summary refs log tree commit diff
path: root/include
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2004-10-18 04:17:19 +0000
committerUlrich Drepper <drepper@redhat.com>2004-10-18 04:17:19 +0000
commitb5cc329c4fb831ce99cd683caf3c5b5114c90010 (patch)
tree620ffc2f72cafdb90b9a679c022d3406a88c392c /include
parent10e0498e2d2de538b51b2685befc56f5c2691bf4 (diff)
downloadglibc-b5cc329c4fb831ce99cd683caf3c5b5114c90010.tar.gz
glibc-b5cc329c4fb831ce99cd683caf3c5b5114c90010.tar.xz
glibc-b5cc329c4fb831ce99cd683caf3c5b5114c90010.zip
2004-10-15 Jakub Jelinek <jakub@redhat.com>
	* elf/dl-minimal.c (__chk_fail): New.  Add rtld_hidden_def.
	* sysdeps/unix/sysv/linux/readonly-area.c: New file.
	* sysdeps/i386/i686/memmove.S (__memmove_chk): Add checking
	routine.
	* sysdeps/i386/i686/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/i386/i686/mempcpy.S (__mempcpy_chk): Likewise.
	* sysdeps/i386/i686/memset.S (__memset_chk): Likewise.
	* sysdeps/i386/i686/memmove-chk.S: New file.
	* sysdeps/i386/i686/memcpy-chk.S: Likewise.
	* sysdeps/i386/i686/mempcpy-chk.S: Likewise.
	* sysdeps/i386/i686/memset-chk.S: Likewise.
	* sysdeps/generic/strcat-chk.c (__strcat_chk): Don't __chk_fail
	if exactly fitting into buffer.
	* sysdeps/generic/strncat-chk.c (__strncat_chk): Likewise.
	* sysdeps/generic/readonly-area.c: New file.
	* sysdeps/generic/strncpy-chk.c (__strncpy_chk): Only test
	destlen once.
	* sysdeps/x86_64/memset.S (__memset_chk): Add checking routine.
	* sysdeps/x86_64/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/x86_64/mempcpy.S (__memcpy_chk): Define to __mempcpy_chk.
	* sysdeps/x86_64/memcpy-chk.S: New file.
	* sysdeps/x86_64/mempcpy-chk.S: Likewise.
	* sysdeps/x86_64/memset-chk.S: Likewise.
	* sysdeps/x86_64/strcpy-chk.S: Likewise.
	* sysdeps/x86_64/stpcpy-chk.S: Likewise.
	* argp/argp-xinl.c (__OPTIMIZE__): Define to 1 instead of nothing.
	* argp/argp-fs-xinl.c (__OPTIMIZE__): Likewise.
	* debug/tst-chk1.c: New test.
	* debug/tst-chk2.c: Likewise.
	* debug/tst-chk3.c: Likewise.
	* debug/test-strcpy_chk.c: Likewise.
	* debug/test-stpcpy_chk.c: Likewise.
	* debug/vsprintf_chk.c (__vsprintf_chk): If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* debug/Makefile (routines): Add printf_chk, fprintf_chk, vprintf_chk,
	vfprintf_chk, gets_chk and readonly-area.
	(CFLAGS-*_chk.c): Set.
	(tests): Add tst-chk1, tst-chk2, tst-chk3, test-strcpy_chk and
	test-stpcpy_chk.
	* debug/vprintf_chk.c: New file.
	* debug/printf_chk.c: Likewise.
	* debug/vfprintf_chk.c: Likewise.
	* debug/fprintf_chk.c: Likewise.
	* debug/gets_chk.c: Likewise.
	* debug/chk_fail.c (__chk_fail): Add libc_hidden_def.
	* debug/snprintf_chk.c (__snprintf_chk): Fix order of arguments
	passed to __vsnprintf_chk.
	* debug/Versions (libc): Export __printf_chk, __fprintf_chk,
	__vprintf_chk, __vfprintf_chk and __gets_chk @GLIBC_2.3.4.
	* debug/vsnprintf_chk.c (__vsnprintf_chk): Don't call
	__vsnprintf, instead create a temporary file with
	_IO_strn_jumps jumptable.  If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* libio/Makefile (headers): Add bits/stdio2.h.
	* libio/stdio.h: Include <bits/stdio2.h> if __USE_FORTIFY_LEVEL.
	(sprintf, snprintf, vsprintf, vsnprintf): Remove defines.
	* libio/strfile.h (_IO_strnfile): New type.
	(_IO_strn_jumps): New extern.
	* libio/vsnprintf.c (_IO_strnfile): Remove.
	(_IO_strn_jumps): Remove static.
	* libio/bits/stdio2.h: New file.
	* libio/vswprintf.c (_IO_strnfile): Rename type to...
	(_IO_wstrnfile): ...this.  Adjust all uses.
	* libio/libio.h (_IO_FLAGS2_CHECK_PERCENT_N): Define.
	* stdio-common/vfprintf.c (STR_LEN): Define.
	(vfprintf): Add readonly_format variable.
	Handle _IO_FLAGS2_CHECK_PERCENT_N.
	(buffered_vfprintf): Copy _flags2.
	* include/stdio.h (__sprintf_chk, __snprintf_chk, __vsprintf_chk,
	__vsnprintf_chk, __printf_chk, __fprintf_chk, __vprintf_chk,
	__vfprintf_chk): New prototypes.
	(__vsprintf_chk, __vsnprintf_chk): Add libc_hidden_proto.
	* include/string.h (__memcpy_chk, __memmove_chk, __mempcpy_chk,
	__memset_chk, __strcpy_chk, __stpcpy_chk, __strncpy_chk, __strcat_chk,
	__strncat_chk): New prototypes.
	* include/bits/string3.h: New file.
	* include/sys/cdefs.h (__chk_fail): Add libc_hidden_proto
	and rtld_hidden_proto.
	* string/Makefile (headers): Add bits/string3.h.
	* string/bits/string3.h (bcopy, bzero): New defines.
	(memset, memcpy, memmove, strcpy, strncpy, strcat, strncat): Change
	macros so that inlines are used only if unknown destination size
	or side-effects in destination argument.
	(mempcpy, stpcpy): Likewise.  Protect with #ifdef __USE_GNU.

