Date: Sun, 19 May 2024 04:39:59 +0000 (UTC) From: Pedro Giffuni <pfg@freebsd.org> To: Kyle Evans <kevans@freebsd.org> Cc: "src-committers@freebsd.org" <src-committers@freebsd.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@freebsd.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@freebsd.org> Subject: Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD Message-ID: <1413980952.1357400.1716093599901@mail.yahoo.com> In-Reply-To: <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org> References: <02326b5e-a1fe-4411-a869-d21f9a76130c@email.android.com> <999469960.1638478.1716080957814@mail.yahoo.com> <6276b721-6c7b-41cd-9d1b-4169e86ec5e9@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
FWIW .. and let me be clear I haven't worked on this in ages and I am not planning to retake this either...
clang just couldn't do the static fortify_source checks due to the way llvm uses an intermediate representation; the size just couldn't be handled in the preprocessor. Google did spend some time adding extra attributes to clang to improve the debugging and you can see that implemented in bionic libc but that was it. musl didn't even try.
fortify_source does replace some key libc functions with memory checking alternatives and that turns out to be annoying when debugging. In a way it breaks that principle C programmers once had, where developers are expected to know what they are doing, and if the error is caught at runtime by the stack protector anyways it ends up being redundant.
One more thing about the static checks. Most of the linux distributions out there indeed have built their software packages with GCC and fortify_source >=2. As a consequence, when we ran an exp-run on the ports tree (with GCC), fortify_source didn't find anything: it was basically a waste of time.
Another reason for not setting it by default is performance. And here I answer Shawn's comment on why not enable stack-protector-all and safestack and fortify_source at the same time: running unnecessary checks over and over again wastes energy and can have some performance hit. The later may seem negligible in modern processors, but why do them if they bring no benefit? (No need to answer ... just left as food for thought)
Pedro.
On Saturday, May 18, 2024 at 09:08:52 PM GMT-5, Kyle Evans <kevans@freebsd.org> wrote:
On 5/18/24 20:09, Pedro Giffuni wrote:
> (sorry for top posting .. my mailer just sucks)
> Hi;
>
> I used to like the limited static checking FORTIFY_SOURCE provides and
> when I ran it over FreeBSD it did find a couple of minor issues. It only
> works for GCC though.
>
I don't think this is particularly true anymore; I haven't found a case
yet where __builtin_object_size(3) doesn't give me the correct size
while GCC did. I'd welcome counter-examples here, though -- we have
funding to both finish the project (widen the _FORTIFY_SOURCE net to
more of libc/libsys) and add tests to demonstrate that it's both
functional and correct. It would be useful to also document
deficiencies in the tests.
> I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD
> had the least intrusive implementation the last time I checked but I
> would certainly request it should never be activated by default,
> specially with clang. The GCC version has seen more development on glibc
> but I still think its a dead end.
>
I don't see a compelling reason to avoid enabling it by default; see
above, the functionality that we need in clang appears to be just fine
(and, iirc, was also fine when I checked at the beginning of working on
this in 2021) and it provides useful
> What I would like to see working on FreeBSD is Safestack as a
> replacement for the stack protector, which we were so very slow to adopt
> even when it was originally developed in FreeBSD. I think other projects
> based on FreeBSD (Chimera and hardenedBSD) have been using it but I
> don't know the details.
>
No comment there, though I think Shawn Webb / HardenedBSD had been
playing around with SafeStack (and might have enabled it? I haven't
actually looked in a while now).
> This is just all my $0.02
>
> Pedro.
Thanks,
Kyle Evans
>
> On Saturday, May 18, 2024 at 05:54:42 PM GMT-5, Kyle Evans
> <kaevans@fastmail.com> wrote:
>
>
>
>
> On May 18, 2024 13:42, Pedro Giffuni <pfg@freebsd.org> wrote:
>
> Oh no .. please not...
>
> We went into that in a GSoC:
>
> https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions <https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions>;
>
>
> Ultimately it proved to be useless since stack-protector-strong.
>
>
> Respectfully, I disagree with your conclusion here:
>
> 1.) _FORTIFY_SOURCE provides more granular detection of overflow; I
> don't have to overflow all the way into the canary at the end of the
> frame to be detected, so my minor bug now can be caught before something
> causes the stack frame to be rearranged and turn it into a security
> issue later
>
> 2.) __builtin_object_size doesn't work on heap objects, but it actually
> can work on subobjects from a heap allocation (e.g., &foo->name), so the
> coverage extends beyond the stack into starting to detect other kinds of
> overflow
>
> While the security value over stack-protector-strong may be marginal (I
> won't debate this specifically), the feature still has value in general.
>
> Thanks,
>
> Kyle Evans
>
> The NetBSD code was not well adapted to clang either.
>
> Ask me more if you really want to dig into it, but we don't want this.
>
> Pedro.
>
>
> On Monday, May 13, 2024 at 12:24:13 AM GMT-5, Kyle Evans
> <kevans@freebsd.org> wrote:
>
>
> The branch main has been updated by kevans:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928 <https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928>;
>
> commit be04fec42638f30f50b5b55fd8e3634c0fb89928
> Author: Kyle Evans <kevans@FreeBSD.org <mailto:kevans@FreeBSD.org>>
> AuthorDate: 2024-05-13 05:23:49 +0000
> Commit: Kyle Evans <kevans@FreeBSD.org <mailto:kevans@FreeBSD.org>>
> CommitDate: 2024-05-13 05:23:49 +0000
>
> Import _FORTIFY_SOURCE implementation from NetBSD
>
> This is a mostly-unmodified copy of the various *_chk
> implementations
> and headers from NetBSD, without yet modifying system headers
> to start
> actually including them. A future commit will also apply the
> needed
> bits to fix ssp/unistd.h.
>
> Reviewed by: imp, pauamma_gundo.com (both previous
> versions), kib
> Sponsored by: Stormshield
> Sponsored by: Klara, Inc.
> Differential Revision: https://reviews.freebsd.org/D32306
> <https://reviews.freebsd.org/D32306>;
> ---
> etc/mtree/BSD.include.dist | 2 +
> include/Makefile | 2 +-
> include/ssp/Makefile | 6 ++
> include/ssp/ssp.h | 91 ++++++++++++++++++++++++++
> include/ssp/stdio.h | 93 ++++++++++++++++++++++++++
> include/ssp/string.h | 129
> ++++++++++++++++++++++++++++++++++++
> include/ssp/strings.h | 67 +++++++++++++++++++
> include/ssp/unistd.h | 54 +++++++++++++++
> lib/libc/secure/Makefile.inc | 11 ++++
> lib/libc/secure/Symbol.map | 18 +++++
> lib/libc/secure/fgets_chk.c | 54 +++++++++++++++
> lib/libc/secure/gets_chk.c | 74 +++++++++++++++++++++
> lib/libc/secure/memcpy_chk.c | 53 +++++++++++++++
> lib/libc/secure/memmove_chk.c | 47 +++++++++++++
> lib/libc/secure/memset_chk.c | 46 +++++++++++++
> lib/libc/secure/snprintf_chk.c | 56 ++++++++++++++++
> lib/libc/secure/sprintf_chk.c | 61 +++++++++++++++++
> lib/libc/secure/ssp_internal.h | 37 +++++++++++
> lib/libc/secure/stpcpy_chk.c | 55 ++++++++++++++++
> lib/libc/secure/stpncpy_chk.c | 53 +++++++++++++++
> lib/libc/secure/strcat_chk.c | 60 +++++++++++++++++
> lib/libc/secure/strcpy_chk.c | 54 +++++++++++++++
> lib/libc/secure/strncat_chk.c | 70 ++++++++++++++++++++
> lib/libc/secure/strncpy_chk.c | 53 +++++++++++++++
> lib/libc/secure/vsnprintf_chk.c | 49 ++++++++++++++
> lib/libc/secure/vsprintf_chk.c | 58 ++++++++++++++++
> lib/libssp/Makefile | 20 +++++-
> lib/libssp/Symbol.map | 12 ++--
> lib/libssp/Versions.def | 5 ++
> lib/libssp/__builtin_object_size.3 | 110 +++++++++++++++++++++++++++++++
> lib/libssp/fortify_stubs.c | 131
> -------------------------------------
> lib/libssp/ssp.3 | 130
> ++++++++++++++++++++++++++++++++++++
> 32 files changed, 1621 insertions(+), 140 deletions(-)
>
> diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist
> index a6bd5880bf61..f8c83d6dde7a 100644
> --- a/etc/mtree/BSD.include.dist
> +++ b/etc/mtree/BSD.include.dist
> @@ -372,6 +372,8 @@
> mac_veriexec
> ..
> ..
> + ssp
> + ..
> sys
> disk
> ..
