add fortified implementations of write/pwrite{,64}
These are just based on the read/pread{,64} implementations with the function calls and error messages adjusted as appropriate. The only difference is that the buffer parameters are const. Change-Id: Ida1597a903807f583f230d74bcedffdb7b24fcf6
This commit is contained in:
parent
7e919daeaa
commit
afdd15456a
@ -79,6 +79,8 @@ libc_common_src_files += \
|
||||
bionic/__poll_chk.cpp \
|
||||
bionic/__pread64_chk.cpp \
|
||||
bionic/__pread_chk.cpp \
|
||||
bionic/__pwrite64_chk.cpp \
|
||||
bionic/__pwrite_chk.cpp \
|
||||
bionic/__read_chk.cpp \
|
||||
bionic/__readlink_chk.cpp \
|
||||
bionic/__readlinkat_chk.cpp \
|
||||
@ -95,6 +97,7 @@ libc_common_src_files += \
|
||||
bionic/__umask_chk.cpp \
|
||||
bionic/__vsnprintf_chk.cpp \
|
||||
bionic/__vsprintf_chk.cpp \
|
||||
bionic/__write_chk.cpp
|
||||
|
||||
libc_bionic_ndk_src_files := \
|
||||
bionic/abort.cpp \
|
||||
|
44
libc/bionic/__pwrite64_chk.cpp
Normal file
44
libc/bionic/__pwrite64_chk.cpp
Normal file
@ -0,0 +1,44 @@
|
||||
/*
|
||||
* Copyright (C) 2015 The Android Open Source Project
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
||||
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
||||
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#undef _FORTIFY_SOURCE
|
||||
#include <unistd.h>
|
||||
#include "private/libc_logging.h"
|
||||
|
||||
extern "C" ssize_t __pwrite64_chk(int fd, const void* buf, size_t count, off64_t offset,
|
||||
size_t buf_size) {
|
||||
if (__predict_false(count > buf_size)) {
|
||||
__fortify_chk_fail("pwrite64: prevented read past end of buffer", 0);
|
||||
}
|
||||
|
||||
if (__predict_false(count > SSIZE_MAX)) {
|
||||
__fortify_chk_fail("pwrite64: count > SSIZE_MAX", 0);
|
||||
}
|
||||
|
||||
return pwrite64(fd, buf, count, offset);
|
||||
}
|
44
libc/bionic/__pwrite_chk.cpp
Normal file
44
libc/bionic/__pwrite_chk.cpp
Normal file
@ -0,0 +1,44 @@
|
||||
/*
|
||||
* Copyright (C) 2015 The Android Open Source Project
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
||||
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
||||
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#undef _FORTIFY_SOURCE
|
||||
#include <unistd.h>
|
||||
#include "private/libc_logging.h"
|
||||
|
||||
extern "C" ssize_t __pwrite_chk(int fd, const void* buf, size_t count, off_t offset,
|
||||
size_t buf_size) {
|
||||
if (__predict_false(count > buf_size)) {
|
||||
__fortify_chk_fail("pwrite: prevented read past end of buffer", 0);
|
||||
}
|
||||
|
||||
if (__predict_false(count > SSIZE_MAX)) {
|
||||
__fortify_chk_fail("pwrite: count > SSIZE_MAX", 0);
|
||||
}
|
||||
|
||||
return pwrite(fd, buf, count, offset);
|
||||
}
|
43
libc/bionic/__write_chk.cpp
Normal file
43
libc/bionic/__write_chk.cpp
Normal file
@ -0,0 +1,43 @@
|
||||
/*
|
||||
* Copyright (C) 2015 The Android Open Source Project
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
||||
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
||||
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#undef _FORTIFY_SOURCE
|
||||
#include <unistd.h>
|
||||
#include "private/libc_logging.h"
|
||||
|
||||
extern "C" ssize_t __write_chk(int fd, const void* buf, size_t count, size_t buf_size) {
|
||||
if (__predict_false(count > buf_size)) {
|
||||
__fortify_chk_fail("write: prevented read past end of buffer", 0);
|
||||
}
|
||||
|
||||
if (__predict_false(count > SSIZE_MAX)) {
|
||||
__fortify_chk_fail("write: count > SSIZE_MAX", 0);
|
||||
}
|
||||
|
||||
return write(fd, buf, count);
|
||||
}
|
@ -238,11 +238,26 @@ __errordecl(__pread64_dest_size_error, "pread64 called with size bigger than des
|
||||
__errordecl(__pread64_count_toobig_error, "pread64 called with count > SSIZE_MAX");
|
||||
extern ssize_t __pread64_real(int, void*, size_t, off64_t) __RENAME(pread64);
|
||||
|
