generic-library/bionic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

clean up FORTIFY_SOURCE handling.

Browse Source 
Avoid duplicating huge chunks of code.

Change-Id: Id6145cdfce781c5ffba2abaaa79681d25a7ab28f
This commit is contained in:
Nick Kralevich 2012-12-04 13:55:19 -08:00
parent db79e827eb
commit 326ea5413d
18 changed files with 43 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libc/bionic/__fgets_chk.cpp
View File

@ -45,15 +45,11 @@ extern "C" char *__fgets_chk(char *dest, int supplied_size,
FILE *stream, size_t dest_len_from_compiler) FILE *stream, size_t dest_len_from_compiler)
{ {
if (supplied_size < 0) { if (supplied_size < 0) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("fgets buffer size less than 0", 0);
"*** fgets buffer size less than 0 ***\n");
abort();
} }
if (((size_t) supplied_size) > dest_len_from_compiler) { if (((size_t) supplied_size) > dest_len_from_compiler) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("fgets buffer overflow", 0);
"*** fgets buffer overflow detected ***\n");
abort();
} }
return fgets(dest, supplied_size, stream); return fgets(dest, supplied_size, stream);

6
libc/bionic/__memcpy_chk.cpp
View File

@ -46,10 +46,8 @@ extern "C" void *__memcpy_chk(void *dest, const void *src,
size_t copy_amount, size_t dest_len) size_t copy_amount, size_t dest_len)
{ {
if (__builtin_expect(copy_amount > dest_len, 0)) { if (__builtin_expect(copy_amount > dest_len, 0)) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("memcpy buffer overflow",
"*** memcpy buffer overflow detected ***\n"); BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW);
abort();
} }
return memcpy(dest, src, copy_amount); return memcpy(dest, src, copy_amount);

6
libc/bionic/__memmove_chk.cpp
View File

@ -45,10 +45,8 @@ extern "C" void *__memmove_chk (void *dest, const void *src,
size_t len, size_t dest_len) size_t len, size_t dest_len)
{ {
if (len > dest_len) { if (len > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("memmove buffer overflow",
"*** memmove buffer overflow detected ***\n"); BIONIC_EVENT_MEMMOVE_BUFFER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_MEMMOVE_BUFFER_OVERFLOW);
abort();
} }
return memmove(dest, src, len); return memmove(dest, src, len);

6
libc/bionic/__memset_chk.cpp
View File

@ -43,10 +43,8 @@
*/ */
extern "C" void *__memset_chk (void *dest, int c, size_t n, size_t dest_len) { extern "C" void *__memset_chk (void *dest, int c, size_t n, size_t dest_len) {
if (n > dest_len) { if (n > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("memset buffer overflow",
"*** memset buffer overflow detected ***\n"); BIONIC_EVENT_MEMSET_BUFFER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_MEMSET_BUFFER_OVERFLOW);
abort();
} }
return memset(dest, c, n); return memset(dest, c, n);

12
libc/bionic/__strcat_chk.cpp
View File

@ -50,17 +50,13 @@ extern "C" char *__strcat_chk (char *dest, const char *src, size_t dest_buf_size
// sum = src_len + dest_len + 1 (with overflow protection) // sum = src_len + dest_len + 1 (with overflow protection)
if (!safe_add3(&sum, src_len, dest_len, 1U)) { if (!safe_add3(&sum, src_len, dest_len, 1U)) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strcat integer overflow",
"*** strcat integer overflow detected ***\n"); BIONIC_EVENT_STRCAT_INTEGER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_STRCAT_INTEGER_OVERFLOW);
abort();
} }
if (sum > dest_buf_size) { if (sum > dest_buf_size) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strcat buffer overflow",
"*** strcat buffer overflow detected ***\n"); BIONIC_EVENT_STRCAT_BUFFER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW);
abort();
} }
return strcat(dest, src); return strcat(dest, src);

6
libc/bionic/__strcpy_chk.cpp
View File

@ -45,10 +45,8 @@ extern "C" char *__strcpy_chk (char *dest, const char *src, size_t dest_len) {
// TODO: optimize so we don't scan src twice. // TODO: optimize so we don't scan src twice.
size_t src_len = strlen(src) + 1; size_t src_len = strlen(src) + 1;
if (src_len > dest_len) { if (src_len > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strcpy buffer overflow",
"*** strcpy buffer overflow detected ***\n"); BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW);
abort();
} }
return strcpy(dest, src); return strcpy(dest, src);

4
libc/bionic/__strlcat_chk.cpp
View File

@ -46,9 +46,7 @@ extern "C" size_t __strlcat_chk(char *dest, const char *src,
size_t supplied_size, size_t dest_len_from_compiler) size_t supplied_size, size_t dest_len_from_compiler)
{ {
if (supplied_size > dest_len_from_compiler) { if (supplied_size > dest_len_from_compiler) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strlcat buffer overflow", 0);
"*** strlcat buffer overflow detected ***\n");
abort();
} }
return strlcat(dest, src, supplied_size); return strlcat(dest, src, supplied_size);

4
libc/bionic/__strlcpy_chk.cpp
View File

@ -46,9 +46,7 @@ extern "C" size_t __strlcpy_chk(char *dest, const char *src,
size_t supplied_size, size_t dest_len_from_compiler) size_t supplied_size, size_t dest_len_from_compiler)
{ {
if (supplied_size > dest_len_from_compiler) { if (supplied_size > dest_len_from_compiler) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strlcpy buffer overflow", 0);
"*** strlcpy buffer overflow detected ***\n");
abort();
} }
return strlcpy(dest, src, supplied_size); return strlcpy(dest, src, supplied_size);

