sr= c, len)
>    +#define memset(dst, v= al, len) \
>    +    __ss= p_bos_check3_typed(memset, void *, dst, int, val, len)
>    +#define stpcpy(dst, src) __ssp_bos_check2(stpcpy,= dst, src)
>    +#define stpncpy(ds= t, src, len) __ssp_bos_check3(stpncpy, dst, src, len)
>    +#define strcpy(dst, src) __ssp_bos_check2(strcpy, = dst, src)
>    +#define strcat(dst,= src) __ssp_bos_check2(strcat, dst, src)
>&nbs= p;   +#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, s= rc, len)
>    +#define strncat(dst,= src, len) __ssp_bos_check3(strncat, dst, src, len)
>    +
>    +#endi= f /* __SSP_FORTIFY_LEVEL > 0 */
>  &nb= sp; +#endif /* _SSP_STRING_H_ */
>  &nbs= p; diff --git a/include/ssp/strings.h b/include/ssp/strings.h
>    new file mode 100644
>    index 000000000000..06c9c7cc0a09
>    --- /dev/null
>&nb= sp;   +++ b/include/ssp/strings.h
> = ;   @@ -0,0 +1,67 @@
>    +/*=     $NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp = $    */
>    +
>    +/*-
>=     + *
>    + * SPDX-Li= cense-Identifier: BSD-2-Clause
>    = + *
>    + * Copyright (c) 2007 Th= e NetBSD Foundation, Inc.
>    + * = All rights reserved.
>    + *
>    + * This code is derived from softw= are contributed to The NetBSD
>    = Foundation
>    + * by Christos Zou= las.
>    + *
>    + * Redistribution and use in source and binary for= ms, with or without
>    + * modifi= cation, are permitted provided that the following conditions
>    + * are met:
>&= nbsp;   + * 1. Redistributions of source code must retain the above c= opyright
>    + *    noti= ce, this list of conditions and the following disclaimer.
>    + * 2. Redistributions in binary form must repr= oduce the above copyright
>    + *&= nbsp;   notice, this list of conditions and the following disclaimer
>    in the
>    + *    documentation and/or other materials = provided with the
>    distribution= .
>    + *
>    + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION= , INC. AND
>    CONTRIBUTORS
>    + * ``AS IS'' AND ANY EXPRESS OR IMP= LIED WARRANTIES, INCLUDING, BUT
>   = NOT LIMITED
>    + * TO, THE IMPL= IED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
>    PARTICULAR
>   = ; + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR
>    CONTRIBUTORS
>    + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDEN= TAL, SPECIAL,
>    EXEMPLARY, OR
>    + * CONSEQUENTIAL DAMAGES (INCLU= DING, BUT NOT LIMITED TO, PROCUREMENT OF
>&nbs= p;   + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;= OR
>    BUSINESS
>    + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THE= ORY OF LIABILITY,
>    WHETHER IN
>    + * CONTRACT, STRICT LIABILITY,= OR TORT (INCLUDING NEGLIGENCE OR
>  &nbs= p; OTHERWISE)
>    + * ARISING IN = ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
= >    ADVISED OF THE
>  &nbs= p; + * POSSIBILITY OF SUCH DAMAGE.
