These functions are about to be added to POSIX, under Austin Group
issue 986.
The fortified strlcat implementation does not raise SIGABRT if the
destination buffer does not contain a null terminator, it just
inherits the non-failing regular strlcat behavior.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
explicit_bzero(s, n) is the same as memset(s, 0, n), except that the
compiler is not allowed to delete a call to explicit_bzero even if the
memory pointed to by 's' is dead after the call. Right now, this effect
is achieved externally by having explicit_bzero be a function whose
semantics are unknown to the compiler, and internally, with a no-op
asm statement that clobbers memory. This does mean that small
explicit_bzero operations cannot be expanded inline as small memset
operations can, but on the other hand, small memset operations do get
deleted by the compiler. Hopefully full compiler support for
explicit_bzero will happen relatively soon.
There are two new tests: test-explicit_bzero.c verifies the
visible semantics in the same way as the existing test-bzero.c,
and tst-xbzero-opt.c verifies the not-being-optimized-out property.
The latter is conceptually based on a test written by Matthew Dempsky
for the OpenBSD regression suite.
The crypt() implementation has an immediate use for this new feature.
We avoid having to add a GLIBC_PRIVATE alias for explicit_bzero
by running all of libcrypt's calls through the fortified variant,
__explicit_bzero_chk, which is in the impl namespace anyway. Currently
I'm not aware of anything in libc proper that needs this, but the
glue is all in place if it does become necessary. The legacy DES
implementation wasn't bothering to clear its buffers, so I added that,
mostly for consistency's sake.
* string/explicit_bzero.c: New routine.
* string/test-explicit_bzero.c, string/tst-xbzero-opt.c: New tests.
* string/Makefile (routines, strop-tests, tests): Add them.
* string/test-memset.c: Add ifdeffage for testing explicit_bzero.
* string/string.h [__USE_MISC]: Declare explicit_bzero.
* debug/explicit_bzero_chk.c: New routine.
* debug/Makefile (routines): Add it.
* debug/tst-chk1.c: Test fortification of explicit_bzero.
* string/bits/string3.h: Fortify explicit_bzero.
* manual/string.texi: Document explicit_bzero.
* NEWS: Mention addition of explicit_bzero.
* crypt/crypt-entry.c (__crypt_r): Clear key-dependent intermediate
data before returning, using explicit_bzero.
* crypt/md5-crypt.c (__md5_crypt_r): Likewise.
* crypt/sha256-crypt.c (__sha256_crypt_r): Likewise.
* crypt/sha512-crypt.c (__sha512_crypt_r): Likewise.
* include/string.h: Redirect internal uses of explicit_bzero
to __explicit_bzero_chk[_internal].
* string/Versions [GLIBC_2.25]: Add explicit_bzero.
* debug/Versions [GLIBC_2.25]: Add __explicit_bzero_chk.
* sysdeps/arm/nacl/libc.abilist
* sysdeps/unix/sysv/linux/aarch64/libc.abilist
* sysdeps/unix/sysv/linux/alpha/libc.abilist
* sysdeps/unix/sysv/linux/arm/libc.abilist
* sysdeps/unix/sysv/linux/hppa/libc.abilist
* sysdeps/unix/sysv/linux/i386/libc.abilist
* sysdeps/unix/sysv/linux/ia64/libc.abilist
* sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
* sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist
* sysdeps/unix/sysv/linux/microblaze/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
* sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
* sysdeps/unix/sysv/linux/nios2/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc-le.abilist
* sysdeps/unix/sysv/linux/powerpc/powerpc64/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist
* sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist
* sysdeps/unix/sysv/linux/sh/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
* sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx32/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilegx/tilegx64/libc.abilist
* sysdeps/unix/sysv/linux/tile/tilepro/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/64/libc.abilist
* sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist:
Add entries for explicit_bzero and __explicit_bzero_chk.
If longjmp restores the stack frame to an address which is beyond
the stack frame at the time of the longjmp call it would install
an uninitialized stack frame. If compiled with _FORTIFY_SOURCE
defined, longjmp will now bail out in this situation.
* rt/Makefile (headers): Add bits/mqueue2.h.
* rt/mqueue.h: Include bits/mqueue2.h if -D_FORTIFY_SOURCE=2,
optimizing with GCC and __va_arg_pack_len is defined.
* rt/bits/mqueue2.h: New file.
* rt/mq_open.c (__mq_open): Renamed from mq_open.
(mq_open): New strong_alias.
(__mq_open_2): New function.
* sysdeps/unix/sysv/linux/mq_open.c (__mq_open): Renamed from mq_open.
(mq_open): New strong_alias.
