13 Commits

Author SHA1 Message Date
Stephen Hines
6e38072add Wrap sprintf()/snprintf() macros to prevent expansion errors.
Previously, FORTIFY_SOURCE used single macros to define these standard
functions for use with clang. This can cause conflicts with other macros used
to call these functions, particularly when those macros expand the number of
arguments to the function. This change wraps our macro definitions, so that
expansion properly takes place for programmer arguments first.

Change-Id: I55929b1fd2a643b9d14a17631c4bcab3b0b712cf
2013-10-11 12:14:49 -07:00
Nick Kralevich
b036b5ca36 FORTIFY_SOURCE: fortify read()
Change-Id: Ic7de163fe121db13e00560adb257331bc709814d
2013-10-09 20:17:03 -07:00
Nick Kralevich
8d25327639 Revert "FORTIFY_SOURCE: fortify read()"
This change reverts
* fb3f956d075676c0438f2ee2bf3a5be659dfc04b.
* 65c99de2cb7a569ea17ca35e2f8f1e033421864b

Change-Id: Id5774eeede41130579115cf67a72ee914f2b47d5
2013-10-09 16:46:25 -07:00
Nick Kralevich
65c99de2cb FORTIFY_SOURCE: fortify read()
Change-Id: I3d7b4ec86d04efb865117ce7629a2e26917f3331
2013-10-09 13:44:38 -07:00
Nick Kralevich
7943df62f7 Check memory size on FD_* functions
Make sure the buffer we're dealing with has enough room.
Might as well check for memory issues while we're here,
even though I don't imagine they'll happen in practice.

Change-Id: I0ae1f0f06aca9ceb91e58c70183bb14e275b92b5
2013-10-03 15:45:10 -07:00
Elliott Hughes
5b9310e502 Fix 32-bit issues in tests, and add a trivial test for the FD_* macros.
Change-Id: Ia3f21ce1f0ed9236527fe44d36ccb7de6bf63113
2013-10-02 16:59:05 -07:00
Nick Kralevich
90201d5eca FORTIFY_SOURCE: Add __FD_* checks
Add FORTIFY_SOURCE checks for the following macros:

* FD_CLR
* FD_ISSET
* FD_SET

Bug: 11047121
Change-Id: I3c5952136aec9eff3288b91b1318677ff971525c
2013-10-02 16:11:30 -07:00
Nick Kralevich
b91791d71c Use alloc_size attribute on *alloc functions
malloc and family were not declared with __attribute__((alloc_size)).
This was (sometimes) preventing FORTIFY_SOURCE related functions
from knowing the size of the buffer it's dealing with, inhibiting
FORTIFY_SOURCE protections.

Add __attribute__((alloc_size))

Information about the alloc_size attribute can be found
at http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html

Change-Id: Ia2f0a445f0170a7325f69259b5e7fb35a9f14921
2013-10-02 14:14:40 -07:00
Nick Kralevich
60f4f9a5b9 libc: fortify recvfrom()
Fortify calls to recv() and recvfrom().

We use __bos0 to match glibc's behavior, and because I haven't
tested using __bos.

Change-Id: Iad6ae96551a89af17a9c347b80cdefcf2020c505
2013-09-24 16:45:01 -07:00
Christopher Ferris
16e185c908 __memcpy_chk: Fix signed cmp of unsigned values.
I accidentally did a signed comparison of the size_t values passed in
for three of the _chk functions. Changing them to unsigned compares.

Add three new tests to verify this failure is fixed.

Bug: 10691831

Merge from internal master.

(cherry-picked from 883ef2499c2ff76605f73b1240f719ca6282e554)

Change-Id: Id9a96b549435f5d9b61dc132cf1082e0e30889f5
2013-09-20 20:12:09 -07:00
Nick Kralevich
93501d3ab8 FORTIFY_SOURCE: introduce __strncpy_chk2
This change detects programs reading beyond the end of "src" when
calling strncpy.

Change-Id: Ie1b42de923385d62552b22c27b2d4713ab77ee03
2013-08-28 12:39:06 -07:00
Nick Kralevich
a6cde39276 More FORTIFY_SOURCE functions under clang
* bzero
* umask
* strlcat

Change-Id: I65065208e0b8b37e10f6a266d5305de8fa9e59fc
2013-06-29 08:16:22 -07:00
Nick Kralevich
5bcf39842e Reorganize FORTIFY_SOURCE tests.
Get rid of a lot of the duplication in the various FORTIFY_SOURCE
tests. Instead, we build 4 separate static libraries, with
4 different compile time options, and link them into the final test
binary.

Change-Id: Idb0b7cccc8dd837adb037bf4ddfe8942ae138230
2013-06-28 11:54:29 -07:00