generic-library/bionic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

libc: upgrade sprintf to _FORTIFY_SOURCE=2

Browse Source 
Upgrade sprintf to fortify_source level 2, to catch
additional security bugs.

Change-Id: Ibc957d65e4cb96152de84b3745a04e00fa22659e
This commit is contained in:
Nick Kralevich 2013-04-29 16:29:37 -07:00
parent 382a775378
commit 78d6d9888c
4 changed files with 33 additions and 4 deletions

2
libc/include/stdio.h

@ -494,7 +494,7 @@ __attribute__((__nonnull__ (2)))
int sprintf(char *dest, const char *format, ...) int sprintf(char *dest, const char *format, ...)
{ {
return __builtin___sprintf_chk(dest, 0, return __builtin___sprintf_chk(dest, 0,
__builtin_object_size(dest, 0), format, __builtin_va_arg_pack()); __bos(dest), format, __builtin_va_arg_pack());
} }
extern char *__fgets_real(char *, int, FILE *) extern char *__fgets_real(char *, int, FILE *)

4
libc/include/sys/cdefs.h

@ -518,9 +518,9 @@
#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 && !defined(__clang__) #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 && !defined(__clang__)
#define __BIONIC_FORTIFY 1 #define __BIONIC_FORTIFY 1
#if _FORTIFY_SOURCE == 2 #if _FORTIFY_SOURCE == 2
#define __bos(s) __builtin_object_size((s), 1); #define __bos(s) __builtin_object_size((s), 1)
#else #else
#define __bos(s) __builtin_object_size((s), 0); #define __bos(s) __builtin_object_size((s), 0)
#endif #endif
#define __BIONIC_FORTIFY_INLINE \ #define __BIONIC_FORTIFY_INLINE \

8
tests/fortify1_test.cpp

@ -52,3 +52,11 @@ TEST(Fortify1_DeathTest, strrchr_fortified) {
ASSERT_EXIT(printf("%s", strrchr(buf, 'a')), testing::KilledBySignal(SIGSEGV), ""); ASSERT_EXIT(printf("%s", strrchr(buf, 'a')), testing::KilledBySignal(SIGSEGV), "");
} }
#endif #endif
TEST(Fortify1_DeathTest, sprintf_fortified) {
::testing::FLAGS_gtest_death_test_style = "threadsafe";
char buf[10];
char source_buf[15];
memcpy(source_buf, "12345678901234", 15);
ASSERT_EXIT(sprintf(buf, "%s", source_buf), testing::KilledBySignal(SIGSEGV), "");
}

23
tests/fortify2_test.cpp

@ -27,7 +27,7 @@ struct foo {
// We have to say "DeathTest" here so gtest knows to run this test (which exits) // We have to say "DeathTest" here so gtest knows to run this test (which exits)
// in its own process. // in its own process.
TEST(Fortify2_DeathTest, strncpy_fortified) { TEST(Fortify2_DeathTest, strncpy_fortified2) {
::testing::FLAGS_gtest_death_test_style = "threadsafe"; ::testing::FLAGS_gtest_death_test_style = "threadsafe";
foo myfoo; foo myfoo;
int copy_amt = atoi("11"); int copy_amt = atoi("11");
@ -35,6 +35,19 @@ TEST(Fortify2_DeathTest, strncpy_fortified) {
testing::KilledBySignal(SIGSEGV), ""); testing::KilledBySignal(SIGSEGV), "");
} }
TEST(Fortify2_DeathTest, sprintf_fortified2) {
::testing::FLAGS_gtest_death_test_style = "threadsafe";
foo myfoo;
char source_buf[15];
memcpy(source_buf, "12345678901234", 15);
ASSERT_EXIT(sprintf(myfoo.a, "%s", source_buf),
testing::KilledBySignal(SIGSEGV), "");
}
/***********************************************************/
/* TESTS BELOW HERE DUPLICATE TESTS FROM fortify1_test.cpp */
/***********************************************************/
#if __BIONIC__ #if __BIONIC__
TEST(Fortify2_DeathTest, strcpy_fortified) { TEST(Fortify2_DeathTest, strcpy_fortified) {
::testing::FLAGS_gtest_death_test_style = "threadsafe"; ::testing::FLAGS_gtest_death_test_style = "threadsafe";
@ -65,3 +78,11 @@ TEST(Fortify2_DeathTest, strrchr_fortified) {
ASSERT_EXIT(printf("%s", strrchr(buf, 'a')), testing::KilledBySignal(SIGSEGV), ""); ASSERT_EXIT(printf("%s", strrchr(buf, 'a')), testing::KilledBySignal(SIGSEGV), "");
} }
#endif #endif
TEST(Fortify2_DeathTest, sprintf_fortified) {
::testing::FLAGS_gtest_death_test_style = "threadsafe";
char buf[10];
char source_buf[15];
memcpy(source_buf, "12345678901234", 15);
ASSERT_EXIT(sprintf(buf, "%s", source_buf), testing::KilledBySignal(SIGSEGV), "");
}