FORTIFY_SOURCE: add open() checks
Add a FORTIFY_SOURCE check which requires that you pass a "mode" argument when calling open(..., O_CREAT). If a mode isn't passed, then the file is created with "undefined" permissions. Change-Id: I4427be4f9ce170c69da01af5b00fb05b03613a28
This commit is contained in:
parent
b52e4385c4
commit
8118f62a7d
@ -49,6 +49,46 @@ extern int unlinkat(int dirfd, const char *pathname, int flags);
|
|||||||
extern int fcntl(int fd, int command, ...);
|
extern int fcntl(int fd, int command, ...);
|
||||||
extern int creat(const char* path, mode_t mode);
|
extern int creat(const char* path, mode_t mode);
|
||||||
|
|
||||||
|
#if defined(__BIONIC_FORTIFY_INLINE)
|
||||||
|
|
||||||
|
# if !defined(__clang__)
|
||||||
|
/*
|
||||||
|
* Clang doesn't have support for __builtin_va_arg_pack()
|
||||||
|
* and __builtin_va_arg_pack_len()
|
||||||
|
*
|
||||||
|
* http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc
|
||||||
|
*/
|
||||||
|
|
||||||
|
extern void __open_creat_error()
|
||||||
|
__attribute__((__error__ ("open called with O_CREAT, but missing mode")));
|
||||||
|
extern void __open_toomanyargs_error()
|
||||||
|
__attribute__((__error__ ("open called with too many arguments")));
|
||||||
|
extern int __open_real(const char *pathname, int flags, ...)
|
||||||
|
__asm__(__USER_LABEL_PREFIX__ "open");
|
||||||
|
extern int __open_2(const char *, int);
|
||||||
|
|
||||||
|
__BIONIC_FORTIFY_INLINE
|
||||||
|
int open(const char *pathname, int flags, ...) {
|
||||||
|
if (__builtin_constant_p(flags)) {
|
||||||
|
if ((flags & O_CREAT) && __builtin_va_arg_pack_len() == 0) {
|
||||||
|
__open_creat_error(); // compile time error
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (__builtin_va_arg_pack_len() > 1) {
|
||||||
|
__open_toomanyargs_error(); // compile time error
|
||||||
|
}
|
||||||
|
|
||||||
|
if (__builtin_va_arg_pack_len() == 0) {
|
||||||
|
return __open_2(pathname, flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
return __open_real(pathname, flags, __builtin_va_arg_pack());
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* !defined(__clang__) */
|
||||||
|
#endif /* defined(__BIONIC_FORTIFY_INLINE) */
|
||||||
|
|
||||||
__END_DECLS
|
__END_DECLS
|
||||||
|
|
||||||
#endif /* _FCNTL_H */
|
#endif /* _FCNTL_H */
|
||||||
|
@ -28,6 +28,8 @@
|
|||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <private/logd.h>
|
||||||
|
|
||||||
extern int __open(const char*, int, int);
|
extern int __open(const char*, int, int);
|
||||||
|
|
||||||
@ -49,3 +51,15 @@ int open(const char *pathname, int flags, ...)
|
|||||||
return __open(pathname, flags, mode);
|
return __open(pathname, flags, mode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int __open_2(const char *pathname, int flags) {
|
||||||
|
if (flags & O_CREAT) {
|
||||||
|
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
|
||||||
|
"*** open(O_CREAT) called without specifying a mode ***\n");
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
flags |= O_LARGEFILE;
|
||||||
|
|
||||||
|
return __open(pathname, flags, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user