(__mq_open_2): New function.
* debug/Versions (libc): Export __fortify_fail@@GLIBC_PRIVATE.
* Versions.def (librt): Add GLIBC_2.7 version.
* debug/fortify_fail.c (__fortify_fail): Add libc_hidden_def.
* include/stdio.h (__fortify_fail): Add libc_hidden_proto.
* misc/sys/cdefs.h (__errordecl, __va_arg_pack_len): Define.
* io/fcntl.h: Include bits/fcntl2.h when __va_arg_pack_len
is defined rather than when not C++.
* io/bits/fcntl2.h (__open_alias, __open64_alias, __openat_alias,
__openat64_alias): New redirects.
(__open_too_many_args, __open_missing_mode, __open64_too_many_args,
__open64_missing_mode, __openat_too_many_args, __openat_missing_mode,
__openat64_too_many_args, __openat64_missing_mode): New __errordecls.
(open, open64, openat, openat64): Rewrite as __extern_always_inline
functions instead of function-like macros.
(__readlinkat_alias): New alias.
(readlinkat): New inline function.
* include/unistd.h (readlinkat): Add libc_hidden_proto.
* sysdeps/unix/sysv/linux/readlinkat.c (readlinkat): Add
libc_hidden_def.
* io/readlinkat.c (readlinkat): Likewise.
* debug/readlinkat_chk.c: New file.
* debug/Makefile (routines): Add readlinkat_chk.
* debug/Versions (libc): Export __readlinkat_chk@@GLIBC_2.5.
* debug/tst-chk1.c (do_test): Add readlinkat tests.
* nis/nss_nisplus/nisplus-netgrp.c: Cleanups.
code is possible. Move compatibility code in .text.compat section.
over gaih array. There is only one function to call in the moment.
* debug/wcstombs_chk.c: New file.
* debug/Makefile (routines): Add mbstowcs_chk and wcstombs_chk.
* debug/Versions: Add __mbstowcs_chk and __wcstombs_chk.
* stdlib/bits/stdlib.h: Add definitions for mbstowcs and wcstombs.
* wcsmbs/bits/wchar2.h (mbsrtowcs): Pretty printing.
* string/test-memset.c (test_main): Use negative byte value in
length. Patch by Ivan Gyurdiev <ivg2@cornell.edu>.
* debug/confstr_chk.c: New file.
* debug/getdomainname_chk.c: New file.
* debug/getgroups_chk.c: New file.
* debug/gethostname_chk.c: New file.
* debug/getlogin_r_chk.c: New file.
* debug/ttyname_r_chk.c: New file.
* posix/bits/unistd.h: Add definitions for new debug versions.
* debug/tst-chk1.c: Add tests for new functions.
* debug/Versions: Export new functions.
* debug/Makefile (routines): Add new files.
* stdlib/bits/stdlib.h: Fix typo.
* manual/Makefile (libc/index.html): Depend on dir-add.texi.
* include/bits/wchar2.h: New file.
* wcsmbs/wchar.h: Include <bits/wchar2.h> if fortification is
requested.
* wcsmbs/wcsncpy.c: Add __wcsncpy alias.
* string/bits/string3.h: Add fortified stpncpy definitions.
* sysdeps/generic/stpncpy_chk.c: New file.
* libio/vswprintf.c: Move _IO_wstrnfile definition to strfile.h.
Export _IO_wstrn_jumps.
* libio/strfile.h: Define _IO_wstrnfile and declare _IO_wstrn_jumps.
* include/wchar.h: Declare __wcsncpy and __vswprintf_chk.
* debug/fgetws_chk.c: New file.
* debug/fgetws_u_chk.c: New file.
* debug/fwprintf_chk.c: New file.
* debug/swprintf_chk.c: New file.
* debug/vfwprintf_chk.c: New file.
* debug/vswprintf_chk.c: New file.
* debug/vwprintf_chk.c: New file.
* debug/wcpcpy_chk.c: New file.
* debug/wcpncpy_chk.c: New file.
* debug/wcscat_chk.c: New file.
* debug/wcscpy_chk.c: New file.
* debug/wcsncat_chk.c: New file.
* debug/wcsncpy_chk.c: New file.
* debug/wmemcpy_chk.c: New file.
* debug/wmemmove_chk.c: New file.
* debug/wmempcpy_chk.c: New file.
* debug/wmemset_chk.c: New file.
* debug/wprintf_chk.c: New file.
* debug/tst-chk1.c: Add tests for new functions.
* debug/Versions: Export new functions.
* debug/Makefile (routines): Add new functions.
* stdlib/stdlib.h: Include <bits/stdlib.h> if fortification is
requested.
