preserve CFLAGS between hardening checks, enable mingw

Allow hardening CFLAGS for mingw that do not cause link-time failures. Add proper quoting on flags for commas Check LDFLAGS for linker-only flags.
2015-01-05 20:31:34 -06:00 · 2015-01-05 20:31:34 -06:00 · 872ecfd856
commit 872ecfd856
parent 303b972d55
1 changed files with 46 additions and 26 deletions
--- a/configure.ac
+++ b/configure.ac
@ -95,40 +95,60 @@ AC_ARG_ENABLE([hardening],
 	[], [enable_hardening=yes])

 AC_DEFUN([CHECK_CFLAG],
-	 [AC_LANG_ASSERT(C)
+	 AC_LANG_ASSERT(C)
 	 AC_MSG_CHECKING([if $saved_CC supports "$1"])
 	 old_cflags="$CFLAGS"
-	  CFLAGS=[$1]
-	  AC_TRY_LINK([#include <stdio.h>],
+	 CFLAGS=$1
+	 AC_TRY_LINK([
+		      #include <stdio.h>
+		      ],
 		     [printf("Hello")],
 		     AC_MSG_RESULT([yes])
-		      HARDEN_CFLAGS="$HARDEN_CFLAGS [$1]",
+		     HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
 		     AC_MSG_RESULT([no])
-		      $2
+		     $2)
+	  CFLAGS=$old_cflags
 )
-	  ])

-AS_IF([test "x$enable_hardening" == "xyes" -a "x$HOST_OS" != "xwin"], [
+AC_DEFUN([CHECK_LDFLAG],
+	 AC_LANG_ASSERT(C)
+	 AC_MSG_CHECKING([if $saved_LD supports "$1"])
+	 old_ldflags="$LDFLAGS"
+	 LDFLAGS=$1
+	 AC_TRY_LINK([
+		      #include <stdio.h>
+		      ],
+		     [printf("Hello")],
+		     AC_MSG_RESULT([yes])
+		     HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
+		     AC_MSG_RESULT([no])
+		     $2)
+	  LDFLAGS=$old_ldflags
+)
+
+AS_IF([test "x$enable_hardening" == "xyes"], [
 	# Tell GCC to NOT optimize based on signed arithmetic overflow
-	CHECK_CFLAG([-fno-strict-overflow])
+	CHECK_CFLAG([[-fno-strict-overflow]])

 	# _FORTIFY_SOURCE replaces builtin functions with safer versions.
-	CHECK_CFLAG([-D_FORTIFY_SOURCE=2])
+	CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
+
+	# Enable read only relocations
+	CHECK_LDFLAG([[-Wl,-z,relro]])
+	CHECK_LDFLAG([[-Wl,-z,now]])
+])

 # Use stack-protector-strong if available; if not, fallback to
 # stack-protector-all which is considered to be overkill
-	CHECK_CFLAG([-fstack-protector-strong],
-		CHECK_CFLAG([-fstack-protector-all],
-			AC_MSG_ERROR([compiler does appear to support stack protection
-			  - use --disable-hardening to override])
+AS_IF([test "x$enable_hardening" == "xyes" -a "x$HOST_OS" != "xwin"], [
+	CHECK_CFLAG([[-fstack-protector-strong]],
+		CHECK_CFLAG([[-fstack-protector-all]],
+			AC_MSG_ERROR([compiler does appear to support stack protection - use --disable-hardening to override])
 		)
 	)
-
-	# Enable read only relocations
-	CHECK_CFLAG([-Wl,-z,relro])
-	CHECK_CFLAG([-Wl,-z,now])
 ])

+
 # Restore CC, LD
 CC="$saved_CC"
 LD="$saved_LD"