2004-09-16  Ulrich Drepper  <drepper@redhat.com>

	* debug/Makefile (routines): Add *_chk.
	* debug/Versions (libc): Export __chk_fail, __memcpy_chk,
	__memmove_chk, __mempcpy_chk, __memset_chk, __stpcpy_chk,
	__strcat_chk, __strcpy_chk, __strncat_chk, __strncpy_chk,
	__sprintf_chk, __vsprintf_chk, __snprintf_chk, __vsnprintf_chk
	@GLIBC_2.3.4.
	* debug/chk_fail.c: New file.
	* debug/snprintf_chk.c: Likewise.
	* debug/sprintf_chk.c: Likewise.
	* debug/vsnprintf_chk.c: Likewise.
	* debug/vsprintf_chk.c: Likewise.
	* include/features.h (_FORTIFY_SOURCE): Document, handle.
	(__USE_FORTIFY_LEVEL): Define.
	(__GNUC_PREREQ): Move to earlier location.
	* include/sys/cdefs.h (__chk_fail): New prototype.
	* libio/bits/stdio.h (sprintf, vsprintf, snprintf, vsnprintf):
	Define if __USE_FORTIFY_LEVEL.
	* misc/sys/cdefs.h (__bos, __bos0): Define.
	* string/string.h: Include <bits/string3.h> if __USE_FORTIFY_LEVEL.
	* bits/string/string3.h: New header.
	* sysdeps/generic/memcpy_chk.c: New file.
	* sysdeps/generic/memmove_chk.c: Likewise.
	* sysdeps/generic/mempcpy_chk.c: Likewise.
	* sysdeps/generic/memset_chk.c: Likewise.
	* sysdeps/generic/stpcpy_chk.c: Likewise.
	* sysdeps/generic/strcat_chk.c: Likewise.
	* sysdeps/generic/strcpy_chk.c: Likewise.
	* sysdeps/generic/strncat_chk.c: Likewise.
	* sysdeps/generic/strncpy_chk.c: Likewise.
2004-10-15  Jakub Jelinek  <jakub@redhat.com>