* Makefile (headers): Add bits/stdlib.h.
* include/bits/stdlib.h: New file.
* debug/Depend: New file.
* debug/ptsname_r_chk.c: New file.
* debug/realpath_chk.c: New file.
* debug/wctomb_chk.c: New file.
* debug/Makefile (routines): Add ptsname_r_chk, realpath_chk, and
wctomb_chk.
* debug/Versions: Export __ptsname_r_chk, __realpath_chk, and
__wctomb_chk.
* debug/tst-chk1.c: Add tests for __ptsname_r_chk, __realpath_chk, and
__wctomb_chk.
* configure.in: Add --enable-stackguard-randomization option.
(ENABLE_STACKGUARD_RANDOMIZE): New define.
* config.h.in (ENABLE_STACKGUARD_RANDOMIZE): Add.
* sysdeps/unix/sysv/linux/dl-osinfo.h: Include stdint.h.
(_dl_setup_stack_chk_guard): New inline function.
* sysdeps/generic/dl-osinfo.h: Include stdint.h.
(_dl_setup_stack_chk_guard): New inline function.
* elf/rtld.c (__stack_chk_guard): New variable.
(dl_main): Remove all traces of TLS_INIT_TP_EXPENSIVE.
Set __stack_chk_guard to _dl_setup_stack_chk_guard (),
use THREAD_SET_STACK_GUARD if defined.
* elf/Versions (ld): Export __stack_chk_guard@@GLIBC_2.4.
* sysdeps/generic/libc-start.c (__stack_chk_guard): New variable.
(__libc_start_main): Set __stack_chk_guard to
_dl_setup_stack_chk_guard (), use THREAD_SET_STACK_GUARD if defined.
* sysdeps/generic/libc-tls.c (__libc_setup_tls): Remove all
traces of TLS_INIT_TP_EXPENSIVE.
* debug/Versions (libc): Export __stack_chk_fail@@GLIBC_2.4.
* debug/Makefile (routines): Add stack_chk_fail.
(static-only-routines): Add stack_chk_fail_local.
* debug/stack_chk_fail_local.c: New file.
* debug/stack_chk_fail.c: New file.
* elf/Makefile: Add rules to build and run tst-stackguard1{,-static}
tests.
* elf/tst-stackguard1.c: New file.
* elf/tst-stackguard1-static.c: New file.
* elf/stackguard-macros.h: New file.
determine the call will never trigger a failure.
* sysdeps/i386/i686/memset_chk.S: Remove alias and warning.
* sysdeps/x86_64/memset_chk.S: Likewise.
2005-02-24 Roland McGrath <roland@redhat.com>
* debug/Versions (libc: GLIBC_2.4): Remove
__memset_zero_constant_len_parameter.
* sysdeps/generic/memset_chk.c: Remove alias and warning.
* misc/sys/cdefs.h (__warndecl): New macro.
* debug/warning-nop.c: New file.
* string/bits/string3.h (memset): Call __warn_memset_zero_len with no
arguments, instead of calling __memset_zero_constant_len_parameter.
Use __warndecl for __warn_memset_zero_len.
* debug/Makefile (routines): Add $(static-only-routines).
(static-only-routines): New variable.
map if requested.
* debug/chk_fail.c: Request backtrace and memory map dump.
* Versions.def: Add GLIBC_2.4 for libc.
* debug/fgets_chk.c: New file.
* debug/fgets_u_chk.c: New file.
* debug/getcwd_chk.c: New file.
* debug/getwd_chk.c: New file.
* debug/readlink_chk.c: New file.
* debug/read_chk.c: New file.
* debug/pread_chk.c: New file.
* debug/pread64_chk.c: New file.
* debug/recv_chk.c: New file.
* debug/recvfrom_chk.c: New file.
* debug/Versions: Add all new functions with version GLIBC_2.4.
* debug/Makefile (routines): Add fgets_chk, fgets_u_chk, read_chk,
pread_chk, pread64_chk, recv_chk, recvfrom_chk, readlink_chk,
getwd_chk, and getcwd_chk. Plus appropriate CFLAGS definitions.
* debug/tst-chk1.c: Add more tests.
* libio/bits/stdio2.h: Add macros for fgets and fgets_unlocked.
* include/stdio.h: Declare __fgets_chk and __fgets_unlocked_chk.
* posix/unistd.h: Include <bits/unistd.h> for fortification.
* posix/bits/unistd.h: New file.
* posix/Makefile (headers): Add bits/unistd.h.
* socket/sys/socket.h: Include <bits/socket2.h> for fortification.
* socket/bits/socket2.h: New file.