>  &n= bsp; + */
>    +#ifndef _SSP_STRIN= GS_H_
>    +#define _SSP_STRINGS_H_=
>    +
&= gt;    +#include <ssp/ssp.h>
>= ;    +#include <string.h>
>&n= bsp;   +
>    +#if __SSP_FORT= IFY_LEVEL > 0
>    +
>    +#define _ssp_bcopy(srcvar, src, dstvar, = dst, lenvar,  len) ({    \
&g= t;    +    const void *srcvar =3D (src);  &n= bsp;         \
>=     +    void *dstvar =3D (dst);    &nb= sp;       \
>  &= nbsp; +    size_t lenvar =3D (len);     &nbs= p;      \
>    = +    ((__ssp_bos0(dstvar) !=3D (size_t)-1) ?    \<= br>
>    +    __builtin___mem= move_chk(dstvar, srcvar, lenvar,    \
>    +        __ssp_bos0(dstvar)) :&n= bsp;           \
>    +    __memmove_ichk(dstvar, srcvar, l= envar));    \
>    += })
>    +
>    +#define    bcopy(src, dst, len) &n= bsp;          \
>    +    _ssp_bcopy(__ssp_var(srcv), src, __ssp_= var(dstv), dst,
>    __ssp_var(lenv= ), len)
>    +
>    +#define _ssp_bzero(dstvar, dst, lenvar, len) ({&n= bsp;       \
>  =   +    void *dstvar =3D (dst);     &nbs= p;      \
>    = +    size_t lenvar =3D (len);       = ;     \
>    + =   ((__ssp_bos0(dstvar) !=3D (size_t)-1) ?    \
>    +    __builtin___memset_chk= (dstvar, 0, lenvar,    \
> = ;   +        __ssp_bos0(dstvar)) : \
>    +    __memset_ichk(dstvar, 0, le= nvar));        \
&g= t;    +})
>    +
>    +#define    bzero(dst,= len)    _ssp_bzero(__ssp_var(dstv), dst,
>    __ssp_var(lenv), len)
>    +
>    +#endif = /* __SSP_FORTIFY_LEVEL > 0 */
>   = ; +#endif /* _SSP_STRINGS_H_ */
>   = ; diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h
>    new file mode 100644
>    index 000000000000..2414e2baa96b
>    --- /dev/null
>  =   +++ b/include/ssp/unistd.h
>  &nb= sp; @@ -0,0 +1,54 @@
>    +/* = ;   $NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $ =    */
>    +
>    +/*-
>  =   + *
>    + * SPDX-License-I= dentifier: BSD-2-Clause
>    + *
>    + * Copyright (c) 2006 The NetBS= D Foundation, Inc.
>    + * All rig= hts reserved.
>    + *
>    + * This code is derived from software con= tributed to The NetBSD
>    Foundat= ion
>    + * by Christos Zoulas.
>    + *
&g= t;    + * Redistribution and use in source and binary forms, wit= h or without
>    + * modification,= are permitted provided that the following conditions
>    + * are met:
>  &= nbsp; + * 1. Redistributions of source code must retain the above copyrigh= t
>    + *    notice, thi= s list of conditions and the following disclaimer.
>    + * 2. Redistributions in binary form must reproduce t= he above copyright
>    + *  &= nbsp; notice, this list of conditions and the following disclaimer
>    in the
>&= nbsp;   + *    documentation and/or other materials provide= d with the
>    distribution.
>    + *
>&= nbsp;   + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. = AND
>    CONTRIBUTORS
>    + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WA= RRANTIES, INCLUDING, BUT
>    NOT L= IMITED
>    + * TO, THE IMPLIED WAR= RANTIES OF MERCHANTABILITY AND FITNESS FOR A
>=     PARTICULAR
>    + * = PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR
=
>    CONTRIBUTORS
= >    + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPEC= IAL,
>    EXEMPLARY, OR
>    + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT= NOT LIMITED TO, PROCUREMENT OF
>   = + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
>    BUSINESS
= >    + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LI= ABILITY,
>    WHETHER IN
<= div dir=3D"ltr">>    + * CONTRACT, STRICT LIABILITY, OR TORT = (INCLUDING NEGLIGENCE OR
>    OTHER= WISE)
>    + * ARISING IN ANY WAY O= UT OF THE USE OF THIS SOFTWARE, EVEN IF
> = ;   ADVISED OF THE
>    + * P= OSSIBILITY OF SUCH DAMAGE.
