public inbox for libc-hacker@sourceware.org
 help / color / mirror / Atom feed
* [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2}
@ 2006-04-24 16:32 Jakub Jelinek
  2006-04-24 17:01 ` Ulrich Drepper
  0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2006-04-24 16:32 UTC (permalink / raw)
  To: Ulrich Drepper, Roland McGrath; +Cc: Glibc hackers

Hi!

readlinkat needs very similar treatment to readlink to fortify it.
Tested with make check subdirs=debug.

2006-04-24  Jakub Jelinek  <jakub@redhat.com>

	* posix/bits/unistd.h (__readlinkat_chk): New prototype.
	(__readlinkat_alias): New alias.
	(readlinkat): New inline function.
	* include/unistd.h (readlinkat): Add libc_hidden_proto.
	* sysdeps/unix/sysv/linux/readlinkat.c (readlinkat): Add
	libc_hidden_def.
	* io/readlinkat.c (readlinkat): Likewise.
	* debug/readlinkat_chk.c: New file.
	* debug/Makefile (routines): Add readlinkat_chk.
	* debug/Versions (libc): Export __readlinkat_chk@@GLIBC_2.5.
	* debug/tst-chk1.c (do_test): Add readlinkat tests.
	
--- libc/posix/bits/unistd.h.jj	2006-04-07 12:51:01.000000000 +0200
+++ libc/posix/bits/unistd.h	2006-04-24 18:11:29.000000000 +0200
@@ -100,6 +100,28 @@ __NTH (readlink (__const char *__restric
 }
 #endif
 
+#ifdef __USE_ATFILE
+extern ssize_t __readlinkat_chk (int __fd, __const char *__restrict __path,
+				 char *__restrict __buf, size_t __len,
+				 size_t __buflen)
+     __THROW __nonnull ((2, 3)) __wur;
+extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
+			       (int __fd, __const char *__restrict __path,
+				char *__restrict __buf, size_t __len),
+			       readlinkat)
+     __nonnull ((2, 3)) __wur;
+
+extern __always_inline __nonnull ((2, 3)) __wur ssize_t
+__NTH (readlinkat (int __fd, __const char *__restrict __path,
+		   char *__restrict __buf, size_t __len))
+{
+  if (__bos (__buf) != (size_t) -1
+      && (!__builtin_constant_p (__len) || __len > __bos (__buf)))
+    return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf));
+  return __readlinkat_alias (__fd, __path, __buf, __len);
+}
+#endif
+
 extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
      __THROW __wur;
 extern char *__REDIRECT_NTH (__getcwd_alias,
--- libc/sysdeps/unix/sysv/linux/readlinkat.c.jj	2006-04-04 18:19:12.000000000 +0200
+++ libc/sysdeps/unix/sysv/linux/readlinkat.c	2006-04-24 18:04:41.000000000 +0200
@@ -87,3 +87,4 @@ readlinkat (fd, path, buf, len)
   return result;
 #endif
 }
+libc_hidden_def (readlinkat)
--- libc/io/readlinkat.c.jj	2006-04-04 18:19:11.000000000 +0200
+++ libc/io/readlinkat.c	2006-04-24 18:28:25.000000000 +0200
@@ -46,5 +46,6 @@ readlinkat (fd, path, buf, len)
   return -1;
 }
 stub_warning (readlinkat)
+libc_hidden_def (readlinkat)
 
 #include <stub-tag.h>
--- libc/debug/tst-chk1.c.jj	2005-09-12 09:20:17.000000000 +0200
+++ libc/debug/tst-chk1.c	2006-04-24 18:18:55.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
 
@@ -944,6 +944,34 @@ do_test (void)
   CHK_FAIL_END
 #endif
 
+  int tmpfd = open ("/tmp", O_RDONLY | O_DIRECTORY);
+  if (tmpfd < 0)
+    FAIL ();
+
+  if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf, 4) != 3
+      || memcmp (readlinkbuf, "bar", 3) != 0)
+    FAIL ();
+  if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf + 1,
+		  l0 + 3) != 3
+      || memcmp (readlinkbuf, "bbar", 4) != 0)
+    FAIL ();
+
+#if __USE_FORTIFY_LEVEL >= 1
+  CHK_FAIL_START
+  if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf + 2,
+		  l0 + 3) != 3)
+    FAIL ();
+  CHK_FAIL_END
+
+  CHK_FAIL_START
+  if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf + 3,
+		  4) != 3)
+    FAIL ();
+  CHK_FAIL_END
+#endif
+
+  close (tmpfd);
+
   char *cwd1 = getcwd (NULL, 0);
   if (cwd1 == NULL)
     FAIL ();
--- libc/debug/Versions.jj	2005-07-28 15:56:58.000000000 +0200
+++ libc/debug/Versions	2006-04-24 18:13:26.000000000 +0200
@@ -36,4 +36,7 @@ libc {
 
     __stack_chk_fail;
   }
+  GLIBC_2.5 {
+    __readlinkat_chk;
+  }
 }
--- libc/debug/readlinkat_chk.c.jj	2006-04-24 18:01:51.000000000 +0200
+++ libc/debug/readlinkat_chk.c	2006-04-24 18:04:50.000000000 +0200
@@ -0,0 +1,31 @@
+/* Copyright (C) 2006 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <unistd.h>
+#include <sys/param.h>
+
+
+ssize_t
+__readlinkat_chk (int fd, const char *path, void *buf, size_t len,
+		  size_t buflen)
+{
+  if (len > buflen)
+    __chk_fail ();
+
+  return readlinkat (fd, path, buf, len);
+}
--- libc/debug/Makefile.jj	2005-07-28 15:56:58.000000000 +0200
+++ libc/debug/Makefile	2006-04-24 18:12:35.000000000 +0200
@@ -31,7 +31,8 @@ routines  = backtrace backtracesyms back
 	    printf_chk fprintf_chk vprintf_chk vfprintf_chk \
 	    gets_chk chk_fail readonly-area fgets_chk fgets_u_chk \
 	    read_chk pread_chk pread64_chk recv_chk recvfrom_chk \
-	    readlink_chk getwd_chk getcwd_chk realpath_chk ptsname_r_chk \
+	    readlink_chk readlinkat_chk getwd_chk getcwd_chk \
+	    realpath_chk ptsname_r_chk \
 	    wctomb_chk wcscpy_chk wmemcpy_chk wmemmove_chk wmempcpy_chk \
 	    wcpcpy_chk wcsncpy_chk wcscat_chk wcsncat_chk wmemset_chk \
 	    wcpncpy_chk \
--- libc/include/unistd.h.jj	2006-02-23 14:29:22.000000000 +0100
+++ libc/include/unistd.h	2006-02-23 14:29:22.000000000 +0100
@@ -15,6 +15,7 @@ libc_hidden_proto (getlogin_r)
 libc_hidden_proto (seteuid)
 libc_hidden_proto (setegid)
 libc_hidden_proto (tcgetpgrp)
+libc_hidden_proto (readlinkat)
 
 /* Now define the internal interfaces.  */
 extern int __access (__const char *__name, int __type);

	Jakub

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2}
  2006-04-24 16:32 [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2} Jakub Jelinek
@ 2006-04-24 17:01 ` Ulrich Drepper
  0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Drepper @ 2006-04-24 17:01 UTC (permalink / raw)
  To: Jakub Jelinek; +Cc: Glibc hackers

[-- Attachment #1: Type: text/plain, Size: 101 bytes --]

Applied.

-- 
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 253 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2006-04-24 17:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-04-24 16:32 [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2} Jakub Jelinek
2006-04-24 17:01 ` Ulrich Drepper

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).