git: 8983acc8dee5 - main - lib/libc/string: apply SSP hardening and tests to memset_explicit
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 14 Nov 2024 22:10:50 UTC
The branch main has been updated by fuz: URL: https://cgit.FreeBSD.org/src/commit/?id=8983acc8dee56533f5281ca912e09a51dfacc35b commit 8983acc8dee56533f5281ca912e09a51dfacc35b Author: Robert Clausecker <fuz@FreeBSD.org> AuthorDate: 2024-10-25 16:00:44 +0000 Commit: Robert Clausecker <fuz@FreeBSD.org> CommitDate: 2024-11-14 22:10:00 +0000 lib/libc/string: apply SSP hardening and tests to memset_explicit Reviewed by: emaste, kevans Differential Revision: https://reviews.freebsd.org/D47286 --- include/ssp/string.h | 2 + lib/libc/string/memset_explicit.c | 3 +- lib/libc/tests/secure/fortify_string_test.c | 132 +++++++++++++++++++++++ lib/libc/tests/secure/generate-fortify-tests.lua | 9 ++ 4 files changed, 145 insertions(+), 1 deletion(-) diff --git a/include/ssp/string.h b/include/ssp/string.h index 9f24254d9c01..2999aed13cb1 100644 --- a/include/ssp/string.h +++ b/include/ssp/string.h @@ -109,6 +109,8 @@ __ssp_bos_icheck3_restrict(memcpy, void *, const void *) __ssp_bos_icheck3_restrict(mempcpy, void *, const void *) __ssp_bos_icheck3(memmove, void *, const void *) __ssp_bos_icheck3(memset, void *, int) +__ssp_redirect(void *, memset_explicit, (void *__buf, int __ch, size_t __len), + (__buf, __ch, __len)); __ssp_bos_icheck2_restrict(stpcpy, char *, const char *) __ssp_bos_icheck3_restrict(stpncpy, char *, const char *) __ssp_bos_icheck2_restrict(strcpy, char *, const char *) diff --git a/lib/libc/string/memset_explicit.c b/lib/libc/string/memset_explicit.c index ee6be0363981..b2b9a79c40c8 100644 --- a/lib/libc/string/memset_explicit.c +++ b/lib/libc/string/memset_explicit.c @@ -5,6 +5,7 @@ */ #include <string.h> +#include <ssp/ssp.h> __attribute__((weak)) void __memset_explicit_hook(void *, int, size_t); @@ -17,7 +18,7 @@ __memset_explicit_hook(void *buf, int ch, size_t len) } void * -memset_explicit(void *buf, int ch, size_t len) +__ssp_real(memset_explicit)(void *buf, int ch, size_t len) { memset(buf, ch, len); __memset_explicit_hook(buf, ch, len); diff --git a/lib/libc/tests/secure/fortify_string_test.c b/lib/libc/tests/secure/fortify_string_test.c index cc87ae56488d..ae68c4b89a38 100644 --- a/lib/libc/tests/secure/fortify_string_test.c +++ b/lib/libc/tests/secure/fortify_string_test.c @@ -685,6 +685,133 @@ monitor: } +ATF_TC_WITHOUT_HEAD(memset_explicit_before_end); +ATF_TC_BODY(memset_explicit_before_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + unsigned char __buf[42]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 42 - 1; + const size_t __idx __unused = __len - 1; + + memset_explicit(__stack.__buf, 0, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(memset_explicit_end); +ATF_TC_BODY(memset_explicit_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + unsigned char __buf[42]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 42; + const size_t __idx __unused = __len - 1; + + memset_explicit(__stack.__buf, 0, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(memset_explicit_heap_before_end); +ATF_TC_BODY(memset_explicit_heap_before_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); + const size_t __len = 42 - 1; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + + memset_explicit(__stack.__buf, 0, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(memset_explicit_heap_end); +ATF_TC_BODY(memset_explicit_heap_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); + const size_t __len = 42; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + + memset_explicit(__stack.__buf, 0, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(memset_explicit_heap_after_end); +ATF_TC_BODY(memset_explicit_heap_after_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); + const size_t __len = 42 + 1; + const size_t __idx __unused = __len - 1; + pid_t __child; + int __status; + + __child = fork(); + ATF_REQUIRE(__child >= 0); + if (__child > 0) + goto monitor; + + /* Child */ + disable_coredumps(); + __stack.__buf = malloc(__bufsz); + + memset_explicit(__stack.__buf, 0, __len); + _exit(EX_SOFTWARE); /* Should have aborted. */ + +monitor: + while (waitpid(__child, &__status, 0) != __child) { + ATF_REQUIRE_EQ(EINTR, errno); + } + + if (!WIFSIGNALED(__status)) { + switch (WEXITSTATUS(__status)) { + case EX_SOFTWARE: + atf_tc_fail("FORTIFY_SOURCE failed to abort"); + break; + case EX_OSERR: + atf_tc_fail("setrlimit(2) failed"); + break; + default: + atf_tc_fail("child exited with status %d", + WEXITSTATUS(__status)); + } + } else { + ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); + } +#undef BUF + +} + ATF_TC_WITHOUT_HEAD(stpcpy_before_end); ATF_TC_BODY(stpcpy_before_end, tc) { @@ -1899,6 +2026,11 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, memset_heap_before_end); ATF_TP_ADD_TC(tp, memset_heap_end); ATF_TP_ADD_TC(tp, memset_heap_after_end); + ATF_TP_ADD_TC(tp, memset_explicit_before_end); + ATF_TP_ADD_TC(tp, memset_explicit_end); + ATF_TP_ADD_TC(tp, memset_explicit_heap_before_end); + ATF_TP_ADD_TC(tp, memset_explicit_heap_end); + ATF_TP_ADD_TC(tp, memset_explicit_heap_after_end); ATF_TP_ADD_TC(tp, stpcpy_before_end); ATF_TP_ADD_TC(tp, stpcpy_end); ATF_TP_ADD_TC(tp, stpcpy_heap_before_end); diff --git a/lib/libc/tests/secure/generate-fortify-tests.lua b/lib/libc/tests/secure/generate-fortify-tests.lua index eec5f7253f73..0e46b8867862 100755 --- a/lib/libc/tests/secure/generate-fortify-tests.lua +++ b/lib/libc/tests/secure/generate-fortify-tests.lua @@ -630,6 +630,15 @@ local all_tests = { }, exclude = excludes_stack_overflow, }, + { + func = "memset_explicit", + arguments = { + "__buf", + "0", + "__len", + }, + exclude = excludes_stack_overflow, + }, { func = "stpcpy", arguments = {