>    + *= /
>    +#ifndef _SSP_UNISTD_H_
<= /div>
>    +#define _SSP_UNISTD_H_
<= div dir=3D"ltr">>    +
>  &= nbsp; +#include <ssp/ssp.h>
>  &nb= sp; +
>    +#if __SSP_FORTIFY_LEVE= L > 0
>    +__BEGIN_DECLS
>    +
>&nbs= p;   +__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t _= _len), \
>    +    (__fd,= __buf, __len));
>    +
>    +__ssp_redirect(ssize_t, readlink, (const= char *__restrict __path, \
>    +&= nbsp;   char *__restrict __buf, size_t __len), (__path, __buf, __len))= ;
>    +
= >    +__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf= , size_t __len),
>    +   = ; (__buf, __len), __buf !=3D 0, __ssp_bos);
>&= nbsp;   +
>    +__END_DECLS
>    +
>= ;    +#endif /* __SSP_FORTIFY_LEVEL > 0 */
>    +#endif /* _SSP_UNISTD_H_ */
>    diff --git a/lib/libc/secure/Makefile.inc b/lib= /libc/secure/Makefile.inc
>    inde= x 8574c5a05dc5..3b1ad879c715 100644
>  &n= bsp; --- a/lib/libc/secure/Makefile.inc
>&nbs= p;   +++ b/lib/libc/secure/Makefile.inc
>= ;    @@ -3,6 +3,17 @@
>
<= div dir=3D"ltr">>    .PATH: ${LIBC_SRCTOP}/secure
>
>    +# _FORTI= FY_SOURCE
>    +SRCS+=3D  = ;  gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c
>    memset_chk.c \
>&n= bsp;   +    snprintf_chk.c sprintf_chk.c stpcpy_chk.c = stpncpy_chk.c \
>    +  &= nbsp; strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \
>    +    vsnprintf_chk.c vsprint= f_chk.c
>    +
>    +CFLAGS.snprintf_chk.c+=3D    -Wno-= unused-parameter
>    +CFLAGS.sprin= tf_chk.c+=3D    -Wno-unused-parameter
>    +CFLAGS.vsnprintf_chk.c+=3D    -Wno-u= nused-parameter
>    +CFLAGS.vsprin= tf_chk.c+=3D    -Wno-unused-parameter
>    +
>    # Sou= rces common to both syscall interfaces:
> = ;   SRCS+=3D    stack_protector.c \
>          stack_protector_compat= .c
>    diff --git a/lib/libc/secur= e/Symbol.map b/lib/libc/secure/Symbol.map
>&nb= sp;   index 641f451b5421..7859fcee3821 100644
>    --- a/lib/libc/secure/Symbol.map
>    +++ b/lib/libc/secure/Symbol.map
>    @@ -3,3 +3,21 @@ FBSD_1.0 {
>          __stack_chk_fail;
<= /div>
>          __stack_c= hk_guard;
>    };
>    +
>    = +FBSD_1.8 {
>    +   = ; __gets_chk;
>    +  &nb= sp; __fgets_chk;
>    +  =   __memcpy_chk;
>    + &n= bsp;  __memmove_chk;
>    +&nb= sp;   __memset_chk;
>    = +    __snprintf_chk;
>  &n= bsp; +    __sprintf_chk;
>&nbs= p;   +    __stpcpy_chk;
>=     +    __stpncpy_chk;
>    +    __strcat_chk;
>    +    __strcpy_chk;
>    +    __strncat_chk;
>    +    __strncpy_chk;
>    +    __vsnprintf_chk;<= br>
>    +    __vsprintf= _chk;
>    +};
>    diff --git a/lib/libc/secure/fgets_chk.c b/lib/lib= c/secure/fgets_chk.c
>    new file = mode 100644
>    index 000000000000= ..72aa1d816ce1
>    --- /dev/null
>    +++ b/lib/libc/secure/fgets_chk= .c
>    @@ -0,0 +1,54 @@
<= div dir=3D"ltr">>    +/*-
> = ;   + *
>    + * SPDX-License= -Identifier: BSD-2-Clause
>    + *<= br>
>    + * Copyright (c) 2006 The Net= BSD Foundation, Inc.