||||
extern ssize_t __pwrite_chk(int, const void*, size_t, off_t, size_t);
|
||||
__errordecl(__pwrite_dest_size_error, "pwrite called with size bigger than destination");
|
||||
__errordecl(__pwrite_count_toobig_error, "pwrite called with count > SSIZE_MAX");
|
||||
extern ssize_t __pwrite_real(int, const void*, size_t, off_t) __RENAME(pwrite);
|
||||
|
||||
extern ssize_t __pwrite64_chk(int, const void*, size_t, off64_t, size_t);
|
||||
__errordecl(__pwrite64_dest_size_error, "pwrite64 called with size bigger than destination");
|
||||
__errordecl(__pwrite64_count_toobig_error, "pwrite64 called with count > SSIZE_MAX");
|
||||
extern ssize_t __pwrite64_real(int, const void*, size_t, off64_t) __RENAME(pwrite64);
|
||||
|
||||
extern ssize_t __read_chk(int, void*, size_t, size_t);
|
||||
__errordecl(__read_dest_size_error, "read called with size bigger than destination");
|
||||
__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX");
|
||||
extern ssize_t __read_real(int, void*, size_t) __RENAME(read);
|
||||
|
||||
extern ssize_t __write_chk(int, const void*, size_t, size_t);
|
||||
__errordecl(__write_dest_size_error, "write called with size bigger than destination");
|
||||
__errordecl(__write_count_toobig_error, "write called with count > SSIZE_MAX");
|
||||
extern ssize_t __write_real(int, const void*, size_t) __RENAME(write);
|
||||
|
||||
extern ssize_t __readlink_chk(const char*, char*, size_t, size_t);
|
||||
__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination");
|
||||
__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX");
|
||||
@ -342,6 +357,62 @@ ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) {
|
||||
return __pread64_chk(fd, buf, count, offset, bos);
|
||||
}
|
||||
|
||||
#if defined(__USE_FILE_OFFSET64)
|
||||
#define __PWRITE_PREFIX(x) __pwrite64_ ## x
|
||||
#else
|
||||
#define __PWRITE_PREFIX(x) __pwrite_ ## x
|
||||
#endif
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset) {
|
||||
size_t bos = __bos0(buf);
|
||||
|
||||
#if !defined(__clang__)
|
||||
if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
|
||||
__PWRITE_PREFIX(count_toobig_error)();
|
||||
}
|
||||
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __PWRITE_PREFIX(real)(fd, buf, count, offset);
|
||||
}
|
||||
|
||||
if (__builtin_constant_p(count) && (count > bos)) {
|
||||
__PWRITE_PREFIX(dest_size_error)();
|
||||
}
|
||||
|
||||
if (__builtin_constant_p(count) && (count <= bos)) {
|
||||
return __PWRITE_PREFIX(real)(fd, buf, count, offset);
|
||||
}
|
||||
#endif
|
||||
|
||||
return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
ssize_t pwrite64(int fd, const void* buf, size_t count, off64_t offset) {
|
||||
size_t bos = __bos0(buf);
|
||||
|
||||
#if !defined(__clang__)
|
||||
if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
|
||||
__pwrite64_count_toobig_error();
|
||||
}
|
||||
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __pwrite64_real(fd, buf, count, offset);
|
||||
}
|
||||
|
||||
if (__builtin_constant_p(count) && (count > bos)) {
|
||||
__pwrite64_dest_size_error();
|
||||
}
|
||||
|
||||
if (__builtin_constant_p(count) && (count <= bos)) {
|
||||
return __pwrite64_real(fd, buf, count, offset);
|
||||
}
|
||||
#endif
|
||||
|
||||
return __pwrite64_chk(fd, buf, count, offset, bos);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
ssize_t read(int fd, void* buf, size_t count) {
|
||||
size_t bos = __bos0(buf);
|
||||
@ -367,6 +438,33 @@ ssize_t read(int fd, void* buf, size_t count) {
|
||||
return __read_chk(fd, buf, count, bos);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
ssize_t write(int fd, const void* buf, size_t count) {
|
||||
size_t bos = __bos0(buf);
|
||||
|
||||
#if !defined(__clang__)
|
||||
#if 0 /* work around a false positive due to a missed optimization */
|
||||