> diff --git a/include/Makefile b/include/Makefile
> index 19e6beb95203..32774419f162 100644
> --- a/include/Makefile
> +++ b/include/Makefile
> @@ -4,7 +4,7 @@
>
> PACKAGE=clibs
> CLEANFILES= osreldate.h version
> -SUBDIR= arpa protocols rpcsvc rpc xlocale
> +SUBDIR= arpa protocols rpcsvc rpc ssp xlocale
> .if ${MACHINE_CPUARCH} == "amd64"
> SUBDIR+= i386
> INCLUDE_SUBDIRS+= i386
> diff --git a/include/ssp/Makefile b/include/ssp/Makefile
> new file mode 100644
> index 000000000000..dff19f43c920
> --- /dev/null
> +++ b/include/ssp/Makefile
> @@ -0,0 +1,6 @@
> +# $FreeBSD$
> +
> +INCS= ssp.h stdio.h string.h strings.h unistd.h
> +INCSDIR= ${INCLUDEDIR}/ssp
> +
> +.include <bsd.prog.mk>
> diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h
> new file mode 100644
> index 000000000000..35a9aeee02df
> --- /dev/null
> +++ b/include/ssp/ssp.h
> @@ -0,0 +1,91 @@
> +/* $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_SSP_H_
> +#define _SSP_SSP_H_
> +
> +#include <sys/cdefs.h>
> +
> +#if !defined(__cplusplus)
> +# if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \
> + (__OPTIMIZE__ > 0 || defined(__clang__))
> +# if _FORTIFY_SOURCE > 1
> +# define __SSP_FORTIFY_LEVEL 2
> +# else
> +# define __SSP_FORTIFY_LEVEL 1
> +# endif
> +# else
> +# define __SSP_FORTIFY_LEVEL 0
> +# endif
> +#else
> +# define __SSP_FORTIFY_LEVEL 0
> +#endif
> +
> +#define __ssp_var(type) __CONCAT(__ssp_ ## type, __COUNTER__)
> +
> +/* __ssp_real is used by the implementation in libc */
> +#if __SSP_FORTIFY_LEVEL == 0
> +#define __ssp_real_(fun) fun
> +#else
> +#define __ssp_real_(fun) __ssp_real_ ## fun
> +#endif
> +#define __ssp_real(fun) __ssp_real_(fun)
> +
> +#define __ssp_inline static __inline __attribute__((__always_inline__))
> +
> +#define __ssp_bos(ptr) __builtin_object_size(ptr,
> __SSP_FORTIFY_LEVEL > 1)
> +#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)
> +
> +#define __ssp_check(buf, len, bos) \
> + if (bos(buf) != (size_t)-1 && len > bos(buf)) \
> + __chk_fail()
> +#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \
> +rtype __ssp_real_(fun) args __RENAME(symbol); \
> +__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \
> +__ssp_inline rtype fun args { \
> + if (cond) \
> + __ssp_check(__buf, __len, bos); \
> + return __ssp_real_(fun) call; \
> +}
> +
> +#define __ssp_redirect(rtype, fun, args, call) \
> + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos)
> +#define __ssp_redirect0(rtype, fun, args, call) \
> + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)
> +
> +__BEGIN_DECLS
> +void __stack_chk_fail(void) __dead2;
> +void __chk_fail(void) __dead2;
> +__END_DECLS
> +
> +#endif /* _SSP_SSP_H_ */
> diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h
> new file mode 100644
> index 000000000000..72e3236eac80
> --- /dev/null
> +++ b/include/ssp/stdio.h
> @@ -0,0 +1,93 @@
> +/* $NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_STDIO_H_
> +#define _SSP_STDIO_H_
> +
> +#include <ssp/ssp.h>
> +
> +__BEGIN_DECLS
> +int __sprintf_chk(char *__restrict, int, size_t, const char
> *__restrict, ...)
> + __printflike(4, 5);
> +int __vsprintf_chk(char *__restrict, int, size_t, const char
> *__restrict,
> + __va_list)
> + __printflike(4, 0);
> +int __snprintf_chk(char *__restrict, size_t, int, size_t,
> + const char *__restrict, ...)
> + __printflike(5, 6);
> +int __vsnprintf_chk(char *__restrict, size_t, int, size_t,
> + const char *__restrict, __va_list)
> + __printflike(5, 0);
> +char *__gets_chk(char *, size_t);
> +char *__fgets_chk(char *, int, size_t, FILE *);
> +__END_DECLS
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +
> +#define sprintf(str, ...) ({ \
> + char *_ssp_str = (str); \
> + __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), \
> + __VA_ARGS__); \
> +})
> +
> +#define vsprintf(str, fmt, ap) ({ \
> + char *_ssp_str = (str); \
> + __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),
> fmt, \
> + ap); \
> +})
> +
> +#define snprintf(str, len, ...) ({ \
> + char *_ssp_str = (str); \
> + __builtin___snprintf_chk(_ssp_str, len, 0,
> __ssp_bos(_ssp_str), \
> + __VA_ARGS__); \
> +})
> +
> +#define vsnprintf(str, len, fmt, ap) ({ \
> + char *_ssp_str = (str); \
> + __builtin___vsnprintf_chk(_ssp_str, len, 0,
> __ssp_bos(_ssp_str), \
> + fmt, ap); \
> +})
> +
> +#define gets(str) ({ \
> + char *_ssp_str = (str); \
> + __gets_chk(_ssp_str, __ssp_bos(_ssp_str)); \
> +})
> +
> +#define fgets(str, len, fp) ({ \
> + char *_ssp_str = (str); \
> + __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp); \
> +})
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +
> +#endif /* _SSP_STDIO_H_ */
> diff --git a/include/ssp/string.h b/include/ssp/string.h
> new file mode 100644
> index 000000000000..996020fda778
> --- /dev/null
> +++ b/include/ssp/string.h
> @@ -0,0 +1,129 @@
> +/* $NetBSD: string.h,v 1.14 2020/09/05 13:37:59 mrg Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_STRING_H_
> +#define _SSP_STRING_H_
> +
> +#include <ssp/ssp.h>
> +
> +__BEGIN_DECLS
> +void *__memcpy_chk(void *, const void *, size_t, size_t);
> +void *__memmove_chk(void *, const void *, size_t, size_t);
> +void *__memset_chk(void *, int, size_t, size_t);
> +char *__stpcpy_chk(char *, const char *, size_t);
> +char *__stpncpy_chk(char *, const char *, size_t, size_t);
> +char *__strcat_chk(char *, const char *, size_t);
> +char *__strcpy_chk(char *, const char *, size_t);
> +char *__strncat_chk(char *, const char *, size_t, size_t);
> +char *__strncpy_chk(char *, const char *, size_t, size_t);
> +__END_DECLS
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +
> +#define __ssp_bos_check3_typed_var(fun, dsttype, dsrvar, dst,
> srctype, srcvar, \
> + src, lenvar, len) ({ \
> + srctype srcvar = (src); \
> + dsttype dstvar = (dst); \
> + size_t lenvar = (len); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___ ## fun ## _chk(dstvar, srcvar, lenvar, \
> + __ssp_bos0(dstvar)) : \
> + __ ## fun ## _ichk(dstvar, srcvar, lenvar)); \
> +})
> +
> +#define __ssp_bos_check3_typed(fun, dsttype, dst, srctype, src,
> len) \
> + __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), dst, \
> + srctype, __ssp_var(srcv), src, __ssp_var(lenv), len)
> +
> +#define __ssp_bos_check3(fun, dst, src, len) \
> + __ssp_bos_check3_typed_var(fun, void *, __ssp_var(dstv), dst, \
> + const void *, __ssp_var(srcv), src, __ssp_var(lenv), len)
> +
> +#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src) ({ \
> + const void *srcvar = (src); \
> + void *dstvar = (dst); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___ ## fun ## _chk(dstvar, srcvar, \
> + __ssp_bos0(dstvar)) : \
> + __ ## fun ## _ichk(dstvar, srcvar)); \
> +})
> +
> +#define __ssp_bos_check2(fun, dst, src) \
> + __ssp_bos_check2_var(fun, __ssp_var(dstv), dst,
> __ssp_var(srcv), src)
> +
> +#define __ssp_bos_icheck3_restrict(fun, type1, type2) \
> +static __inline type1 __ ## fun ## _ichk(type1 __restrict, type2
> __restrict, size_t); \
> +static __inline __attribute__((__always_inline__)) type1 \
> +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src,
> size_t len) { \
> + return __builtin___ ## fun ## _chk(dst, src, len,
> __ssp_bos0(dst)); \
> +}
> +
> +#define __ssp_bos_icheck3(fun, type1, type2) \
> +static __inline type1 __ ## fun ## _ichk(type1, type2, size_t); \
> +static __inline __attribute__((__always_inline__)) type1 \
> +__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \
> + return __builtin___ ## fun ## _chk(dst, src, len,
> __ssp_bos0(dst)); \
> +}
> +
> +#define __ssp_bos_icheck2_restrict(fun, type1, type2) \
> +static __inline type1 __ ## fun ## _ichk(type1, type2); \
> +static __inline __attribute__((__always_inline__)) type1 \
> +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \
> + return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \
> +}
> +
> +__BEGIN_DECLS
> +__ssp_bos_icheck3_restrict(memcpy, void *, const void *)
> +__ssp_bos_icheck3(memmove, void *, const void *)
> +__ssp_bos_icheck3(memset, void *, int)
> +__ssp_bos_icheck2_restrict(stpcpy, char *, const char *)
> +__ssp_bos_icheck3_restrict(stpncpy, char *, const char *)
> +__ssp_bos_icheck2_restrict(strcpy, char *, const char *)
> +__ssp_bos_icheck2_restrict(strcat, char *, const char *)