>    + * All r= ights reserved.
>    + *
<= div dir=3D"ltr">>    + * This code is derived from software c= ontributed to The NetBSD
>    Found= ation
>    + * by Christos Zoulas.<= br>
>    + *
= >    + * Redistribution and use in source and binary forms, w= ith or without
>    + * modificatio= n, are permitted provided that the following conditions
>    + * are met:
>&nbs= p;   + * 1. Redistributions of source code must retain the above copy= right
>    + *    notice,= this list of conditions and the following disclaimer.
>    + * 2. Redistributions in binary form must reprodu= ce the above copyright
>    + *&nbs= p;   notice, this list of conditions and the following disclaimer
<= /div>
>    in the
&= gt;    + *    documentation and/or other materials pro= vided with the
>    distribution.
>    + *
&= gt;    + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, I= NC. AND
>    CONTRIBUTORS
=
>    + * ``AS IS'' AND ANY EXPRESS OR IMPLIE= D WARRANTIES, INCLUDING, BUT
>    N= OT LIMITED
>    + * TO, THE IMPLIED= WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
= >    PARTICULAR
>    = + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR
>    CONTRIBUTORS
>    + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, = SPECIAL,
>    EXEMPLARY, OR
>    + * CONSEQUENTIAL DAMAGES (INCLUDING,= BUT NOT LIMITED TO, PROCUREMENT OF
>  &n= bsp; + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
>    BUSINESS
>    + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY O= F LIABILITY,
>    WHETHER IN
>    + * CONTRACT, STRICT LIABILITY, OR T= ORT (INCLUDING NEGLIGENCE OR
>    O= THERWISE)
>    + * ARISING IN ANY W= AY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
>&= nbsp;   ADVISED OF THE
>    += * POSSIBILITY OF SUCH DAMAGE.
>    = + */
>    +#include <sys/cdefs.= h>
>    +__RCSID("$NetBSD: fgets= _chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $");
&= gt;    +
>    +#include = <limits.h>
>    +#include <= ;stdio.h>
>    +#include <std= lib.h>
>    +#include <string= .h>
>    +
>    +#include <ssp/stdio.h>
>    +#include <ssp/string.h>
>    +#undef fgets
> =   +
>    +char *
>    +__fgets_chk(char * __restrict buf, int l= en, size_t slen, FILE *fp)
>    +{<= br>
>    +    if (slen &= gt;=3D (size_t)INT_MAX)
>    + = ;       return (fgets(buf, len, fp));
>    +
>  &nb= sp; +    if (len >=3D 0 && (size_t)len > slen= )
>    +     &n= bsp;  __chk_fail();
>    +
=
>    +    return (fgets= (buf, len, fp));
>    +}
<= div dir=3D"ltr">>    diff --git a/lib/libc/secure/gets_chk.c = b/lib/libc/secure/gets_chk.c
>    n= ew file mode 100644
>    index 0000= 00000000..18c1e2d18f43
>    --- /de= v/null
>    +++ b/lib/libc/secure/g= ets_chk.c
>    @@ -0,0 +1,74 @@
=
>    +/*-
&g= t;    + *
>    + * SPDX-= License-Identifier: BSD-2-Clause
>   = ; + *
>    + * Copyright (c) 2006 = The NetBSD Foundation, Inc.
>    + = * All rights reserved.
>    + *
=
>    + * This code is derived from sof= tware contributed to The NetBSD
>   = Foundation
>    + * by Christos Z= oulas.
>    + *
>    + * Redistribution and use in source and binary= forms, with or without
>    + * mo= dification, are permitted provided that the following conditions
<= div dir=3D"ltr">>    + * are met:
&= gt;    + * 1. Redistributions of source code must retain the abo= ve copyright
>    + *    = notice, this list of conditions and the following disclaimer.
>    + * 2. Redistributions in binary form must = reproduce the above copyright
>    = + *    notice, this list of conditions and the following disclaim= er
>    in the
>    + *    documentation and/or other materi= als provided with the
>    distribu= tion.