* socket/Makefile (headers): Add bits/socket2.h.
* string/bits/string3.h: Extend memset macro to check for zero 3rd
parameter and use __memset_zero_constant_len_parameter in that case.
* sysdeps/generic/memset_chk.c: Add
__memset_zero_constant_len_parameter alias and linker warning.
* debug/Versions: Add __memset_zero_constant_len_parameter to libc
with version GLIBC_2.4.
* sysdeps/generic/bits/types.h: Don't unnecessarily use __extension__
in __STD_TYPE definition.
2005-02-21 Jakub Jelinek <jakub@redhat.com>
* malloc/malloc.c (malloc_printerr): If MALLOC_CHECK_={5,7}, print
the error message rather than program name.
2005-02-21 Ulrich Drepper <drepper@redhat.com>
1998-07-02 21:51 Ulrich Drepper <drepper@cygnus.com>
* Makeconfig: Define list of subdirs as all-subdirs and make subdirs
a copy.
* Makefile: Add rules to generate map files.
(distribute): Remove libc.map, add Versions.def and versions.awk.
* Makerules: Change rules to find map files on common-objpfx.
* elf/Makefile: Likewise.
* md5-crypt/Makefile: Likewise.
* nis/Makefile (libnsl-map): Remove.
* Versions.def: New file.
* versions.awk: New file.
* argp/Versions: New file.
* assert/Versions: New file.
* catgets/Versions: New file.
* csu/Versions: New file.
* ctype/Versions: New file.
* db/Versions: New file.
* debug/Versions: New file.
* dirent/Versions: New file.
* elf/Versions: New file.
* gmon/Versions: New file.
* grp/Versions: New file.
* hesiod/Versions: New file.
* hurd/Versions: New file.
* iconv/Versions: New file.
* inet/Versions: New file.
* intl/Versions: New file.
* io/Versions: New file.
* libio/Versions: New file.
* linuxthreads/Versions: New file.
* locale/Versions: New file.
* login/Versions: New file.
* malloc/Versions: New file.
* math/Versions: New file.
* md5-crypt/Versions: New file.
* misc/Versions: New file.
* nis/Versions: New file.
* nss/Versions: New file.
* posix/Versions: New file.
* pwd/Versions: New file.
* resolv/Versions: New file.
* resource/Versions: New file.
* rt/Versions: New file.
* setjmp/Versions: New file.
* shadow/Versions: New file.
* signal/Versions: New file.
* socket/Versions: New file.
* stdio/Versions: New file.
* stdio-common/Versions: New file.
* stdlib/Versions: New file.
* streams/Versions: New file.
* string/Versions: New file.
* sunrpc/Versions: New file.
* sysdeps/alpha/Versions: New file.
* sysdeps/alpha/fpu/Versions: New file.
* sysdeps/i386/Versions: New file.
* sysdeps/sparc/Versions: New file.
* sysdeps/unix/sysv/Versions: New file.
* sysdeps/unix/sysv/linux/Versions: New file.
* sysdeps/unix/sysv/linux/alpha/Versions: New file.
* sysdeps/unix/sysv/linux/i386/Versions: New file.
* sysdeps/unix/sysv/linux/mips/Versions: New file.
* sysvipc/Versions: New file.
* termios/Versions: New file.
* time/Versions: New file.
* wcsmbs/Versions: New file.
* wctype/Versions: New file.
* libc.map: Removed.
* db/libdb.map: Removed.
* elf/libdl.map: Removed.
* hesiod/libnss_hesiod.map: Removed.
* hurd/libhurduser.map: Removed.
* hurd/libmachuser.map: Removed.
* linuxthreads/libpthread.map: Removed.
* locale/libBrokenLocale.map: Removed.
* login/libutil.map: Removed.
* math/libm.map: Removed.
* md5-crypt/libcrypt.map: Removed.
* nis/libnsl.map: Removed.
* nis/libnsl_compat.map: Removed.
* nis/libnss_nis.map: Removed.
* nis/libnss_nisplus.map: Removed.
* nss/libnss_db.map: Removed.
* nss/libnss_files.map: Removed.
* resolv/libnss_dns.map: Removed.
* resolv/libresolv.map: Removed.
* rt/librt.map: Removed.
* elf/dl-load.c (fillin_rpath): Fix test for trusted directory.
Fix typos.
* elf/rtld.c (process_dl_debug): Recognize 'all'.
(process_envvars): LD_BIND_NOW must be followed by y, Y, or 1.
* sysdeps/generic/elf/backtracesyms.c: Allocate string memory of
correct size.
* sysdeps/unix/sysv/linux/getsysstats.c (get_proc_path): Fix typo
in comment.