Date: Fri, 01 May 2026 02:59:03 +0000 From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: d98f4f0698ef - main - ssp: fix our gets_s implementation under _FORTIFY_SOURCE Message-ID: <69f416f7.42943.1330d5e6@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=d98f4f0698ef0c5178882c544b4c38542d4780f0 commit d98f4f0698ef0c5178882c544b4c38542d4780f0 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2026-05-01 02:57:51 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2026-05-01 02:58:48 +0000 ssp: fix our gets_s implementation under _FORTIFY_SOURCE Annex K specifies an interface for handling constraint violations from gets_s, but we previously broke this for some classes of get_s misuse. Provide a more nuanced version that tries to dodge errors that would trigger a constraint handler while still providing value. Notably, we don't want to trigger a failure unless the passed-in length reasonably fits within an RSIZE_MAX, because gets_s will immediately call larger lengths bogus and fail. PR: 294881 Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D56734 --- include/ssp/stdio.h | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h index 630683951e4b..17bda8d3ee2d 100644 --- a/include/ssp/stdio.h +++ b/include/ssp/stdio.h @@ -36,6 +36,10 @@ #include <ssp/ssp.h> +#if __SSP_FORTIFY_LEVEL > 0 && __EXT1_VISIBLE +#include <sys/stdint.h> +#endif + __BEGIN_DECLS #if __SSP_FORTIFY_LEVEL > 0 #if __POSIX_VISIBLE @@ -51,7 +55,31 @@ __ssp_redirect(size_t, fread, (void *__restrict __buf, size_t __len, __ssp_redirect(size_t, fread_unlocked, (void *__restrict __buf, size_t __len, size_t __nmemb, FILE *__restrict __fp), (__buf, __len, __nmemb, __fp)); #if __EXT1_VISIBLE -__ssp_redirect(char *, gets_s, (char *__buf, rsize_t __len), (__buf, __len)); +__ssp_redirect_raw_impl(char *, gets_s, gets_s, + (char *buf, rsize_t len)) +{ + char *retbuf; + size_t bufsz; + int need_fail = 0; + + /* + * If we would have overwritten our buffer, we want to fail the check + * only if these arguments wouldn't have triggered a constraint + * violation. + */ + bufsz = __ssp_bos(buf); + if (bufsz != (size_t)-1 && (size_t)len > bufsz) { + if (len <= RSIZE_MAX) + __chk_fail(); + need_fail = 1; + } + + retbuf = __ssp_real(gets_s)(buf, len); + if (need_fail && retbuf != NULL) + __chk_fail(); + return (retbuf); +} + #endif /* __EXT1_VISIBLE */ __ssp_redirect_raw(char *, tmpnam, tmpnam, (char *__buf), (__buf), 1, __ssp_bos, L_tmpnam);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69f416f7.42943.1330d5e6>