>    + *
>    + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDA= TION, INC. AND
>    CONTRIBUTORS
>    + * ``AS IS'' AND ANY EXPRESS OR= IMPLIED WARRANTIES, INCLUDING, BUT
>  &n= bsp; NOT LIMITED
>    + * TO, THE = IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
>    PARTICULAR
> =   + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION= OR
>    CONTRIBUTORS
>    + * BE LIABLE FOR ANY DIRECT, INDIRECT, INC= IDENTAL, SPECIAL,
>    EXEMPLARY, O= R
>    + * CONSEQUENTIAL DAMAGES (I= NCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>=     + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF= ITS; OR
>    BUSINESS
>    + * INTERRUPTION) HOWEVER CAUSED AND ON ANY= THEORY OF LIABILITY,
>    WHETHER = IN
>    + * CONTRACT, STRICT LIABIL= ITY, OR TORT (INCLUDING NEGLIGENCE OR
>  =   OTHERWISE)
>    + * ARISING= IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
>    ADVISED OF THE
>  =   + * POSSIBILITY OF SUCH DAMAGE.
> = ;   + */
>    +#include <s= ys/cdefs.h>
>    +__RCSID("$NetB= SD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp
>    $");
>    +=
>    +#include <limits.h>
>    +#include <stdio.h>
>    +#include <stdlib.h>
=
>    +#include <string.h>
>    +
>  &nb= sp; +#include <ssp/stdio.h>
>  &nb= sp; +#include <ssp/string.h>
>  &n= bsp; +
>    +char *__gets_unsafe(c= har *);
>    +
>    +char *
>   = ; +__gets_chk(char * __restrict buf, size_t slen)
>    +{
>    + = ;   char *abuf;
>    +&nb= sp;   size_t len;
>    +<= br>
>    +    if (slen &= gt;=3D (size_t)INT_MAX)
>    + = ;       return (__gets_unsafe(buf));
>    +
>  &nbs= p; +    if ((abuf =3D malloc(slen + 1)) =3D=3D NULL)
>    +      &nbs= p; return (__gets_unsafe(buf));
>   = +
>    +    if (fg= ets(abuf, (int)(slen + 1), stdin) =3D=3D NULL) {
= >    +        free(abuf);
>    +      &nb= sp; return (NULL);
>    + &nbs= p;  }
>    +
>    +    len =3D strlen(abuf);
>    +    if (len > 0 = && abuf[len - 1] =3D=3D '\n')
>  =   +        --len;
>    +
>    +&nb= sp;   if (len >=3D slen)
>  =   +        __chk_fail();
>    +
>   = ; +    (void)memcpy(buf, abuf, len);
>    +
>    +&nbs= p;   buf[len] =3D '\0';
>  &nbs= p; +    free(abuf);
>  &n= bsp; +    return (buf);
> = ;   +}
>    diff --git a/lib/= libc/secure/memcpy_chk.c b/lib/libc/secure/memcpy_chk.c
>    new file mode 100644
= >    index 000000000000..99cf2d5f13ff
>    --- /dev/null
>  &n= bsp; +++ b/lib/libc/secure/memcpy_chk.c
>&nbs= p;   @@ -0,0 +1,53 @@
>    +/= *-
>    + *
>    + * SPDX-License-Identifier: BSD-2-Clause
>    + *
>  =   + * Copyright (c) 2006 The NetBSD Foundation, Inc.
>    + * All rights reserved.
>    + *
>    + = * This code is derived from software contributed to The NetBSD
>    Foundation
>&= nbsp;   + * by Christos Zoulas.
>  =   + *
>    + * Redistribution= and use in source and binary forms, with or without
>    + * modification, are permitted provided that the fo= llowing conditions
>    + * are met= :
>    + * 1. Redistributions of so= urce code must retain the above copyright
>&nb= sp;   + *    notice, this list of conditions and the follow= ing disclaimer.