	* elf/dl-minimal.c (__chk_fail): New.  Add rtld_hidden_def.
	* sysdeps/unix/sysv/linux/readonly-area.c: New file.
	* sysdeps/i386/i686/memmove.S (__memmove_chk): Add checking
	routine.
	* sysdeps/i386/i686/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/i386/i686/mempcpy.S (__mempcpy_chk): Likewise.
	* sysdeps/i386/i686/memset.S (__memset_chk): Likewise.
	* sysdeps/i386/i686/memmove-chk.S: New file.
	* sysdeps/i386/i686/memcpy-chk.S: Likewise.
	* sysdeps/i386/i686/mempcpy-chk.S: Likewise.
	* sysdeps/i386/i686/memset-chk.S: Likewise.
	* sysdeps/generic/strcat-chk.c (__strcat_chk): Don't __chk_fail
	if exactly fitting into buffer.
	* sysdeps/generic/strncat-chk.c (__strncat_chk): Likewise.
	* sysdeps/generic/readonly-area.c: New file.
	* sysdeps/generic/strncpy-chk.c (__strncpy_chk): Only test
	destlen once.
	* sysdeps/x86_64/memset.S (__memset_chk): Add checking routine.
	* sysdeps/x86_64/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/x86_64/mempcpy.S (__memcpy_chk): Define to __mempcpy_chk.
	* sysdeps/x86_64/memcpy-chk.S: New file.
	* sysdeps/x86_64/mempcpy-chk.S: Likewise.
	* sysdeps/x86_64/memset-chk.S: Likewise.
	* sysdeps/x86_64/strcpy-chk.S: Likewise.
	* sysdeps/x86_64/stpcpy-chk.S: Likewise.
	* argp/argp-xinl.c (__OPTIMIZE__): Define to 1 instead of nothing.
	* argp/argp-fs-xinl.c (__OPTIMIZE__): Likewise.
	* debug/tst-chk1.c: New test.
	* debug/tst-chk2.c: Likewise.
	* debug/tst-chk3.c: Likewise.
	* debug/test-strcpy_chk.c: Likewise.
	* debug/test-stpcpy_chk.c: Likewise.
	* debug/vsprintf_chk.c (__vsprintf_chk): If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* debug/Makefile (routines): Add printf_chk, fprintf_chk, vprintf_chk,
	vfprintf_chk, gets_chk and readonly-area.
	(CFLAGS-*_chk.c): Set.
	(tests): Add tst-chk1, tst-chk2, tst-chk3, test-strcpy_chk and
	test-stpcpy_chk.
	* debug/vprintf_chk.c: New file.
	* debug/printf_chk.c: Likewise.
	* debug/vfprintf_chk.c: Likewise.
	* debug/fprintf_chk.c: Likewise.
	* debug/gets_chk.c: Likewise.
	* debug/chk_fail.c (__chk_fail): Add libc_hidden_def.
	* debug/snprintf_chk.c (__snprintf_chk): Fix order of arguments
	passed to __vsnprintf_chk.
	* debug/Versions (libc): Export __printf_chk, __fprintf_chk,
	__vprintf_chk, __vfprintf_chk and __gets_chk @GLIBC_2.3.4.
	* debug/vsnprintf_chk.c (__vsnprintf_chk): Don't call
	__vsnprintf, instead create a temporary file with
	_IO_strn_jumps jumptable.  If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* libio/Makefile (headers): Add bits/stdio2.h.
	* libio/stdio.h: Include <bits/stdio2.h> if __USE_FORTIFY_LEVEL.
	(sprintf, snprintf, vsprintf, vsnprintf): Remove defines.
	* libio/strfile.h (_IO_strnfile): New type.
	(_IO_strn_jumps): New extern.
	* libio/vsnprintf.c (_IO_strnfile): Remove.
	(_IO_strn_jumps): Remove static.
	* libio/bits/stdio2.h: New file.
	* libio/vswprintf.c (_IO_strnfile): Rename type to...
	(_IO_wstrnfile): ...this.  Adjust all uses.
	* libio/libio.h (_IO_FLAGS2_CHECK_PERCENT_N): Define.
	* stdio-common/vfprintf.c (STR_LEN): Define.
	(vfprintf): Add readonly_format variable.
	Handle _IO_FLAGS2_CHECK_PERCENT_N.
	(buffered_vfprintf): Copy _flags2.
	* include/stdio.h (__sprintf_chk, __snprintf_chk, __vsprintf_chk,
	__vsnprintf_chk, __printf_chk, __fprintf_chk, __vprintf_chk,
	__vfprintf_chk): New prototypes.
	(__vsprintf_chk, __vsnprintf_chk): Add libc_hidden_proto.
	* include/string.h (__memcpy_chk, __memmove_chk, __mempcpy_chk,
	__memset_chk, __strcpy_chk, __stpcpy_chk, __strncpy_chk, __strcat_chk,
	__strncat_chk): New prototypes.
	* include/bits/string3.h: New file.
	* include/sys/cdefs.h (__chk_fail): Add libc_hidden_proto
	and rtld_hidden_proto.
	* string/Makefile (headers): Add bits/string3.h.
	* string/bits/string3.h (bcopy, bzero): New defines.
	(memset, memcpy, memmove, strcpy, strncpy, strcat, strncat): Change
	macros so that inlines are used only if unknown destination size
	or side-effects in destination argument.
	(mempcpy, stpcpy): Likewise.  Protect with #ifdef __USE_GNU.