> +__ssp_bos_icheck3_restrict(strncpy, char *, const char *)
> +__ssp_bos_icheck3_restrict(strncat, char *, const char *)
> +__END_DECLS
> +
> +#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
> +#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len)
> +#define memset(dst, val, len) \
> + __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
> +#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src)
> +#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len)
> +#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src)
> +#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src)
> +#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len)
> +#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len)
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +#endif /* _SSP_STRING_H_ */
> diff --git a/include/ssp/strings.h b/include/ssp/strings.h
> new file mode 100644
> index 000000000000..06c9c7cc0a09
> --- /dev/null
> +++ b/include/ssp/strings.h
> @@ -0,0 +1,67 @@
> +/* $NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2007 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_STRINGS_H_
> +#define _SSP_STRINGS_H_
> +
> +#include <ssp/ssp.h>
> +#include <string.h>
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +
> +#define _ssp_bcopy(srcvar, src, dstvar, dst, lenvar, len) ({ \
> + const void *srcvar = (src); \
> + void *dstvar = (dst); \
> + size_t lenvar = (len); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___memmove_chk(dstvar, srcvar, lenvar, \
> + __ssp_bos0(dstvar)) : \
> + __memmove_ichk(dstvar, srcvar, lenvar)); \
> +})
> +
> +#define bcopy(src, dst, len) \
> + _ssp_bcopy(__ssp_var(srcv), src, __ssp_var(dstv), dst,
> __ssp_var(lenv), len)
> +
> +#define _ssp_bzero(dstvar, dst, lenvar, len) ({ \
> + void *dstvar = (dst); \
> + size_t lenvar = (len); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___memset_chk(dstvar, 0, lenvar, \
> + __ssp_bos0(dstvar)) : \
> + __memset_ichk(dstvar, 0, lenvar)); \
> +})
> +
> +#define bzero(dst, len) _ssp_bzero(__ssp_var(dstv), dst,
> __ssp_var(lenv), len)
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +#endif /* _SSP_STRINGS_H_ */
> diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h
> new file mode 100644
> index 000000000000..2414e2baa96b
> --- /dev/null
> +++ b/include/ssp/unistd.h
> @@ -0,0 +1,54 @@
> +/* $NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_UNISTD_H_
> +#define _SSP_UNISTD_H_
> +
> +#include <ssp/ssp.h>
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +__BEGIN_DECLS
> +
> +__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \
> + (__fd, __buf, __len));
> +
> +__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \
> + char *__restrict __buf, size_t __len), (__path, __buf, __len));
> +
> +__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len),
> + (__buf, __len), __buf != 0, __ssp_bos);
> +
> +__END_DECLS
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +#endif /* _SSP_UNISTD_H_ */
> diff --git a/lib/libc/secure/Makefile.inc b/lib/libc/secure/Makefile.inc
> index 8574c5a05dc5..3b1ad879c715 100644
> --- a/lib/libc/secure/Makefile.inc
> +++ b/lib/libc/secure/Makefile.inc
> @@ -3,6 +3,17 @@
>
> .PATH: ${LIBC_SRCTOP}/secure
>
> +# _FORTIFY_SOURCE
> +SRCS+= gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c
> memset_chk.c \
> + snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \
> + strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \
> + vsnprintf_chk.c vsprintf_chk.c
> +
> +CFLAGS.snprintf_chk.c+= -Wno-unused-parameter
> +CFLAGS.sprintf_chk.c+= -Wno-unused-parameter
> +CFLAGS.vsnprintf_chk.c+= -Wno-unused-parameter
> +CFLAGS.vsprintf_chk.c+= -Wno-unused-parameter
> +
> # Sources common to both syscall interfaces:
> SRCS+= stack_protector.c \
> stack_protector_compat.c
> diff --git a/lib/libc/secure/Symbol.map b/lib/libc/secure/Symbol.map
> index 641f451b5421..7859fcee3821 100644
> --- a/lib/libc/secure/Symbol.map
> +++ b/lib/libc/secure/Symbol.map
> @@ -3,3 +3,21 @@ FBSD_1.0 {
> __stack_chk_fail;
> __stack_chk_guard;
> };
> +
> +FBSD_1.8 {
> + __gets_chk;
> + __fgets_chk;
> + __memcpy_chk;
> + __memmove_chk;
> + __memset_chk;
> + __snprintf_chk;
> + __sprintf_chk;
> + __stpcpy_chk;
> + __stpncpy_chk;
> + __strcat_chk;
> + __strcpy_chk;
> + __strncat_chk;
> + __strncpy_chk;
> + __vsnprintf_chk;
> + __vsprintf_chk;
> +};
> diff --git a/lib/libc/secure/fgets_chk.c b/lib/libc/secure/fgets_chk.c
> new file mode 100644
> index 000000000000..72aa1d816ce1
> --- /dev/null
> +++ b/lib/libc/secure/fgets_chk.c
> @@ -0,0 +1,54 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $");
> +
> +#include <limits.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include <ssp/stdio.h>
> +#include <ssp/string.h>
> +#undef fgets
> +
> +char *
> +__fgets_chk(char * __restrict buf, int len, size_t slen, FILE *fp)
> +{
> + if (slen >= (size_t)INT_MAX)
> + return (fgets(buf, len, fp));
> +
> + if (len >= 0 && (size_t)len > slen)
> + __chk_fail();
> +
> + return (fgets(buf, len, fp));
> +}
> diff --git a/lib/libc/secure/gets_chk.c b/lib/libc/secure/gets_chk.c
> new file mode 100644
> index 000000000000..18c1e2d18f43
> --- /dev/null
> +++ b/lib/libc/secure/gets_chk.c
> @@ -0,0 +1,74 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp
> $");
> +
> +#include <limits.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include <ssp/stdio.h>
> +#include <ssp/string.h>
> +
> +char *__gets_unsafe(char *);
> +
> +char *
> +__gets_chk(char * __restrict buf, size_t slen)
> +{
> + char *abuf;
> + size_t len;
> +
> + if (slen >= (size_t)INT_MAX)
> + return (__gets_unsafe(buf));
> +
> + if ((abuf = malloc(slen + 1)) == NULL)
> + return (__gets_unsafe(buf));
> +
> + if (fgets(abuf, (int)(slen + 1), stdin) == NULL) {
> + free(abuf);
> + return (NULL);
> + }
> +
> + len = strlen(abuf);
> + if (len > 0 && abuf[len - 1] == '\n')
> + --len;
> +
> + if (len >= slen)
> + __chk_fail();
> +
> + (void)memcpy(buf, abuf, len);
> +
> + buf[len] = '\0';
> + free(abuf);
> + return (buf);
> +}
> diff --git a/lib/libc/secure/memcpy_chk.c b/lib/libc/secure/memcpy_chk.c
> new file mode 100644
> index 000000000000..99cf2d5f13ff
> --- /dev/null
> +++ b/lib/libc/secure/memcpy_chk.c
> @@ -0,0 +1,53 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $");
> +
> +#include <string.h>
> +
> +#include <ssp/string.h>
> +#undef memcpy
> +
> +#include "ssp_internal.h"
> +
> +void *
> +__memcpy_chk(void * __restrict dst, const void * __restrict src,
> size_t len,
> + size_t slen)
> +{
> + if (len > slen)
> + __chk_fail();
> +
> + if (__ssp_overlap((const char *)src, (const char *)dst, len))
> + __chk_fail();
> +
> + return (memcpy(dst, src, len));
> +}
> diff --git a/lib/libc/secure/memmove_chk.c
> b/lib/libc/secure/memmove_chk.c
> new file mode 100644
> index 000000000000..07f965d608fc
> --- /dev/null
> +++ b/lib/libc/secure/memmove_chk.c
> @@ -0,0 +1,47 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:37:59 mrg Exp $");
> +
> +#include <string.h>
> +
> +#include <ssp/string.h>
> +#undef memmove
> +
> +void *
> +__memmove_chk(void *dst, const void *src, size_t len,
> + size_t slen)
> +{
> + if (len > slen)
> + __chk_fail();
> + return (memmove(dst, src, len));
> +}
> diff --git a/lib/libc/secure/memset_chk.c b/lib/libc/secure/memset_chk.c
> new file mode 100644
> index 000000000000..f337be98b46d
> --- /dev/null
> +++ b/lib/libc/secure/memset_chk.c
> @@ -0,0 +1,46 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
> +
> +#include <string.h>
> +
> +#include <ssp/string.h>
> +#undef memset
> +
> +void *
> +__memset_chk(void * __restrict dst, int val, size_t len, size_t slen)
> +{
> + if (len > slen)
> + __chk_fail();
> + return (memset(dst, val, len));
> +}
> diff --git a/lib/libc/secure/snprintf_chk.c
> b/lib/libc/secure/snprintf_chk.c
> new file mode 100644
> index 000000000000..52ef874ede5b
> --- /dev/null
> +++ b/lib/libc/secure/snprintf_chk.c
> @@ -0,0 +1,56 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin
> Exp $");
> +
> +#include <stdarg.h>
> +#include <stdio.h>
> +
> +#include <ssp/stdio.h>
> +#undef vsnprintf
> +
> +int
> +__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t
> slen,
> + const char * __restrict fmt, ...)