>    + * 2. Redistr= ibutions in binary form must reproduce the above copyright
>    + *    notice, this list of conditio= ns and the following disclaimer
>   = in the
>    + *    docu= mentation and/or other materials provided with the
>    distribution.
>  &nb= sp; + *
>    + * THIS SOFTWARE IS = PROVIDED BY THE NETBSD FOUNDATION, INC. AND
>&= nbsp;   CONTRIBUTORS
>    + *= ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
<= div dir=3D"ltr">>    NOT LIMITED
&g= t;    + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITN= ESS FOR A
>    PARTICULAR
=
>    + * PURPOSE ARE DISCLAIMED.  IN NO= EVENT SHALL THE FOUNDATION OR
>    = CONTRIBUTORS
>    + * BE LIABLE FO= R ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>=     EXEMPLARY, OR
>    += * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
=
>    + * SUBSTITUTE GOODS OR SERVICES;= LOSS OF USE, DATA, OR PROFITS; OR
>  &nb= sp; BUSINESS
>    + * INTERRUPTION= ) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
= >    WHETHER IN
>    = + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
<= div dir=3D"ltr">>    OTHERWISE)
>= ;    + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVE= N IF
>    ADVISED OF THE
<= div dir=3D"ltr">>    + * POSSIBILITY OF SUCH DAMAGE.
>    + */
>&nb= sp;   +#include <sys/cdefs.h>
>&nb= sp;   +__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg= Exp $");
>    +
>    +#include <string.h>
>    +
>    +#i= nclude <ssp/string.h>
>    +#= undef memcpy
>    +
>    +#include "ssp_internal.h"
>    +
>    = +void *
>    +__memcpy_chk(void * _= _restrict dst, const void * __restrict src,
>&= nbsp;   size_t len,
>    +&nb= sp;   size_t slen)
>    +{
=
>    +    if (len > = slen)
>    +    &nbs= p;   __chk_fail();
>    +=
>    +    if (__ssp= _overlap((const char *)src, (const char *)dst, len))
>    +        __chk_fail();=
>    +
&= gt;    +    return (memcpy(dst, src, len));
>    +}
>&n= bsp;   diff --git a/lib/libc/secure/memmove_chk.c
>    b/lib/libc/secure/memmove_chk.c
>    new file mode 100644
>    index 000000000000..07f965d608fc
>    --- /dev/null
>  =   +++ b/lib/libc/secure/memmove_chk.c
>&= nbsp;   @@ -0,0 +1,47 @@
>    = +/*-
>    + *
>    + * SPDX-License-Identifier: BSD-2-Clause
>    + *
>&nbs= p;   + * Copyright (c) 2006 The NetBSD Foundation, Inc.
>    + * All rights reserved.
>    + *
>   = + * This code is derived from software contributed to The NetBSD
>    Foundation
&= gt;    + * by Christos Zoulas.
>&nb= sp;   + *
>    + * Redistribu= tion and use in source and binary forms, with or without
>    + * modification, are permitted provided that t= he following conditions
>    + * ar= e met:
>    + * 1. Redistributions = of source code must retain the above copyright
&g= t;    + *    notice, this list of conditions and the f= ollowing disclaimer.
>    + * 2. Re= distributions in binary form must reproduce the above copyright
>    + *    notice, this list of con= ditions and the following disclaimer
>  &= nbsp; in the
>    + *   = documentation and/or other materials provided with the
>    distribution.
