[hurd,commited 0/4] i686-gnu fixes against fortification

[hurd,commited 0/4] i686-gnu fixes against fortification

[Samuel Thibault]

*** BLURB HERE ***

Samuel Thibault (4):
  tst-*glob*: Do not check d_name size
  Subject: hurd: Make __realpath return EINVAL on NULL buf
  tst-realpath-toolong: return "unsupported" when PATH_MAX is undefined
  chk: Add and fix hidden builtin definitions for *_chk

 debug/longjmp_chk.c           |  1 +
 debug/realpath_chk.c          | 11 ++++++++++-
 debug/strncpy_chk.c           |  1 +
 include/setjmp.h              |  8 ++++++++
 include/stdlib.h              |  2 ++
 include/string.h              |  1 +
 posix/tst-glob_lstat_compat.c |  2 +-
 posix/tst-gnuglob-skeleton.c  |  2 +-
 setjmp/longjmp.c              |  2 ++
 stdlib/tst-realpath-toolong.c |  9 +++++----
 10 files changed, 32 insertions(+), 7 deletions(-)

-- 
2.40.1

[hurd,commited 1/4] tst-*glob*: Do not check d_name size

[Samuel Thibault]

Posix says that d_name is of unspecified size, and sizeof(d_name)
should not be used. It is indeed only 1-byte long in bits/dirent.h. We
can instead explictly provide the actual allocated size to
__strcpy_chk.
---
 posix/tst-glob_lstat_compat.c | 2 +-
 posix/tst-gnuglob-skeleton.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/posix/tst-glob_lstat_compat.c b/posix/tst-glob_lstat_compat.c
index 937ad77da3..6559954247 100644
--- a/posix/tst-glob_lstat_compat.c
+++ b/posix/tst-glob_lstat_compat.c
@@ -173,7 +173,7 @@ my_readdir (void *gdir)
 
   dir->d.d_type = filesystem[dir->idx].type;
 
-  strcpy (dir->d.d_name, filesystem[dir->idx].name);
+  __strcpy_chk (dir->d.d_name, filesystem[dir->idx].name, NAME_MAX);
 
   ++dir->idx;
 
diff --git a/posix/tst-gnuglob-skeleton.c b/posix/tst-gnuglob-skeleton.c
index 557cfcbd2a..998fc2d94d 100644
--- a/posix/tst-gnuglob-skeleton.c
+++ b/posix/tst-gnuglob-skeleton.c
@@ -222,7 +222,7 @@ my_readdir (void *gdir)
 
   dir->d.d_type = filesystem[dir->idx].type;
 
-  strcpy (dir->d.d_name, filesystem[dir->idx].name);
+  __strcpy_chk (dir->d.d_name, filesystem[dir->idx].name, NAME_MAX);
 
   if (test_verbose > 0)
     printf ("info: my_readdir ({ level: %d, idx: %ld })"
-- 
2.40.1

[hurd,commited 2/4] Subject: hurd: Make __realpath return EINVAL on NULL buf

[Samuel Thibault]

As Posix and stdlib/test-canon.c expects it, and rather than letting
pathconf crash.
---
 debug/realpath_chk.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/debug/realpath_chk.c b/debug/realpath_chk.c
index adfc09237c..8e734b534e 100644
--- a/debug/realpath_chk.c
+++ b/debug/realpath_chk.c
@@ -19,6 +19,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
 
 
 char *
@@ -30,7 +31,15 @@ __realpath_chk (const char *buf, char *resolved, size_t resolvedlen)
 
   return __realpath (buf, resolved);
 #else
-  long int pathmax =__pathconf (buf, _PC_PATH_MAX);
+  long int pathmax;
+
+  if (buf == NULL)
+    {
+      __set_errno (EINVAL);
+      return NULL;
+    }
+
+  pathmax = __pathconf (buf, _PC_PATH_MAX);
   if (pathmax != -1)
     {
       /* We do have a fixed limit.  */
-- 
2.40.1

[hurd,commited 3/4] tst-realpath-toolong: return "unsupported" when PATH_MAX is undefined

[Samuel Thibault]

When PATH_MAX is undefined, realpath cannot ever ENAMETOOLONG, so
this test is unsupported.
---
 stdlib/tst-realpath-toolong.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/stdlib/tst-realpath-toolong.c b/stdlib/tst-realpath-toolong.c
index 4388890294..a071fe7544 100644
--- a/stdlib/tst-realpath-toolong.c
+++ b/stdlib/tst-realpath-toolong.c
@@ -24,18 +24,18 @@
 #include <unistd.h>
 #include <support/check.h>
 #include <support/temp_file.h>
+#include <support/test-driver.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 
 #define BASENAME "tst-realpath-toolong."
 