2004-09-16  Ulrich Drepper  <drepper@redhat.com>

	* debug/Makefile (routines): Add *_chk.
	* debug/Versions (libc): Export __chk_fail, __memcpy_chk,
	__memmove_chk, __mempcpy_chk, __memset_chk, __stpcpy_chk,
	__strcat_chk, __strcpy_chk, __strncat_chk, __strncpy_chk,
	__sprintf_chk, __vsprintf_chk, __snprintf_chk, __vsnprintf_chk
	@GLIBC_2.3.4.
	* debug/chk_fail.c: New file.
	* debug/snprintf_chk.c: Likewise.
	* debug/sprintf_chk.c: Likewise.
	* debug/vsnprintf_chk.c: Likewise.
	* debug/vsprintf_chk.c: Likewise.
	* include/features.h (_FORTIFY_SOURCE): Document, handle.
	(__USE_FORTIFY_LEVEL): Define.
	(__GNUC_PREREQ): Move to earlier location.
	* include/sys/cdefs.h (__chk_fail): New prototype.
	* libio/bits/stdio.h (sprintf, vsprintf, snprintf, vsnprintf):
	Define if __USE_FORTIFY_LEVEL.
	* misc/sys/cdefs.h (__bos, __bos0): Define.
	* string/string.h: Include <bits/string3.h> if __USE_FORTIFY_LEVEL.
	* bits/string/string3.h: New header.
	* sysdeps/generic/memcpy_chk.c: New file.
	* sysdeps/generic/memmove_chk.c: Likewise.
	* sysdeps/generic/mempcpy_chk.c: Likewise.
	* sysdeps/generic/memset_chk.c: Likewise.
	* sysdeps/generic/stpcpy_chk.c: Likewise.
	* sysdeps/generic/strcat_chk.c: Likewise.
	* sysdeps/generic/strcpy_chk.c: Likewise.
	* sysdeps/generic/strncat_chk.c: Likewise.
	* sysdeps/generic/strncpy_chk.c: Likewise.
Diffstat (limited to 'include')
-rw-r--r--include/bits/string3.h1
-rw-r--r--include/features.h40
-rw-r--r--include/stdio.h14
-rw-r--r--include/string.h28
-rw-r--r--include/sys/cdefs.h8
5 files changed, 76 insertions, 15 deletions
diff --git a/include/bits/string3.h b/include/bits/string3.h
new file mode 100644
index 0000000000..1ddd981a90
--- /dev/null
+++ b/include/bits/string3.h
@@ -0,0 +1 @@
+#include <string/bits/string3.h>
diff --git a/include/features.h b/include/features.h
index 59ae3c4d13..8b03e165f9 100644
--- a/include/features.h
+++ b/include/features.h
@@ -41,6 +41,8 @@
    _GNU_SOURCE		All of the above, plus GNU extensions.
    _REENTRANT		Select additionally reentrant object.
    _THREAD_SAFE		Same as _REENTRANT, often used by other systems.
+   _FORTIFY_SOURCE	If set to numeric value > 0 additional security
+			measures are defined, according to level.
 
