Page MenuHomeFreeBSD

include: ssp: round out fortification of current set of headers
ClosedPublic

Authored by kevans on Jun 21 2024, 4:59 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jan 6, 6:09 PM
Unknown Object (File)
Sat, Dec 21, 11:52 AM
Unknown Object (File)
Fri, Dec 20, 7:00 PM
Unknown Object (File)
Fri, Dec 20, 12:06 AM
Unknown Object (File)
Nov 24 2024, 7:52 AM
Unknown Object (File)
Nov 21 2024, 6:43 PM
Unknown Object (File)
Nov 21 2024, 6:43 PM
Unknown Object (File)
Nov 21 2024, 6:43 PM
Subscribers

Details

Summary

ssp/ssp.h needed some improvements:

  • len isn't always a size_t, it may need casted
  • In some cases we may want to use a len that isn't specified as a parameter (e.g., L_ctermid), so __ssp_redirect() should be more flexible.
  • In other cases we may want additional checking, so pull all of the declaration bits out of __ssp_redirect_raw() so that some functions can implement the body themselves.

strlcat/strlcpy should be the last of the fortified functions that get
their own __*_chk symbols, and these cases are only done to be
consistent with the rest of the str*() set.

Sponsored by: Stormshield
Sponsored by: Klara, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 58365
Build 55253: arc lint + arc unit

Event Timeline

Fix libc build without FORTIFY_SOURCE enabled

markj added inline comments.
lib/libc/secure/strlcat_chk.c
47

We know that n <= dbufsize, and the loop predicate checks n-- != 0 so this condition is always false.

lib/libc/secure/strlcpy_chk.c
27–28

Do you want to check dbufsize > 0 here?

28

Do you actually need to undef?

lib/libc/stdio/fread.c
50–51

This line is too long.

This revision is now accepted and ready to land.Jun 24 2024, 4:51 PM
kevans marked 4 inline comments as done.

Reduce __strlcpy_chk to size check + strlcpy(), address review feedback

This revision now requires review to proceed.Jun 26 2024, 7:07 PM
lib/libc/secure/strlcpy_chk.c
27–28

Looking at it again, I'm not sure it actually makes sense to inline strlcpy like this anyways... n passed in is supposed to cover room for the NUL terminator, so it should be sufficient to just __bos it up front then call into the real strlcpy

This revision is now accepted and ready to land.Jul 2 2024, 2:10 PM