> +{
> + va_list ap;
> + int rv;
> +
> + if (len > slen)
> + __chk_fail();
> +
> + va_start(ap, fmt);
> + rv = vsnprintf(buf, len, fmt, ap);
> + va_end(ap);
> +
> + return (rv);
> +}
> diff --git a/lib/libc/secure/sprintf_chk.c
> b/lib/libc/secure/sprintf_chk.c
> new file mode 100644
> index 000000000000..d4c42ccba3ce
> --- /dev/null
> +++ b/lib/libc/secure/sprintf_chk.c
> @@ -0,0 +1,61 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> *** 1063 LINES SKIPPED ***
>
>
[-- Attachment #2 --]
<html><head></head><body><div class="ydp8924580yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div dir="ltr" data-setdir="false">FWIW .. and let me be clear I haven't worked on this in ages and I am not planning to retake this either...</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">clang just couldn't do the static fortify_source <span><span style="color: rgb(0, 0, 0); font-family: Helvetica Neue, Helvetica, Arial, sans-serif; font-size: 16px;">checks</span></span> due to the way llvm uses an intermediate representation; the size just couldn't be handled in the preprocessor. Google did spend some time adding extra attributes to clang to improve the debugging and you can see that implemented in bionic libc but that was it. musl didn't even try.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">fortify_source does replace some key libc functions with memory checking alternatives and that turns out to be annoying when debugging. In a way it breaks that principle C programmers once had, where developers are expected to know what they are doing, and if the error is caught at runtime by the stack protector anyways it ends up being redundant.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">One more thing about the static checks. Most of the linux distributions out there indeed have built their software packages with GCC and fortify_source >=2. As a consequence, when we ran an exp-run on the ports tree (with GCC), fortify_source didn't find anything: it was basically a waste of time.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Another reason for not setting it by default is performance. And here I answer Shawn's comment on why not enable stack-protector-all and safestack and fortify_source at the same time: running unnecessary checks over and over again wastes energy and can have some performance hit. The later may seem negligible in modern processors, but why do them if they bring no benefit? (No need to answer ... just left as food for thought)</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Pedro.</div><div><br></div>
</div><div id="ydp72f18629yahoo_quoted_6991073376" class="ydp72f18629yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Saturday, May 18, 2024 at 09:08:52 PM GMT-5, Kyle Evans <kevans@freebsd.org> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">On 5/18/24 20:09, Pedro Giffuni wrote:<br></div><div dir="ltr">> (sorry for top posting .. my mailer just sucks)<br></div><div dir="ltr">> Hi;<br></div><div dir="ltr">> <br></div><div dir="ltr">> I used to like the limited static checking FORTIFY_SOURCE provides and <br></div><div dir="ltr">> when I ran it over FreeBSD it did find a couple of minor issues. It only <br></div><div dir="ltr">> works for GCC though.<br></div><div dir="ltr">> <br></div><div dir="ltr"><br></div><div dir="ltr">I don't think this is particularly true anymore; I haven't found a case <br></div><div dir="ltr">yet where __builtin_object_size(3) doesn't give me the correct size <br></div><div dir="ltr">while GCC did. I'd welcome counter-examples here, though -- we have <br></div><div dir="ltr">funding to both finish the project (widen the _FORTIFY_SOURCE net to <br></div><div dir="ltr">more of libc/libsys) and add tests to demonstrate that it's both <br></div><div dir="ltr">functional and correct. It would be useful to also document <br></div><div dir="ltr">deficiencies in the tests.<br></div><div dir="ltr"><br></div><div dir="ltr">> I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD <br></div><div dir="ltr">> had the least intrusive implementation the last time I checked but I <br></div><div dir="ltr">> would certainly request it should never be activated by default, <br></div><div dir="ltr">> specially with clang. The GCC version has seen more development on glibc <br></div><div dir="ltr">> but I still think its a dead end.<br></div><div dir="ltr">> <br></div><div dir="ltr"><br></div><div dir="ltr">I don't see a compelling reason to avoid enabling it by default; see <br></div><div dir="ltr">above, the functionality that we need in clang appears to be just fine <br></div><div dir="ltr">(and, iirc, was also fine when I checked at the beginning of working on <br></div><div dir="ltr">this in 2021) and it provides useful<br></div><div dir="ltr"><br></div><div dir="ltr">> What I would like to see working on FreeBSD is Safestack as a <br></div><div dir="ltr">> replacement for the stack protector, which we were so very slow to adopt <br></div><div dir="ltr">> even when it was originally developed in FreeBSD. I think other projects <br></div><div dir="ltr">> based on FreeBSD (Chimera and hardenedBSD) have been using it but I <br></div><div dir="ltr">> don't know the details.<br></div><div dir="ltr">> <br></div><div dir="ltr"><br></div><div dir="ltr">No comment there, though I think Shawn Webb / HardenedBSD had been <br></div><div dir="ltr">playing around with SafeStack (and might have enabled it? I haven't <br></div><div dir="ltr">actually looked in a while now).<br></div><div dir="ltr"><br></div><div dir="ltr">> This is just all my $0.02<br></div><div dir="ltr">> <br></div><div dir="ltr">> Pedro.<br></div><div dir="ltr"><br></div><div dir="ltr">Thanks,<br></div><div dir="ltr"><br></div><div dir="ltr">Kyle Evans<br></div><div dir="ltr"><br></div><div dir="ltr">> <br></div><div dir="ltr">> On Saturday, May 18, 2024 at 05:54:42 PM GMT-5, Kyle Evans <br></div><div dir="ltr">> <<a href="mailto:kaevans@fastmail.com" rel="nofollow" target="_blank">kaevans@fastmail.com</a>> wrote:<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> On May 18, 2024 13:42, Pedro Giffuni <<a href="mailto:pfg@freebsd.org" rel="nofollow" target="_blank">pfg@freebsd.org</a>> wrote:<br></div><div dir="ltr">> <br></div><div dir="ltr">> Oh no .. please not...<br></div><div dir="ltr">> <br></div><div dir="ltr">> We went into that in a GSoC:<br></div><div dir="ltr">> <br></div><div dir="ltr">> <a href="https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions" rel="nofollow" target="_blank">https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions</a>; <<a href="https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions" rel="nofollow" target="_blank">https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions</a>><br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> Ultimately it proved to be useless since stack-protector-strong.<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> Respectfully, I disagree with your conclusion here:<br></div><div dir="ltr">> <br></div><div dir="ltr">> 1.) _FORTIFY_SOURCE provides more granular detection of overflow; I <br></div><div dir="ltr">> don't have to overflow all the way into the canary at the end of the <br></div><div dir="ltr">> frame to be detected, so my minor bug now can be caught before something <br></div><div dir="ltr">> causes the stack frame to be rearranged and turn it into a security <br></div><div dir="ltr">> issue later<br></div><div dir="ltr">> <br></div><div dir="ltr">> 2.) __builtin_object_size doesn't work on heap objects, but it actually <br></div><div dir="ltr">> can work on subobjects from a heap allocation (e.g., &foo->name), so the <br></div><div dir="ltr">> coverage extends beyond the stack into starting to detect other kinds of <br></div><div dir="ltr">> overflow<br></div><div dir="ltr">> <br></div><div dir="ltr">> While the security value over stack-protector-strong may be marginal (I <br></div><div dir="ltr">> won't debate this specifically), the feature still has value in general.<br></div><div dir="ltr">> <br></div><div dir="ltr">> Thanks,<br></div><div dir="ltr">> <br></div><div dir="ltr">> Kyle Evans<br></div><div dir="ltr">> <br></div><div dir="ltr">> The NetBSD code was not well adapted to clang either.<br></div><div dir="ltr">> <br></div><div dir="ltr">> Ask me more if you really want to dig into it, but we don't want this.<br></div><div dir="ltr">> <br></div><div dir="ltr">> Pedro.