    The `-ansi' switch to the GNU C compiler defines __STRICT_ANSI__.
    If none of these are defined, the default is to have _SVID_SOURCE,
@@ -69,6 +71,7 @@
    __USE_MISC		Define things common to BSD and System V Unix.
    __USE_GNU		Define GNU extensions.
    __USE_REENTRANT	Define reentrant/thread-safe *_r functions.
+   __USE_FORTIFY_LEVEL	Additional security measures used, according to level.
    __FAVOR_BSD		Favor 4.3BSD things in cases of conflict.
 
    The macros `__GNU_LIBRARY__', `__GLIBC__', and `__GLIBC_MINOR__' are
@@ -101,6 +104,7 @@
 #undef	__USE_MISC
 #undef	__USE_GNU
 #undef	__USE_REENTRANT
+#undef	__USE_FORTIFY_LEVEL
 #undef	__FAVOR_BSD
 #undef	__KERNEL_STRICT_NAMES
 
@@ -113,6 +117,20 @@
 /* Always use ISO C things.  */
 #define	__USE_ANSI	1
 
+/* Convenience macros to test the versions of glibc and gcc.
+   Use them like this:
+   #if __GNUC_PREREQ (2,8)
+   ... code requiring gcc 2.8 or later ...
+   #endif
+   Note - they won't work for gcc1 or glibc1, since the _MINOR macros
+   were not defined then.  */
+#if defined __GNUC__ && defined __GNUC_MINOR__
+# define __GNUC_PREREQ(maj, min) \
+	((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+#else
+# define __GNUC_PREREQ(maj, min) 0
+#endif
+
 
 /* If _BSD_SOURCE was defined by the user, favor BSD over POSIX.  */
 #if defined _BSD_SOURCE && \
@@ -244,6 +262,14 @@
 # define __USE_REENTRANT	1
 #endif
 
+#if _FORTIFY_SOURCE > 0 && __GNUC_PREREQ (4, 1) && __OPTIMIZE__ > 0
+# if _FORTIFY_SOURCE == 1
+#  define __USE_FORTIFY_LEVEL 1
+# elif _FORTIFY_SOURCE > 1
+#  define __USE_FORTIFY_LEVEL 2
+# endif
+#endif
+
 /* We do support the IEC 559 math functionality, real and complex.  */
 #define __STDC_IEC_559__		1
 #define __STDC_IEC_559_COMPLEX__	1
@@ -265,20 +291,6 @@
 #define	__GLIBC__	2
 #define	__GLIBC_MINOR__	3
 
-/* Convenience macros to test the versions of glibc and gcc.
-   Use them like this:
-   #if __GNUC_PREREQ (2,8)
-   ... code requiring gcc 2.8 or later ...
-   #endif
-   Note - they won't work for gcc1 or glibc1, since the _MINOR macros
-   were not defined then.  */
-#if defined __GNUC__ && defined __GNUC_MINOR__
-# define __GNUC_PREREQ(maj, min) \
-	((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-#else
-# define __GNUC_PREREQ(maj, min) 0
-#endif
-
 #define __GLIBC_PREREQ(maj, min) \
 	((__GLIBC__ << 16) + __GLIBC_MINOR__ >= ((maj) << 16) + (min))
 
diff --git a/include/stdio.h b/include/stdio.h
index b871abc15e..05a91b4cb3 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -27,6 +27,18 @@ extern int __vsscanf (__const char *__restrict __s,
 		      _G_va_list __arg)
      __attribute__ ((__format__ (__scanf__, 2, 0)));
 