4
libc/bionic/__strlen_chk.cpp
View File

@ -57,9 +57,7 @@ extern "C" size_t __strlen_chk(const char *s, size_t s_len) {
size_t ret = strlen(s); size_t ret = strlen(s);
if (__builtin_expect(ret >= s_len, 0)) { if (__builtin_expect(ret >= s_len, 0)) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strlen read overflow", 0);
"*** strlen read overflow detected ***\n");
abort();
} }
return ret; return ret;

12
libc/bionic/__strncat_chk.cpp
View File

@ -55,17 +55,13 @@ extern "C" char *__strncat_chk (char *dest, const char *src,
size_t sum; size_t sum;
// sum = src_len + dest_len + 1 (with overflow protection) // sum = src_len + dest_len + 1 (with overflow protection)
if (!safe_add3(&sum, src_len, dest_len, 1U)) { if (!safe_add3(&sum, src_len, dest_len, 1U)) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strncat integer overflow",
"*** strncat integer overflow detected ***\n"); BIONIC_EVENT_STRNCAT_INTEGER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_INTEGER_OVERFLOW);
abort();
} }
if (sum > dest_buf_size) { if (sum > dest_buf_size) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strncat buffer overflow",
"*** strncat buffer overflow detected ***\n"); BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW);
abort();
} }
return strncat(dest, src, len); return strncat(dest, src, len);

6
libc/bionic/__strncpy_chk.cpp
View File

@ -45,10 +45,8 @@ extern "C" char *__strncpy_chk (char *dest, const char *src,
size_t len, size_t dest_len) size_t len, size_t dest_len)
{ {
if (len > dest_len) { if (len > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strncpy buffer overflow",
"*** strncpy buffer overflow detected ***\n"); BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW);
__libc_android_log_event_uid(BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW);
abort();
} }
return strncpy(dest, src, len); return strncpy(dest, src, len);

4
libc/bionic/__umask_chk.cpp
View File

@ -43,9 +43,7 @@
*/ */
extern "C" mode_t __umask_chk(mode_t mode) { extern "C" mode_t __umask_chk(mode_t mode) {
if ((mode & 0777) != mode) { if ((mode & 0777) != mode) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("umask called with invalid mask", 0);
"*** FORTIFY_SOURCE: umask called with invalid mask ***\n");
abort();
} }
return umask(mode); return umask(mode);

4
libc/bionic/__vsnprintf_chk.cpp
View File

@ -51,9 +51,7 @@ extern "C" int __vsnprintf_chk(
va_list va) va_list va)
{ {
if (supplied_size > dest_len_from_compiler) { if (supplied_size > dest_len_from_compiler) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("vsnprintf buffer overflow", 0);
"*** vsnprintf buffer overflow detected ***\n");
abort();
} }
return vsnprintf(dest, supplied_size, format, va); return vsnprintf(dest, supplied_size, format, va);

4
libc/bionic/__vsprintf_chk.cpp
View File

@ -52,9 +52,7 @@ extern "C" int __vsprintf_chk(
int ret = vsnprintf(dest, dest_len_from_compiler, format, va); int ret = vsnprintf(dest, dest_len_from_compiler, format, va);
if ((size_t) ret >= dest_len_from_compiler) { if ((size_t) ret >= dest_len_from_compiler) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("vsprintf buffer overflow", 0);
"*** vsprintf buffer overflow detected ***\n");
abort();
} }
return ret; return ret;

11
libc/bionic/logd_write.c
View File

@ -247,3 +247,14 @@ void __libc_android_log_event_uid(int32_t tag)
{ {
__libc_android_log_event_int(tag, getuid()); __libc_android_log_event_int(tag, getuid());
} }
__LIBC_HIDDEN__
void __fortify_chk_fail(const char *msg, uint32_t tag) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"FORTIFY_SOURCE: %s. Calling abort().\n",
msg);
if (tag != 0) {
__libc_android_log_event_uid(tag);
}
abort();
}

2
libc/private/logd.h
View File

@ -71,6 +71,8 @@ int __libc_android_log_vprint(int prio, const char *tag, const char *fmt, va_lis
void __libc_android_log_event_int(int32_t tag, int value); void __libc_android_log_event_int(int32_t tag, int value);
void __libc_android_log_event_uid(int32_t tag); void __libc_android_log_event_uid(int32_t tag);
__noreturn extern void __fortify_chk_fail(const char *, uint32_t);
#ifdef __cplusplus #ifdef __cplusplus
}; };
#endif #endif

7
libc/string/strchr.c
View File

@ -35,11 +35,8 @@ char *
__strchr_chk(const char *p, int ch, size_t s_len) __strchr_chk(const char *p, int ch, size_t s_len)
{ {
for (;; ++p, s_len--) { for (;; ++p, s_len--) {
if (s_len == 0) { if (s_len == 0)
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strchr read beyond buffer", 0);
"*** FORTIFY_SOURCE strchr read beyond buffer ***\n");
abort();
}
if (*p == (char) ch) if (*p == (char) ch)
return((char *)p); return((char *)p);
if (!*p) if (!*p)

7
libc/string/strrchr.c
View File

@ -37,11 +37,8 @@ __strrchr_chk(const char *p, int ch, size_t s_len)
char *save; char *save;
for (save = NULL;; ++p, s_len--) { for (save = NULL;; ++p, s_len--) {
if (s_len == 0) { if (s_len == 0)
__libc_android_log_print(ANDROID_LOG_FATAL, "libc", __fortify_chk_fail("strrchr read beyond buffer", 0);
"*** FORTIFY_SOURCE strrchr read beyond buffer ***\n");
abort();
}
if (*p == (char) ch) if (*p == (char) ch)
save = (char *)p; save = (char *)p;
if (!*p) if (!*p)