<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> On Monday, May 13, 2024 at 12:24:13 AM GMT-5, Kyle Evans<br></div><div dir="ltr">> <<a href="mailto:kevans@freebsd.org" rel="nofollow" target="_blank">kevans@freebsd.org</a>> wrote:<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> The branch main has been updated by kevans:<br></div><div dir="ltr">> <br></div><div dir="ltr">> URL:<br></div><div dir="ltr">> <a href="https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928" rel="nofollow" target="_blank">https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928</a>; <<a href="https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928" rel="nofollow" target="_blank">https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928</a>><br></div><div dir="ltr">> <br></div><div dir="ltr">> commit be04fec42638f30f50b5b55fd8e3634c0fb89928<br></div><div dir="ltr">> Author: Kyle Evans <<a href="mailto:kevans@FreeBSD.org" rel="nofollow" target="_blank">kevans@FreeBSD.org</a> <mailto:kevans@FreeBSD.org>><br></div><div dir="ltr">> AuthorDate: 2024-05-13 05:23:49 +0000<br></div><div dir="ltr">> Commit: Kyle Evans <<a href="mailto:kevans@FreeBSD.org" rel="nofollow" target="_blank">kevans@FreeBSD.org</a> <mailto:kevans@FreeBSD.org>><br></div><div dir="ltr">> CommitDate: 2024-05-13 05:23:49 +0000<br></div><div dir="ltr">> <br></div><div dir="ltr">> Import _FORTIFY_SOURCE implementation from NetBSD<br></div><div dir="ltr">> <br></div><div dir="ltr">> This is a mostly-unmodified copy of the various *_chk<br></div><div dir="ltr">> implementations<br></div><div dir="ltr">> and headers from NetBSD, without yet modifying system headers<br></div><div dir="ltr">> to start<br></div><div dir="ltr">> actually including them. A future commit will also apply the<br></div><div dir="ltr">> needed<br></div><div dir="ltr">> bits to fix ssp/unistd.h.<br></div><div dir="ltr">> <br></div><div dir="ltr">> Reviewed by: imp, pauamma_gundo.com (both previous<br></div><div dir="ltr">> versions), kib<br></div><div dir="ltr">> Sponsored by: Stormshield<br></div><div dir="ltr">> Sponsored by: Klara, Inc.<br></div><div dir="ltr">> Differential Revision: <a href="https://reviews.freebsd.org/D32306" rel="nofollow" target="_blank">https://reviews.freebsd.org/D32306</a><br></div><div dir="ltr">> <<a href="https://reviews.freebsd.org/D32306" rel="nofollow" target="_blank">https://reviews.freebsd.org/D32306</a>><br></div><div dir="ltr">> ---<br></div><div dir="ltr">> etc/mtree/BSD.include.dist | 2 +<br></div><div dir="ltr">> include/Makefile | 2 +-<br></div><div dir="ltr">> include/ssp/Makefile | 6 ++<br></div><div dir="ltr">> include/ssp/ssp.h | 91 ++++++++++++++++++++++++++<br></div><div dir="ltr">> include/ssp/stdio.h | 93 ++++++++++++++++++++++++++<br></div><div dir="ltr">> include/ssp/string.h | 129<br></div><div dir="ltr">> ++++++++++++++++++++++++++++++++++++<br></div><div dir="ltr">> include/ssp/strings.h | 67 +++++++++++++++++++<br></div><div dir="ltr">> include/ssp/unistd.h | 54 +++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/Makefile.inc | 11 ++++<br></div><div dir="ltr">> lib/libc/secure/Symbol.map | 18 +++++<br></div><div dir="ltr">> lib/libc/secure/fgets_chk.c | 54 +++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/gets_chk.c | 74 +++++++++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/memcpy_chk.c | 53 +++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/memmove_chk.c | 47 +++++++++++++<br></div><div dir="ltr">> lib/libc/secure/memset_chk.c | 46 +++++++++++++<br></div><div dir="ltr">> lib/libc/secure/snprintf_chk.c | 56 ++++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/sprintf_chk.c | 61 +++++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/ssp_internal.h | 37 +++++++++++<br></div><div dir="ltr">> lib/libc/secure/stpcpy_chk.c | 55 ++++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/stpncpy_chk.c | 53 +++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/strcat_chk.c | 60 +++++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/strcpy_chk.c | 54 +++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/strncat_chk.c | 70 ++++++++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/strncpy_chk.c | 53 +++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/vsnprintf_chk.c | 49 ++++++++++++++<br></div><div dir="ltr">> lib/libc/secure/vsprintf_chk.c | 58 ++++++++++++++++<br></div><div dir="ltr">> lib/libssp/Makefile | 20 +++++-<br></div><div dir="ltr">> lib/libssp/Symbol.map | 12 ++--<br></div><div dir="ltr">> lib/libssp/Versions.def | 5 ++<br></div><div dir="ltr">> lib/libssp/__builtin_object_size.3 | 110 +++++++++++++++++++++++++++++++<br></div><div dir="ltr">> lib/libssp/fortify_stubs.c | 131<br></div><div dir="ltr">> -------------------------------------<br></div><div dir="ltr">> lib/libssp/ssp.3 | 130<br></div><div dir="ltr">> ++++++++++++++++++++++++++++++++++++<br></div><div dir="ltr">> 32 files changed, 1621 insertions(+), 140 deletions(-)<br></div><div dir="ltr">> <br></div><div dir="ltr">> diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist<br></div><div dir="ltr">> index a6bd5880bf61..f8c83d6dde7a 100644<br></div><div dir="ltr">> --- a/etc/mtree/BSD.include.dist<br></div><div dir="ltr">> +++ b/etc/mtree/BSD.include.dist<br></div><div dir="ltr">> @@ -372,6 +372,8 @@<br></div><div dir="ltr">> mac_veriexec<br></div><div dir="ltr">> ..<br></div><div dir="ltr">> ..<br></div><div dir="ltr">> + ssp<br></div><div dir="ltr">> + ..<br></div><div dir="ltr">> sys<br></div><div dir="ltr">> disk<br></div><div dir="ltr">> ..<br></div><div dir="ltr">> diff --git a/include/Makefile b/include/Makefile<br></div><div dir="ltr">> index 19e6beb95203..32774419f162 100644<br></div><div dir="ltr">> --- a/include/Makefile<br></div><div dir="ltr">> +++ b/include/Makefile<br></div><div dir="ltr">> @@ -4,7 +4,7 @@<br></div><div dir="ltr">> <br></div><div dir="ltr">> PACKAGE=clibs<br></div><div dir="ltr">> CLEANFILES= osreldate.h version<br></div><div dir="ltr">> -SUBDIR= arpa protocols rpcsvc rpc xlocale<br></div><div dir="ltr">> +SUBDIR= arpa protocols rpcsvc rpc ssp xlocale<br></div><div dir="ltr">> .if ${MACHINE_CPUARCH} == "amd64"<br></div><div dir="ltr">> SUBDIR+= i386<br></div><div dir="ltr">> INCLUDE_SUBDIRS+= i386<br></div><div dir="ltr">> diff --git a/include/ssp/Makefile b/include/ssp/Makefile<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..dff19f43c920<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/include/ssp/Makefile<br></div><div dir="ltr">> @@ -0,0 +1,6 @@<br></div><div dir="ltr">> +# $FreeBSD$<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +INCS= ssp.h stdio.h string.h strings.h unistd.h<br></div><div dir="ltr">> +INCSDIR= ${INCLUDEDIR}/ssp<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +.include <bsd.prog.mk><br></div><div dir="ltr">> diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..35a9aeee02df<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/include/ssp/ssp.h<br></div><div dir="ltr">> @@ -0,0 +1,91 @@<br></div><div dir="ltr">> +/* $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $ */<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#ifndef _SSP_SSP_H_<br></div><div dir="ltr">> +#define _SSP_SSP_H_<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <sys/cdefs.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#if !defined(__cplusplus)<br></div><div dir="ltr">> +# if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \<br></div><div dir="ltr">> + (__OPTIMIZE__ > 0 || defined(__clang__))<br></div><div dir="ltr">> +# if _FORTIFY_SOURCE > 1<br></div><div dir="ltr">> +# define __SSP_FORTIFY_LEVEL 2<br></div><div dir="ltr">> +# else<br></div><div dir="ltr">> +# define __SSP_FORTIFY_LEVEL 1<br></div><div dir="ltr">> +# endif<br></div><div dir="ltr">> +# else<br></div><div dir="ltr">> +# define __SSP_FORTIFY_LEVEL 0<br></div><div dir="ltr">> +# endif<br></div><div dir="ltr">> +#else<br></div><div dir="ltr">> +# define __SSP_FORTIFY_LEVEL 0<br></div><div dir="ltr">> +#endif<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_var(type) __CONCAT(__ssp_ ## type, __COUNTER__)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +/* __ssp_real is used by the implementation in libc */<br></div><div dir="ltr">> +#if __SSP_FORTIFY_LEVEL == 0<br></div><div dir="ltr">> +#define __ssp_real_(fun) fun<br></div><div dir="ltr">> +#else<br></div><div dir="ltr">> +#define __ssp_real_(fun) __ssp_real_ ## fun<br></div><div dir="ltr">> +#endif<br></div><div dir="ltr">> +#define __ssp_real(fun) __ssp_real_(fun)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_inline static __inline __attribute__((__always_inline__))<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos(ptr) __builtin_object_size(ptr,<br></div><div dir="ltr">> __SSP_FORTIFY_LEVEL > 1)<br></div><div dir="ltr">> +#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_check(buf, len, bos) \<br></div><div dir="ltr">> + if (bos(buf) != (size_t)-1 && len > bos(buf)) \<br></div><div dir="ltr">> + __chk_fail()<br></div><div dir="ltr">> +#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \<br></div><div dir="ltr">> +rtype __ssp_real_(fun) args __RENAME(symbol); \<br></div><div dir="ltr">> +__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \<br></div><div dir="ltr">> +__ssp_inline rtype fun args { \<br></div><div dir="ltr">> + if (cond) \<br></div><div dir="ltr">> + __ssp_check(__buf, __len, bos); \<br></div><div dir="ltr">> + return __ssp_real_(fun) call; \<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_redirect(rtype, fun, args, call) \<br></div><div dir="ltr">> + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos)<br></div><div dir="ltr">> +#define __ssp_redirect0(rtype, fun, args, call) \<br></div><div dir="ltr">> + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__BEGIN_DECLS<br></div><div dir="ltr">> +void __stack_chk_fail(void) __dead2;<br></div><div dir="ltr">> +void __chk_fail(void) __dead2;<br></div><div dir="ltr">> +__END_DECLS<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#endif /* _SSP_SSP_H_ */<br></div><div dir="ltr">> diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..72e3236eac80<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/include/ssp/stdio.h<br></div><div dir="ltr">> @@ -0,0 +1,93 @@<br></div><div dir="ltr">> +/* $NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $ */<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#ifndef _SSP_STDIO_H_<br></div><div dir="ltr">> +#define _SSP_STDIO_H_<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/ssp.