git: 8983acc8dee5 - main - lib/libc/string: apply SSP hardening and tests to memset_explicit

From: Robert Clausecker <fuz_at_FreeBSD.org>
Date: Thu, 14 Nov 2024 22:10:50 UTC
The branch main has been updated by fuz:

URL: https://cgit.FreeBSD.org/src/commit/?id=8983acc8dee56533f5281ca912e09a51dfacc35b

commit 8983acc8dee56533f5281ca912e09a51dfacc35b
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2024-10-25 16:00:44 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-11-14 22:10:00 +0000

    lib/libc/string: apply SSP hardening and tests to memset_explicit
    
    Reviewed by:    emaste, kevans
    Differential Revision:  https://reviews.freebsd.org/D47286
---
 include/ssp/string.h                             |   2 +
 lib/libc/string/memset_explicit.c                |   3 +-
 lib/libc/tests/secure/fortify_string_test.c      | 132 +++++++++++++++++++++++
 lib/libc/tests/secure/generate-fortify-tests.lua |   9 ++
 4 files changed, 145 insertions(+), 1 deletion(-)

diff --git a/include/ssp/string.h b/include/ssp/string.h
index 9f24254d9c01..2999aed13cb1 100644
--- a/include/ssp/string.h
+++ b/include/ssp/string.h
@@ -109,6 +109,8 @@ __ssp_bos_icheck3_restrict(memcpy, void *, const void *)
 __ssp_bos_icheck3_restrict(mempcpy, void *, const void *)
 __ssp_bos_icheck3(memmove, void *, const void *)
 __ssp_bos_icheck3(memset, void *, int)
+__ssp_redirect(void *, memset_explicit, (void *__buf, int __ch, size_t __len),
+    (__buf, __ch, __len));
 __ssp_bos_icheck2_restrict(stpcpy, char *, const char *)
 __ssp_bos_icheck3_restrict(stpncpy, char *, const char *)
 __ssp_bos_icheck2_restrict(strcpy, char *, const char *)
diff --git a/lib/libc/string/memset_explicit.c b/lib/libc/string/memset_explicit.c
index ee6be0363981..b2b9a79c40c8 100644
--- a/lib/libc/string/memset_explicit.c
+++ b/lib/libc/string/memset_explicit.c
@@ -5,6 +5,7 @@
  */
 
 #include <string.h>
+#include <ssp/ssp.h>
 
 __attribute__((weak)) void __memset_explicit_hook(void *, int, size_t);
 
@@ -17,7 +18,7 @@ __memset_explicit_hook(void *buf, int ch, size_t len)
 }
 
 void *
-memset_explicit(void *buf, int ch, size_t len)
+__ssp_real(memset_explicit)(void *buf, int ch, size_t len)
 {
 	memset(buf, ch, len);
 	__memset_explicit_hook(buf, ch, len);
diff --git a/lib/libc/tests/secure/fortify_string_test.c b/lib/libc/tests/secure/fortify_string_test.c
index cc87ae56488d..ae68c4b89a38 100644
--- a/lib/libc/tests/secure/fortify_string_test.c
+++ b/lib/libc/tests/secure/fortify_string_test.c
@@ -685,6 +685,133 @@ monitor:
 
 }
 
+ATF_TC_WITHOUT_HEAD(memset_explicit_before_end);
+ATF_TC_BODY(memset_explicit_before_end, tc)
+{
+#define BUF &__stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char __buf[42];
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(__stack.__buf);
+	const size_t __len = 42 - 1;
+	const size_t __idx __unused = __len - 1;
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_end);
+ATF_TC_BODY(memset_explicit_end, tc)
+{
+#define BUF &__stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char __buf[42];
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(__stack.__buf);
+	const size_t __len = 42;
+	const size_t __idx __unused = __len - 1;
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_heap_before_end);
+ATF_TC_BODY(memset_explicit_heap_before_end, tc)
+{
+#define BUF __stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char * __buf;
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
+	const size_t __len = 42 - 1;
+	const size_t __idx __unused = __len - 1;
+
+	__stack.__buf = malloc(__bufsz);
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_heap_end);
+ATF_TC_BODY(memset_explicit_heap_end, tc)
+{
+#define BUF __stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char * __buf;
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
+	const size_t __len = 42;
+	const size_t __idx __unused = __len - 1;
+
+	__stack.__buf = malloc(__bufsz);
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_heap_after_end);
+ATF_TC_BODY(memset_explicit_heap_after_end, tc)
+{
+#define BUF __stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char * __buf;
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
+	const size_t __len = 42 + 1;
+	const size_t __idx __unused = __len - 1;
+	pid_t __child;
+	int __status;
+
+	__child = fork();
+	ATF_REQUIRE(__child >= 0);
+	if (__child > 0)
+		goto monitor;
+
+	/* Child */
+	disable_coredumps();
+	__stack.__buf = malloc(__bufsz);
+
+	memset_explicit(__stack.__buf, 0, __len);
+	_exit(EX_SOFTWARE);	/* Should have aborted. */
+
+monitor:
+	while (waitpid(__child, &__status, 0) != __child) {
+		ATF_REQUIRE_EQ(EINTR, errno);
+	}
+
+	if (!WIFSIGNALED(__status)) {
+		switch (WEXITSTATUS(__status)) {
+		case EX_SOFTWARE:
+			atf_tc_fail("FORTIFY_SOURCE failed to abort");
+			break;
+		case EX_OSERR:
+			atf_tc_fail("setrlimit(2) failed");
+			break;
+		default:
+			atf_tc_fail("child exited with status %d",
+			    WEXITSTATUS(__status));
+		}
+	} else {
+		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
+	}
+#undef BUF
+
+}
+
 ATF_TC_WITHOUT_HEAD(stpcpy_before_end);
 ATF_TC_BODY(stpcpy_before_end, tc)
 {
@@ -1899,6 +2026,11 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, memset_heap_before_end);
 	ATF_TP_ADD_TC(tp, memset_heap_end);
 	ATF_TP_ADD_TC(tp, memset_heap_after_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_before_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_heap_before_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_heap_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_heap_after_end);
 	ATF_TP_ADD_TC(tp, stpcpy_before_end);
 	ATF_TP_ADD_TC(tp, stpcpy_end);
 	ATF_TP_ADD_TC(tp, stpcpy_heap_before_end);
diff --git a/lib/libc/tests/secure/generate-fortify-tests.lua b/lib/libc/tests/secure/generate-fortify-tests.lua
index eec5f7253f73..0e46b8867862 100755
--- a/lib/libc/tests/secure/generate-fortify-tests.lua
+++ b/lib/libc/tests/secure/generate-fortify-tests.lua
@@ -630,6 +630,15 @@ local all_tests = {
 			},
 			exclude = excludes_stack_overflow,
 		},
+		{
+			func = "memset_explicit",
+			arguments = {
+				"__buf",
+				"0",
+				"__len",
+			},
+			exclude = excludes_stack_overflow,
+		},
 		{
 			func = "stpcpy",
 			arguments = {