-#ifndef PATH_MAX
-# define PATH_MAX 1024
-#endif
-
 int
 do_test (void)
 {
+#ifndef PATH_MAX
+  return EXIT_UNSUPPORTED;
+#else
   char *base = support_create_and_chdir_toolong_temp_directory (BASENAME);
 
   char buf[PATH_MAX + 1];
@@ -48,6 +48,7 @@ do_test (void)
 
   free (base);
   return 0;
+#endif
 }
 
 #include <support/test-driver.c>
-- 
2.40.1

[hurd,commited 4/4] chk: Add and fix hidden builtin definitions for *_chk

[Samuel Thibault]

Otherwise on gnu-i686 there are unwanted PLT entries in libc.so when
fortification is enabled.

Tested for i686-gnu, x86_64-gnu, i686-linux-gnu and x86_64-linux-gnu
---
 debug/longjmp_chk.c | 1 +
 debug/strncpy_chk.c | 1 +
 include/setjmp.h    | 8 ++++++++
 include/stdlib.h    | 2 ++
 include/string.h    | 1 +
 setjmp/longjmp.c    | 2 ++
 6 files changed, 15 insertions(+)

diff --git a/debug/longjmp_chk.c b/debug/longjmp_chk.c
index 1bc33c5769..c527e22db6 100644
--- a/debug/longjmp_chk.c
+++ b/debug/longjmp_chk.c
@@ -21,3 +21,4 @@
 #define __libc_siglongjmp __longjmp_chk
 
 #include <setjmp/longjmp.c>
+libc_hidden_def (__longjmp_chk)
diff --git a/debug/strncpy_chk.c b/debug/strncpy_chk.c
index cb142b820f..966df2739b 100644
--- a/debug/strncpy_chk.c
+++ b/debug/strncpy_chk.c
@@ -27,3 +27,4 @@ __strncpy_chk (char *s1, const char *s2, size_t n, size_t s1len)
 
   return strncpy (s1, s2, n);
 }
+libc_hidden_builtin_def (__strncpy_chk)
diff --git a/include/setjmp.h b/include/setjmp.h
index 26c6775d08..d2353be71b 100644
--- a/include/setjmp.h
+++ b/include/setjmp.h
@@ -11,6 +11,14 @@ extern void __longjmp (__jmp_buf __env, int __val)
 extern void ____longjmp_chk (__jmp_buf __env, int __val)
      __attribute__ ((__noreturn__)) attribute_hidden;
 
+extern void __longjmp_chk (sigjmp_buf env, int val)
+	  __attribute__ ((noreturn)) attribute_hidden;
+/* The redirection in the installed header does not work with
+   libc_hidden_proto.  */
+#define longjmp __longjmp_chk
+#define siglongjmp __longjmp_chk
+libc_hidden_proto (__longjmp_chk)
+
 /* Internal function to possibly save the current mask of blocked signals
    in ENV, and always set the flag saying whether or not it was saved.
    This is used by the machine-dependent definition of `__sigsetjmp'.
diff --git a/include/stdlib.h b/include/stdlib.h
index 7deb8193d7..d1d00c0f6f 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -59,6 +59,8 @@ libc_hidden_proto (__isoc23_strtoull_l)
    libc_hidden_proto.  */
 # undef strtol
 # define strtol __isoc23_strtol
+# undef atoi
+# define atoi(nptr) __isoc23_strtol(nptr, NULL, 10)
 # undef strtoul
 # define strtoul __isoc23_strtoul
 # undef strtoll
diff --git a/include/string.h b/include/string.h
index 659530d1aa..86d1fa4abe 100644
--- a/include/string.h
+++ b/include/string.h
@@ -214,6 +214,7 @@ libc_hidden_builtin_proto (__memmove_chk)
 libc_hidden_builtin_proto (__mempcpy_chk)
 libc_hidden_builtin_proto (__memset_chk)
 libc_hidden_builtin_proto (__stpcpy_chk)
+libc_hidden_builtin_proto (__strncpy_chk)
 
 #endif
 
diff --git a/setjmp/longjmp.c b/setjmp/longjmp.c
index 69f540ea22..24795ecbb5 100644
--- a/setjmp/longjmp.c
+++ b/setjmp/longjmp.c
@@ -19,6 +19,8 @@
 #include <setjmpP.h>
 #include <signal.h>
 
+#undef longjmp
+#undef siglongjmp
 
 /* Set the signal mask to the one specified in ENV, and jump
    to the position specified in ENV, causing the setjmp
-- 
2.40.1

Re: [hurd, commited 4/4] chk: Add and fix hidden builtin definitions for *_chk

[Sam James]

Samuel Thibault <samuel.thibault@ens-lyon.org> writes:

> Otherwise on gnu-i686 there are unwanted PLT entries in libc.so when
> fortification is enabled.
>
> Tested for i686-gnu, x86_64-gnu, i686-linux-gnu and x86_64-linux-gnu

Can this one be backported or not because it somewhat affects ABI?

(Not sure if it falls within what we consider stable or not.)

(Will need 41d8c3bc33bcae1ebb8077b0442caef4917f763a too if we do backport.)