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__BEGIN_DECLS<br></div><div dir="ltr">> +int __sprintf_chk(char *__restrict, int, size_t, const char<br></div><div dir="ltr">> *__restrict, ...)<br></div><div dir="ltr">> + __printflike(4, 5);<br></div><div dir="ltr">> +int __vsprintf_chk(char *__restrict, int, size_t, const char<br></div><div dir="ltr">> *__restrict,<br></div><div dir="ltr">> + __va_list)<br></div><div dir="ltr">> + __printflike(4, 0);<br></div><div dir="ltr">> +int __snprintf_chk(char *__restrict, size_t, int, size_t,<br></div><div dir="ltr">> + const char *__restrict, ...)<br></div><div dir="ltr">> + __printflike(5, 6);<br></div><div dir="ltr">> +int __vsnprintf_chk(char *__restrict, size_t, int, size_t,<br></div><div dir="ltr">> + const char *__restrict, __va_list)<br></div><div dir="ltr">> + __printflike(5, 0);<br></div><div dir="ltr">> +char *__gets_chk(char *, size_t);<br></div><div dir="ltr">> +char *__fgets_chk(char *, int, size_t, FILE *);<br></div><div dir="ltr">> +__END_DECLS<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#if __SSP_FORTIFY_LEVEL > 0<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define sprintf(str, ...) ({ \<br></div><div dir="ltr">> + char *_ssp_str = (str); \<br></div><div dir="ltr">> + __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), \<br></div><div dir="ltr">> + __VA_ARGS__); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define vsprintf(str, fmt, ap) ({ \<br></div><div dir="ltr">> + char *_ssp_str = (str); \<br></div><div dir="ltr">> + __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),<br></div><div dir="ltr">> fmt, \<br></div><div dir="ltr">> + ap); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define snprintf(str, len, ...) ({ \<br></div><div dir="ltr">> + char *_ssp_str = (str); \<br></div><div dir="ltr">> + __builtin___snprintf_chk(_ssp_str, len, 0,<br></div><div dir="ltr">> __ssp_bos(_ssp_str), \<br></div><div dir="ltr">> + __VA_ARGS__); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define vsnprintf(str, len, fmt, ap) ({ \<br></div><div dir="ltr">> + char *_ssp_str = (str); \<br></div><div dir="ltr">> + __builtin___vsnprintf_chk(_ssp_str, len, 0,<br></div><div dir="ltr">> __ssp_bos(_ssp_str), \<br></div><div dir="ltr">> + fmt, ap); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define gets(str) ({ \<br></div><div dir="ltr">> + char *_ssp_str = (str); \<br></div><div dir="ltr">> + __gets_chk(_ssp_str, __ssp_bos(_ssp_str)); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define fgets(str, len, fp) ({ \<br></div><div dir="ltr">> + char *_ssp_str = (str); \<br></div><div dir="ltr">> + __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#endif /* __SSP_FORTIFY_LEVEL > 0 */<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#endif /* _SSP_STDIO_H_ */<br></div><div dir="ltr">> diff --git a/include/ssp/string.h b/include/ssp/string.h<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..996020fda778<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/include/ssp/string.h<br></div><div dir="ltr">> @@ -0,0 +1,129 @@<br></div><div dir="ltr">> +/* $NetBSD: string.h,v 1.14 2020/09/05 13:37:59 mrg Exp $ */<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#ifndef _SSP_STRING_H_<br></div><div dir="ltr">> +#define _SSP_STRING_H_<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/ssp.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__BEGIN_DECLS<br></div><div dir="ltr">> +void *__memcpy_chk(void *, const void *, size_t, size_t);<br></div><div dir="ltr">> +void *__memmove_chk(void *, const void *, size_t, size_t);<br></div><div dir="ltr">> +void *__memset_chk(void *, int, size_t, size_t);<br></div><div dir="ltr">> +char *__stpcpy_chk(char *, const char *, size_t);<br></div><div dir="ltr">> +char *__stpncpy_chk(char *, const char *, size_t, size_t);<br></div><div dir="ltr">> +char *__strcat_chk(char *, const char *, size_t);<br></div><div dir="ltr">> +char *__strcpy_chk(char *, const char *, size_t);<br></div><div dir="ltr">> +char *__strncat_chk(char *, const char *, size_t, size_t);<br></div><div dir="ltr">> +char *__strncpy_chk(char *, const char *, size_t, size_t);<br></div><div dir="ltr">> +__END_DECLS<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#if __SSP_FORTIFY_LEVEL > 0<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_check3_typed_var(fun, dsttype, dsrvar, dst,<br></div><div dir="ltr">> srctype, srcvar, \<br></div><div dir="ltr">> + src, lenvar, len) ({ \<br></div><div dir="ltr">> + srctype srcvar = (src); \<br></div><div dir="ltr">> + dsttype dstvar = (dst); \<br></div><div dir="ltr">> + size_t lenvar = (len); \<br></div><div dir="ltr">> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \<br></div><div dir="ltr">> + __builtin___ ## fun ## _chk(dstvar, srcvar, lenvar, \<br></div><div dir="ltr">> + __ssp_bos0(dstvar)) : \<br></div><div dir="ltr">> + __ ## fun ## _ichk(dstvar, srcvar, lenvar)); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_check3_typed(fun, dsttype, dst, srctype, src,<br></div><div dir="ltr">> len) \<br></div><div dir="ltr">> + __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), dst, \<br></div><div dir="ltr">> + srctype, __ssp_var(srcv), src, __ssp_var(lenv), len)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_check3(fun, dst, src, len) \<br></div><div dir="ltr">> + __ssp_bos_check3_typed_var(fun, void *, __ssp_var(dstv), dst, \<br></div><div dir="ltr">> + const void *, __ssp_var(srcv), src, __ssp_var(lenv), len)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src) ({ \<br></div><div dir="ltr">> + const void *srcvar = (src); \<br></div><div dir="ltr">> + void *dstvar = (dst); \<br></div><div dir="ltr">> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \<br></div><div dir="ltr">> + __builtin___ ## fun ## _chk(dstvar, srcvar, \<br></div><div dir="ltr">> + __ssp_bos0(dstvar)) : \<br></div><div dir="ltr">> + __ ## fun ## _ichk(dstvar, srcvar)); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_check2(fun, dst, src) \<br></div><div dir="ltr">> + __ssp_bos_check2_var(fun, __ssp_var(dstv), dst,<br></div><div dir="ltr">> __ssp_var(srcv), src)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_icheck3_restrict(fun, type1, type2) \<br></div><div dir="ltr">> +static __inline type1 __ ## fun ## _ichk(type1 __restrict, type2<br></div><div dir="ltr">> __restrict, size_t); \<br></div><div dir="ltr">> +static __inline __attribute__((__always_inline__)) type1 \<br></div><div dir="ltr">> +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src,<br></div><div dir="ltr">> size_t len) { \<br></div><div dir="ltr">> + return __builtin___ ## fun ## _chk(dst, src, len,<br></div><div dir="ltr">> __ssp_bos0(dst)); \<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_icheck3(fun, type1, type2) \<br></div><div dir="ltr">> +static __inline type1 __ ## fun ## _ichk(type1, type2, size_t); \<br></div><div dir="ltr">> +static __inline __attribute__((__always_inline__)) type1 \<br></div><div dir="ltr">> +__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \<br></div><div dir="ltr">> + return __builtin___ ## fun ## _chk(dst, src, len,<br></div><div dir="ltr">> __ssp_bos0(dst)); \<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define __ssp_bos_icheck2_restrict(fun, type1, type2) \<br></div><div dir="ltr">> +static __inline type1 __ ## fun ## _ichk(type1, type2); \<br></div><div dir="ltr">> +static __inline __attribute__((__always_inline__)) type1 \<br></div><div dir="ltr">> +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \<br></div><div dir="ltr">> + return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__BEGIN_DECLS<br></div><div dir="ltr">> +__ssp_bos_icheck3_restrict(memcpy, void *, const void *)<br></div><div dir="ltr">> +__ssp_bos_icheck3(memmove, void *, const void *)<br></div><div dir="ltr">> +__ssp_bos_icheck3(memset, void *, int)<br></div><div dir="ltr">> +__ssp_bos_icheck2_restrict(stpcpy, char *, const char *)<br></div><div dir="ltr">> +__ssp_bos_icheck3_restrict(stpncpy, char *, const char *)<br></div><div dir="ltr">> +__ssp_bos_icheck2_restrict(strcpy, char *, const char *)<br></div><div dir="ltr">> +__ssp_bos_icheck2_restrict(strcat, char *, const char *)<br></div><div dir="ltr">> +__ssp_bos_icheck3_restrict(strncpy, char *, const char *)<br></div><div dir="ltr">> +__ssp_bos_icheck3_restrict(strncat, char *, const char *)<br></div><div dir="ltr">> +__END_DECLS<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)<br></div><div dir="ltr">> +#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len)<br></div><div dir="ltr">> +#define memset(dst, val, len) \<br></div><div dir="ltr">> + __ssp_bos_check3_typed(memset, void *, dst, int, val, len)<br></div><div dir="ltr">> +#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src)<br></div><div dir="ltr">> +#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len)<br></div><div dir="ltr">> +#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src)<br></div><div dir="ltr">> +#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src)<br></div><div dir="ltr">> +#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len)<br></div><div dir="ltr">> +#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#endif /* __SSP_FORTIFY_LEVEL > 0 */<br></div><div dir="ltr">> +#endif /* _SSP_STRING_H_ */<br></div><div dir="ltr">> diff --git a/include/ssp/strings.h b/include/ssp/strings.h<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..06c9c7cc0a09<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/include/ssp/strings.h<br></div><div dir="ltr">> @@ -0,0 +1,67 @@<br></div><div dir="ltr">> +/* $NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp $ */<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2007 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#ifndef _SSP_STRINGS_H_<br></div><div dir="ltr">> +#define _SSP_STRINGS_H_<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/ssp.h><br></div><div dir="ltr">> +#include <string.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#if __SSP_FORTIFY_LEVEL > 0<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define _ssp_bcopy(srcvar, src, dstvar, dst, lenvar, len) ({ \<br></div><div dir="ltr">> + const void *srcvar = (src); \<br></div><div dir="ltr">> + void *dstvar = (dst); \<br></div><div dir="ltr">> + size_t lenvar = (len); \<br></div><div dir="ltr">> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \<br></div><div dir="ltr">> + __builtin___memmove_chk(dstvar, srcvar, lenvar, \<br></div><div dir="ltr">> + __ssp_bos0(dstvar)) : \<br></div><div dir="ltr">> + __memmove_ichk(dstvar, srcvar, lenvar)); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define bcopy(src, dst, len) \<br></div><div dir="ltr">> + _ssp_bcopy(__ssp_var(srcv), src, __ssp_var(dstv), dst,<br></div><div dir="ltr">> __ssp_var(lenv), len)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define _ssp_bzero(dstvar, dst, lenvar, len) ({ \<br></div><div dir="ltr">> + void *dstvar = (dst); \<br></div><div dir="ltr">> + size_t lenvar = (len); \<br></div><div dir="ltr">> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \<br></div><div dir="ltr">> + __builtin___memset_chk(dstvar, 0, lenvar, \<br></div><div dir="ltr">> + __ssp_bos0(dstvar)) : \<br></div><div dir="ltr">> + __memset_ichk(dstvar, 0, lenvar)); \<br></div><div dir="ltr">> +})<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#define bzero(dst, len) _ssp_bzero(__ssp_var(dstv), dst,<br></div><div dir="ltr">> __ssp_var(lenv), len)<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#endif /* __SSP_FORTIFY_LEVEL > 0 */<br></div><div dir="ltr">> +#endif /* _SSP_STRINGS_H_ */<br></div><div dir="ltr">> diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..2414e2baa96b<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/include/ssp/unistd.h<br></div><div dir="ltr">> @@ -0,0 +1,54 @@<br></div><div dir="ltr">> +/* $NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $ */<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#ifndef _SSP_UNISTD_H_<br></div><div dir="ltr">> +#define _SSP_UNISTD_H_<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/ssp.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#if __SSP_FORTIFY_LEVEL > 0<br></div><div dir="ltr">> +__BEGIN_DECLS<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \<br></div><div dir="ltr">> + (__fd, __buf, __len));<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \<br></div><div dir="ltr">> + char *__restrict __buf, size_t __len), (__path, __buf, __len));<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len),<br></div><div dir="ltr">> + (__buf, __len), __buf != 0, __ssp_bos);<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +__END_DECLS<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#endif /* __SSP_FORTIFY_LEVEL > 0 */<br></div><div dir="ltr">> +#endif /* _SSP_UNISTD_H_ */<br></div><div dir="ltr">> diff --git a/lib/libc/secure/Makefile.inc b/lib/libc/secure/Makefile.inc<br></div><div dir="ltr">> index 8574c5a05dc5..3b1ad879c715 100644<br></div><div dir="ltr">> --- a/lib/libc/secure/Makefile.inc<br></div><div dir="ltr">> +++ b/lib/libc/secure/Makefile.inc<br></div><div dir="ltr">> @@ -3,6 +3,17 @@<br></div><div dir="ltr">> <br></div><div dir="ltr">> .PATH: ${LIBC_SRCTOP}/secure<br></div><div dir="ltr">> <br></div><div dir="ltr">> +# _FORTIFY_SOURCE<br></div><div dir="ltr">> +SRCS+= gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c<br></div><div dir="ltr">> memset_chk.c \<br></div><div dir="ltr">> + snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \<br></div><div dir="ltr">> + strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \<br></div><div dir="ltr">> + vsnprintf_chk.c vsprintf_chk.c<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +CFLAGS.snprintf_chk.c+= -Wno-unused-parameter<br></div><div dir="ltr">> +CFLAGS.sprintf_chk.c+= -Wno-unused-parameter<br></div><div dir="ltr">> +CFLAGS.vsnprintf_chk.c+= -Wno-unused-parameter<br></div><div dir="ltr">> +CFLAGS.vsprintf_chk.c+= -Wno-unused-parameter<br></div><div dir="ltr">> +<br></div><div dir="ltr">> # Sources common to both syscall interfaces:<br></div><div dir="ltr">> SRCS+= stack_protector.c \<br></div><div dir="ltr">> stack_protector_compat.c<br></div><div dir="ltr">> diff --git a/lib/libc/secure/Symbol.map b/lib/libc/secure/Symbol.map<br></div><div dir="ltr">> index 641f451b5421..7859fcee3821 100644<br></div><div dir="ltr">> --- a/lib/libc/secure/Symbol.map<br></div><div dir="ltr">> +++ b/lib/libc/secure/Symbol.map<br></div><div dir="ltr">> @@ -3,3 +3,21 @@ FBSD_1.0 {<br></div><div dir="ltr">> __stack_chk_fail;<br></div><div dir="ltr">> __stack_chk_guard;<br></div><div dir="ltr">> };<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +FBSD_1.8 {<br></div><div dir="ltr">> + __gets_chk;<br></div><div dir="ltr">> + __fgets_chk;<br></div><div dir="ltr">> + __memcpy_chk;<br></div><div dir="ltr">> + __memmove_chk;<br></div><div dir="ltr">> + __memset_chk;<br></div><div dir="ltr">> + __snprintf_chk;<br></div><div dir="ltr">> + __sprintf_chk;<br></div><div dir="ltr">> + __stpcpy_chk;<br></div><div dir="ltr">> + __stpncpy_chk;<br></div><div dir="ltr">> + __strcat_chk;<br></div><div dir="ltr">> + __strcpy_chk;<br></div><div dir="ltr">> + __strncat_chk;<br></div><div dir="ltr">> + __strncpy_chk;<br></div><div dir="ltr">> + __vsnprintf_chk;<br></div><div dir="ltr">> + __vsprintf_chk;<br></div><div dir="ltr">> +};<br></div><div dir="ltr">> diff --git a/lib/libc/secure/fgets_chk.c b/lib/libc/secure/fgets_chk.c<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..72aa1d816ce1<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/lib/libc/secure/fgets_chk.c<br></div><div dir="ltr">> @@ -0,0 +1,54 @@<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#include <sys/cdefs.h><br></div><div dir="ltr">> +__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $");<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <limits.h><br></div><div dir="ltr">> +#include <stdio.h><br></div><div dir="ltr">> +#include <stdlib.h><br></div><div dir="ltr">> +#include <string.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/stdio.h><br></div><div dir="ltr">> +#include <ssp/string.h><br></div><div dir="ltr">> +#undef fgets<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +char *<br></div><div dir="ltr">> +__fgets_chk(char * __restrict buf, int len, size_t slen, FILE *fp)<br></div><div dir="ltr">> +{<br></div><div dir="ltr">> + if (slen >= (size_t)INT_MAX)<br></div><div dir="ltr">> + return (fgets(buf, len, fp));<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + if (len >= 0 && (size_t)len > slen)<br></div><div dir="ltr">> + __chk_fail();<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + return (fgets(buf, len, fp));<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> diff --git a/lib/libc/secure/gets_chk.c b/lib/libc/secure/gets_chk.c<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..18c1e2d18f43<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/lib/libc/secure/gets_chk.c<br></div><div dir="ltr">> @@ -0,0 +1,74 @@<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#include <sys/cdefs.h><br></div><div dir="ltr">> +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp<br></div><div dir="ltr">> $");<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <limits.h><br></div><div dir="ltr">> +#include <stdio.h><br></div><div dir="ltr">> +#include <stdlib.h><br></div><div dir="ltr">> +#include <string.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/stdio.h><br></div><div dir="ltr">> +#include <ssp/string.