+extern int __sprintf_chk (char *, int, size_t, const char *, ...) __THROW;
+extern int __snprintf_chk (char *, size_t, int, size_t, const char *, ...)
+     __THROW;
+extern int __vsprintf_chk (char *, int, size_t, const char *,
+			   _G_va_list) __THROW;
+extern int __vsnprintf_chk (char *, size_t, int, size_t, const char *,
+			    _G_va_list) __THROW;
+extern int __printf_chk (int, const char *, ...);
+extern int __fprintf_chk (FILE *, int, const char *, ...);
+extern int __vprintf_chk (int, const char *, _G_va_list);
+extern int __vfprintf_chk (FILE *, int, const char *, _G_va_list);
+
 /* Prototypes for compatibility functions.  */
 extern FILE *__new_tmpfile (void);
 extern FILE *__old_tmpfile (void);
@@ -109,6 +121,8 @@ libc_hidden_proto (fgets_unlocked)
 libc_hidden_proto (fputs_unlocked)
 libc_hidden_proto (open_memstream)
 libc_hidden_proto (__libc_fatal)
+libc_hidden_proto (__vsprintf_chk)
+libc_hidden_proto (__vsnprintf_chk)
 
 #  if !defined NOT_IN_libc && defined SHARED && defined DO_VERSIONING \
   && defined HAVE_VISIBILITY_ATTRIBUTE && !defined HAVE_BROKEN_ALIAS_ATTRIBUTE\
diff --git a/include/string.h b/include/string.h
index afc6adfbda..738dd8e27c 100644
--- a/include/string.h
+++ b/include/string.h
@@ -3,7 +3,7 @@
 #include <sys/types.h>
 
 extern void *__memccpy (void *__dest, __const void *__src,
-			  int __c, size_t __n);
+			int __c, size_t __n);
 
 extern size_t __strnlen (__const char *__string, size_t __maxlen)
      __attribute_pure__;
@@ -114,4 +114,30 @@ libc_hidden_builtin_proto (ffs)
 #  endif
 # endif
 
+extern void *__memcpy_chk (void *__restrict __dest,
+			   const void *__restrict __src, size_t __len,
+			   size_t __destlen) __THROW;
+extern void *__memmove_chk (void *__dest, const void *__src, size_t __len,
+			    size_t __destlen) __THROW;
+extern void *__mempcpy_chk (void *__restrict __dest,
+			    const void *__restrict __src, size_t __len,
+			    size_t __destlen) __THROW;
+extern void *__memset_chk (void *__dest, int __ch, size_t __len,
+			   size_t __destlen) __THROW;
+extern char *__strcpy_chk (char *__restrict __dest,
+			   const char *__restrict __src,
+			   size_t __destlen) __THROW;
+extern char *__stpcpy_chk (char *__restrict __dest,
+			   const char *__restrict __src,
+			   size_t __destlen) __THROW;
+extern char *__strncpy_chk (char *__restrict __dest,
+			    const char *__restrict __src,
+			    size_t __len, size_t __destlen) __THROW;
+extern char *__strcat_chk (char *__restrict __dest,
+			   const char *__restrict __src,
+			   size_t __destlen) __THROW;
+extern char *__strncat_chk (char *__restrict __dest,
+			    const char *__restrict __src,
+			    size_t __len, size_t __destlen) __THROW;
+
 #endif
diff --git a/include/sys/cdefs.h b/include/sys/cdefs.h
index 200abb4f02..8ba980477d 100644
--- a/include/sys/cdefs.h
+++ b/include/sys/cdefs.h
@@ -1 +1,9 @@
+#ifndef _SYS_CDEFS_H
+
 #include <misc/sys/cdefs.h>
+
+extern void __chk_fail (void) __attribute__ ((__noreturn__));
+libc_hidden_proto (__chk_fail)
+rtld_hidden_proto (__chk_fail)
+
+#endif