>&nb= sp;   + *
>    + * THIS SOFTW= ARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
>    CONTRIBUTORS
>  &nbs= p; + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
=
>    NOT LIMITED
>    + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY A= ND FITNESS FOR A
>    PARTICULAR
>    + * PURPOSE ARE DISCLAIMED. = ; IN NO EVENT SHALL THE FOUNDATION OR
>  =   CONTRIBUTORS
>    + * BE LI= ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
>    EXEMPLARY, OR
>  &n= bsp; + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT= OF
>    + * SUBSTITUTE GOODS OR SE= RVICES; LOSS OF USE, DATA, OR PROFITS; OR
>&nb= sp;   BUSINESS
>    + * INTER= RUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
>    WHETHER IN
> =   + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
>    OTHERWISE)
>    + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFT= WARE, EVEN IF
>    ADVISED OF THE
>    + * POSSIBILITY OF SUCH DAMAGE.=
>    + */
>    +#include <sys/cdefs.h>
>    +__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:3= 7:59 mrg Exp $");
>    +
<= div dir=3D"ltr">>    +#include <string.h>
>    +
>  &nbs= p; +#include <ssp/string.h>
>  &nb= sp; +#undef memmove
>    +
>    +void *
>= ;    +__memmove_chk(void *dst, const void *src, size_t len,
<= /div>
>    +    size_t slen)
>    +{
>&nb= sp;   +    if (len > slen)
>    +        __chk_fail();
>    +    return (mem= move(dst, src, len));
>    +}
>    diff --git a/lib/libc/secure/memset= _chk.c b/lib/libc/secure/memset_chk.c
>  =   new file mode 100644
>    i= ndex 000000000000..f337be98b46d
>   = --- /dev/null
>    +++ b/lib/libc= /secure/memset_chk.c
>    @@ -0,0 += 1,46 @@
>    +/*-
>    + *
>   = + * SPDX-License-Identifier: BSD-2-Clause
>&= nbsp;   + *
>    + * Copyrigh= t (c) 2006 The NetBSD Foundation, Inc.
> =   + * All rights reserved.
>  &nbs= p; + *
>    + * This code is deriv= ed from software contributed to The NetBSD
>&n= bsp;   Foundation
>    + * by= Christos Zoulas.
>    + *
>    + * Redistribution and use in source a= nd binary forms, with or without
>   = ; + * modification, are permitted provided that the following conditions
>    + * are met:
>    + * 1. Redistributions of source code must reta= in the above copyright
>    + *&nbs= p;   notice, this list of conditions and the following disclaimer.
=
>    + * 2. Redistributions in binary = form must reproduce the above copyright
> = ;   + *    notice, this list of conditions and the followin= g disclaimer
>    in the
<= div dir=3D"ltr">>    + *    documentation and/or ot= her materials provided with the
>   = distribution.
>    + *
<= div dir=3D"ltr">>    + * THIS SOFTWARE IS PROVIDED BY THE NET= BSD FOUNDATION, INC. AND
>    CONTR= IBUTORS
>    + * ``AS IS'' AND ANY = EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
>= ;    NOT LIMITED
>    + = * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
=
>    PARTICULAR
&g= t;    + * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FO= UNDATION OR
>    CONTRIBUTORS
>    + * BE LIABLE FOR ANY DIRECT, INDIR= ECT, INCIDENTAL, SPECIAL,
>    EXEM= PLARY, OR
>    + * CONSEQUENTIAL DA= MAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
>    + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,= OR PROFITS; OR
>    BUSINESS
>    + * INTERRUPTION) HOWEVER CAUSED AN= D ON ANY THEORY OF LIABILITY,
>    = WHETHER IN
>    + * CONTRACT, STRIC= T LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
>= ;    OTHERWISE)
>    + *= ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
>    ADVISED OF THE
>= ;    + * POSSIBILITY OF SUCH DAMAGE.
&= gt;    + */
>    +#inclu= de <sys/cdefs.h>
>    +__RCSI= D("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
=
>    +
>  =   +#include <string.h>
>  &nb= sp; +
>    +#include <ssp/strin= g.h>
>    +#undef memset
>    +
> = ;   +void *
>    +__memset_ch= k(void * __restrict dst, int val, size_t len, size_t slen)
>    +{
>   = +    if (len > slen)
>&nbs= p;   +        __chk_fail();
>    +    return (memset(dst, v= al, len));
>    +}
>    diff --git a/lib/libc/secure/snprintf_chk.c
>    b/lib/libc/secure/snprintf_chk.c=
>    new file mode 100644
>    index 000000000000..52ef874ede5b
>    --- /dev/null
>    +++ b/lib/libc/secure/snprintf_chk.c
>    @@ -0,0 +1,56 @@
&= gt;    +/*-
>    + *
=
>    + * SPDX-License-Identifier: BSD-= 2-Clause
>    + *
>    + * Copyright (c) 2006 The NetBSD Foundation, I= nc.