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +char *__gets_unsafe(char *);<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +char *<br></div><div dir="ltr">> +__gets_chk(char * __restrict buf, size_t slen)<br></div><div dir="ltr">> +{<br></div><div dir="ltr">> + char *abuf;<br></div><div dir="ltr">> + size_t len;<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + if (slen >= (size_t)INT_MAX)<br></div><div dir="ltr">> + return (__gets_unsafe(buf));<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + if ((abuf = malloc(slen + 1)) == NULL)<br></div><div dir="ltr">> + return (__gets_unsafe(buf));<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + if (fgets(abuf, (int)(slen + 1), stdin) == NULL) {<br></div><div dir="ltr">> + free(abuf);<br></div><div dir="ltr">> + return (NULL);<br></div><div dir="ltr">> + }<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + len = strlen(abuf);<br></div><div dir="ltr">> + if (len > 0 && abuf[len - 1] == '\n')<br></div><div dir="ltr">> + --len;<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + if (len >= slen)<br></div><div dir="ltr">> + __chk_fail();<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + (void)memcpy(buf, abuf, len);<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + buf[len] = '\0';<br></div><div dir="ltr">> + free(abuf);<br></div><div dir="ltr">> + return (buf);<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> diff --git a/lib/libc/secure/memcpy_chk.c b/lib/libc/secure/memcpy_chk.c<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..99cf2d5f13ff<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/lib/libc/secure/memcpy_chk.c<br></div><div dir="ltr">> @@ -0,0 +1,53 @@<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#include <sys/cdefs.h><br></div><div dir="ltr">> +__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $");<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <string.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/string.h><br></div><div dir="ltr">> +#undef memcpy<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include "ssp_internal.h"<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +void *<br></div><div dir="ltr">> +__memcpy_chk(void * __restrict dst, const void * __restrict src,<br></div><div dir="ltr">> size_t len,<br></div><div dir="ltr">> + size_t slen)<br></div><div dir="ltr">> +{<br></div><div dir="ltr">> + if (len > slen)<br></div><div dir="ltr">> + __chk_fail();<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + if (__ssp_overlap((const char *)src, (const char *)dst, len))<br></div><div dir="ltr">> + __chk_fail();<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + return (memcpy(dst, src, len));<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> diff --git a/lib/libc/secure/memmove_chk.c<br></div><div dir="ltr">> b/lib/libc/secure/memmove_chk.c<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..07f965d608fc<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/lib/libc/secure/memmove_chk.c<br></div><div dir="ltr">> @@ -0,0 +1,47 @@<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#include <sys/cdefs.h><br></div><div dir="ltr">> +__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:37:59 mrg Exp $");<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <string.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/string.h><br></div><div dir="ltr">> +#undef memmove<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +void *<br></div><div dir="ltr">> +__memmove_chk(void *dst, const void *src, size_t len,<br></div><div dir="ltr">> + size_t slen)<br></div><div dir="ltr">> +{<br></div><div dir="ltr">> + if (len > slen)<br></div><div dir="ltr">> + __chk_fail();<br></div><div dir="ltr">> + return (memmove(dst, src, len));<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> diff --git a/lib/libc/secure/memset_chk.c b/lib/libc/secure/memset_chk.c<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..f337be98b46d<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/lib/libc/secure/memset_chk.c<br></div><div dir="ltr">> @@ -0,0 +1,46 @@<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#include <sys/cdefs.h><br></div><div dir="ltr">> +__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <string.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/string.h><br></div><div dir="ltr">> +#undef memset<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +void *<br></div><div dir="ltr">> +__memset_chk(void * __restrict dst, int val, size_t len, size_t slen)<br></div><div dir="ltr">> +{<br></div><div dir="ltr">> + if (len > slen)<br></div><div dir="ltr">> + __chk_fail();<br></div><div dir="ltr">> + return (memset(dst, val, len));<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> diff --git a/lib/libc/secure/snprintf_chk.c<br></div><div dir="ltr">> b/lib/libc/secure/snprintf_chk.c<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..52ef874ede5b<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/lib/libc/secure/snprintf_chk.c<br></div><div dir="ltr">> @@ -0,0 +1,56 @@<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> + * by Christos Zoulas.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Redistribution and use in source and binary forms, with or without<br></div><div dir="ltr">> + * modification, are permitted provided that the following conditions<br></div><div dir="ltr">> + * are met:<br></div><div dir="ltr">> + * 1. Redistributions of source code must retain the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer.<br></div><div dir="ltr">> + * 2. Redistributions in binary form must reproduce the above copyright<br></div><div dir="ltr">> + * notice, this list of conditions and the following disclaimer<br></div><div dir="ltr">> in the<br></div><div dir="ltr">> + * documentation and/or other materials provided with the<br></div><div dir="ltr">> distribution.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT<br></div><div dir="ltr">> NOT LIMITED<br></div><div dir="ltr">> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A<br></div><div dir="ltr">> PARTICULAR<br></div><div dir="ltr">> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR<br></div><div dir="ltr">> CONTRIBUTORS<br></div><div dir="ltr">> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,<br></div><div dir="ltr">> EXEMPLARY, OR<br></div><div dir="ltr">> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF<br></div><div dir="ltr">> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR<br></div><div dir="ltr">> BUSINESS<br></div><div dir="ltr">> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,<br></div><div dir="ltr">> WHETHER IN<br></div><div dir="ltr">> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR<br></div><div dir="ltr">> OTHERWISE)<br></div><div dir="ltr">> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF<br></div><div dir="ltr">> ADVISED OF THE<br></div><div dir="ltr">> + * POSSIBILITY OF SUCH DAMAGE.<br></div><div dir="ltr">> + */<br></div><div dir="ltr">> +#include <sys/cdefs.h><br></div><div dir="ltr">> +__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin<br></div><div dir="ltr">> Exp $");<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <stdarg.h><br></div><div dir="ltr">> +#include <stdio.h><br></div><div dir="ltr">> +<br></div><div dir="ltr">> +#include <ssp/stdio.h><br></div><div dir="ltr">> +#undef vsnprintf<br></div><div dir="ltr">> +<br></div><div dir="ltr">> +int<br></div><div dir="ltr">> +__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t<br></div><div dir="ltr">> slen,<br></div><div dir="ltr">> + const char * __restrict fmt, ...)<br></div><div dir="ltr">> +{<br></div><div dir="ltr">> + va_list ap;<br></div><div dir="ltr">> + int rv;<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + if (len > slen)<br></div><div dir="ltr">> + __chk_fail();<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + va_start(ap, fmt);<br></div><div dir="ltr">> + rv = vsnprintf(buf, len, fmt, ap);<br></div><div dir="ltr">> + va_end(ap);<br></div><div dir="ltr">> +<br></div><div dir="ltr">> + return (rv);<br></div><div dir="ltr">> +}<br></div><div dir="ltr">> diff --git a/lib/libc/secure/sprintf_chk.c<br></div><div dir="ltr">> b/lib/libc/secure/sprintf_chk.c<br></div><div dir="ltr">> new file mode 100644<br></div><div dir="ltr">> index 000000000000..d4c42ccba3ce<br></div><div dir="ltr">> --- /dev/null<br></div><div dir="ltr">> +++ b/lib/libc/secure/sprintf_chk.c<br></div><div dir="ltr">> @@ -0,0 +1,61 @@<br></div><div dir="ltr">> +/*-<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * SPDX-License-Identifier: BSD-2-Clause<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * Copyright (c) 2006 The NetBSD Foundation, Inc.<br></div><div dir="ltr">> + * All rights reserved.<br></div><div dir="ltr">> + *<br></div><div dir="ltr">> + * This code is derived from software contributed to The NetBSD<br></div><div dir="ltr">> Foundation<br></div><div dir="ltr">> *** 1063 LINES SKIPPED ***<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div></div>
</div>
</div></body></html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1413980952.1357400.1716093599901>