if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
|
||||
__write_count_toobig_error();
|
||||
}
|
||||
#endif
|
||||
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __write_real(fd, buf, count);
|
||||
}
|
||||
|
||||
if (__builtin_constant_p(count) && (count > bos)) {
|
||||
__write_dest_size_error();
|
||||
}
|
||||
|
||||
if (__builtin_constant_p(count) && (count <= bos)) {
|
||||
return __write_real(fd, buf, count);
|
||||
}
|
||||
#endif
|
||||
|
||||
return __write_chk(fd, buf, count, bos);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
ssize_t readlink(const char* path, char* buf, size_t size) {
|
||||
size_t bos = __bos(buf);
|
||||
|
@ -1337,6 +1337,9 @@ LIBC_N {
|
||||
__fread_chk;
|
||||
__fwrite_chk;
|
||||
__getcwd_chk;
|
||||
__pwrite_chk;
|
||||
__pwrite64_chk;
|
||||
__write_chk;
|
||||
getgrgid_r;
|
||||
getgrnam_r;
|
||||
} LIBC;
|
||||
|
@ -21,6 +21,7 @@
|
||||
#include <poll.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/stat.h>
|
||||
@ -248,7 +249,7 @@ void test_fread_too_big() {
|
||||
}
|
||||
|
||||
void test_fwrite_overflow() {
|
||||
char buf[4];
|
||||
char buf[4] = {0};
|
||||
// NOLINTNEXTLINE(whitespace/line_length)
|
||||
// GCC: error: call to '__fwrite_overflow' declared with attribute error: fwrite called with overflowing size * count
|
||||
// clang should emit a warning, but doesn't
|
||||
@ -270,3 +271,27 @@ void test_getcwd() {
|
||||
// clang should emit a warning, but doesn't
|
||||
getcwd(buf, 5);
|
||||
}
|
||||
|
||||
void test_pwrite64_size() {
|
||||
char buf[4] = {0};
|
||||
// NOLINTNEXTLINE(whitespace/line_length)
|
||||
// GCC: error: call to '__pwrite64_dest_size_error' declared with attribute error: pwrite64 called with size bigger than destination
|
||||
// clang should emit a warning, but doesn't
|
||||
pwrite64(STDOUT_FILENO, buf, 5, 0);
|
||||
}
|
||||
|
||||
void test_pwrite64_too_big() {
|
||||
void *buf = calloc(atoi("5"), 1);
|
||||
// NOLINTNEXTLINE(whitespace/line_length)
|
||||
// GCC: error: call to '__pwrite64_count_toobig_error' declared with attribute error: pwrite64 called with count > SSIZE_MAX
|
||||
// clang should emit a warning, but doesn't
|
||||
pwrite64(STDOUT_FILENO, buf, SIZE_MAX, 0);
|
||||
}
|
||||
|
||||
void test_write_size() {
|
||||
char buf[4] = {0};
|
||||
// NOLINTNEXTLINE(whitespace/line_length)
|
||||
// GCC: error: call to '__write_dest_size_error' declared with attribute error: write called with size bigger than destination
|
||||
// clang should emit a warning, but doesn't
|
||||
write(STDOUT_FILENO, buf, 5);
|
||||
}
|
||||
|
@ -645,6 +645,22 @@ TEST_F(DEATHTEST, pread64_fortified) {
|
||||
close(fd);
|
||||
}
|
||||
|
||||
TEST_F(DEATHTEST, pwrite_fortified) {
|
||||
char buf[1] = {0};
|
||||
size_t ct = atoi("2"); // prevent optimizations
|
||||
int fd = open("/dev/null", O_WRONLY);
|
||||
ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
|
||||
close(fd);
|
||||
}
|
||||
|
||||
TEST_F(DEATHTEST, pwrite64_fortified) {
|
||||
char buf[1] = {0};
|
||||
size_t ct = atoi("2"); // prevent optimizations
|
||||
int fd = open("/dev/null", O_WRONLY);
|
||||
ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
|
||||
close(fd);
|
||||
}
|
||||
|
||||
TEST_F(DEATHTEST, read_fortified) {
|
||||
char buf[1];
|
||||
size_t ct = atoi("2"); // prevent optimizations
|
||||
@ -653,6 +669,14 @@ TEST_F(DEATHTEST, read_fortified) {
|
||||
close(fd);
|
||||
}
|
||||
|
||||
TEST_F(DEATHTEST, write_fortified) {
|
||||
char buf[1] = {0};
|
||||
size_t ct = atoi("2"); // prevent optimizations
|
||||
int fd = open("/dev/null", O_WRONLY);
|
||||
ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
|
||||
close(fd);
|
||||
}
|
||||
|
||||
TEST_F(DEATHTEST, fread_fortified) {
|
||||
char buf[1];
|
||||
size_t ct = atoi("2"); // prevent optimizations
|
||||
|
Loading…
Reference in New Issue
Block a user