>    + * All rights reserved.
>    + *
&= gt;    + * This code is derived from software contributed to The= NetBSD
>    Foundation
>    + * by Christos Zoulas.
>    + *
>   = + * Redistribution and use in source and binary forms, with or without
>    + * modification, are permitted = provided that the following conditions
> =   + * are met:
>    + * 1. R= edistributions of source code must retain the above copyright
>    + *    notice, this list of condi= tions and the following disclaimer.
>  &n= bsp; + * 2. Redistributions in binary form must reproduce the above copyri= ght
>    + *    notice, t= his list of conditions and the following disclaimer
>    in the
>    += *    documentation and/or other materials provided with the
<= /div>
>    distribution.
>    + *
>    += * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
>    CONTRIBUTORS
&g= t;    + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLU= DING, BUT
>    NOT LIMITED
>    + * TO, THE IMPLIED WARRANTIES OF MERC= HANTABILITY AND FITNESS FOR A
>    = PARTICULAR
>    + * PURPOSE ARE DIS= CLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR
>    CONTRIBUTORS
>  &nbs= p; + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
<= div dir=3D"ltr">>    EXEMPLARY, OR
= >    + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO= , PROCUREMENT OF
>    + * SUBSTITUT= E GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
>    BUSINESS
>  &nbs= p; + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
>    WHETHER IN
>    + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGL= IGENCE OR
>    OTHERWISE)
=
>    + * ARISING IN ANY WAY OUT OF THE USE O= F THIS SOFTWARE, EVEN IF
>    ADVIS= ED OF THE
>    + * POSSIBILITY OF S= UCH DAMAGE.
>    + */
>    +#include <sys/cdefs.h>
>    +__RCSID("$NetBSD: snprintf_chk.c,v 1.5 200= 8/04/28 20:23:00 martin
>    Exp $"= );
>    +
>    +#include <stdarg.h>
&g= t;    +#include <stdio.h>
>&n= bsp;   +
>    +#include <s= sp/stdio.h>
>    +#undef vsnprin= tf
>    +
>    +int
>    +__sn= printf_chk(char * __restrict buf, size_t len, int flags, size_t
>    slen,
> = ;   +    const char * __restrict fmt, ...)
>    +{
>   = +    va_list ap;
>  &nbs= p; +    int rv;
>   = +
>    +    if (le= n > slen)
>    +  &nbs= p;     __chk_fail();
>  &n= bsp; +
>    +    va= _start(ap, fmt);
>    +  =   rv =3D vsnprintf(buf, len, fmt, ap);
>&= nbsp;   +    va_end(ap);
>= ;    +
>    +  = ;  return (rv);
>    +}
>    diff --git a/lib/libc/secure/sprintf= _chk.c
>    b/lib/libc/secure/sprin= tf_chk.c
>    new file mode 100644<= br>
>    index 000000000000..d4c42ccba3= ce
>    --- /dev/null
>    +++ b/lib/libc/secure/sprintf_chk.c
>    @@ -0,0 +1,61 @@
>    +/*-
>    = + *
>    + * SPDX-License-Identifie= r: BSD-2-Clause
>    + *
<= div dir=3D"ltr">>    + * Copyright (c) 2006 The NetBSD Founda= tion, Inc.
>    + * All rights rese= rved.
>    + *
>    + * This code is derived from software contributed= to The NetBSD
>    Foundation
<= /div>
>    *** 1063 LINES SKIPPED ***
>
>
------=_Part_1357399_2058372477.1716093599883--