* [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2}
@ 2006-04-24 16:32 Jakub Jelinek
2006-04-24 17:01 ` Ulrich Drepper
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2006-04-24 16:32 UTC (permalink / raw)
To: Ulrich Drepper, Roland McGrath; +Cc: Glibc hackers
Hi!
readlinkat needs very similar treatment to readlink to fortify it.
Tested with make check subdirs=debug.
2006-04-24 Jakub Jelinek <jakub@redhat.com>
* posix/bits/unistd.h (__readlinkat_chk): New prototype.
(__readlinkat_alias): New alias.
(readlinkat): New inline function.
* include/unistd.h (readlinkat): Add libc_hidden_proto.
* sysdeps/unix/sysv/linux/readlinkat.c (readlinkat): Add
libc_hidden_def.
* io/readlinkat.c (readlinkat): Likewise.
* debug/readlinkat_chk.c: New file.
* debug/Makefile (routines): Add readlinkat_chk.
* debug/Versions (libc): Export __readlinkat_chk@@GLIBC_2.5.
* debug/tst-chk1.c (do_test): Add readlinkat tests.
--- libc/posix/bits/unistd.h.jj 2006-04-07 12:51:01.000000000 +0200
+++ libc/posix/bits/unistd.h 2006-04-24 18:11:29.000000000 +0200
@@ -100,6 +100,28 @@ __NTH (readlink (__const char *__restric
}
#endif
+#ifdef __USE_ATFILE
+extern ssize_t __readlinkat_chk (int __fd, __const char *__restrict __path,
+ char *__restrict __buf, size_t __len,
+ size_t __buflen)
+ __THROW __nonnull ((2, 3)) __wur;
+extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
+ (int __fd, __const char *__restrict __path,
+ char *__restrict __buf, size_t __len),
+ readlinkat)
+ __nonnull ((2, 3)) __wur;
+
+extern __always_inline __nonnull ((2, 3)) __wur ssize_t
+__NTH (readlinkat (int __fd, __const char *__restrict __path,
+ char *__restrict __buf, size_t __len))
+{
+ if (__bos (__buf) != (size_t) -1
+ && (!__builtin_constant_p (__len) || __len > __bos (__buf)))
+ return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf));
+ return __readlinkat_alias (__fd, __path, __buf, __len);
+}
+#endif
+
extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
__THROW __wur;
extern char *__REDIRECT_NTH (__getcwd_alias,
--- libc/sysdeps/unix/sysv/linux/readlinkat.c.jj 2006-04-04 18:19:12.000000000 +0200
+++ libc/sysdeps/unix/sysv/linux/readlinkat.c 2006-04-24 18:04:41.000000000 +0200
@@ -87,3 +87,4 @@ readlinkat (fd, path, buf, len)
return result;
#endif
}
+libc_hidden_def (readlinkat)
--- libc/io/readlinkat.c.jj 2006-04-04 18:19:11.000000000 +0200
+++ libc/io/readlinkat.c 2006-04-24 18:28:25.000000000 +0200
@@ -46,5 +46,6 @@ readlinkat (fd, path, buf, len)
return -1;
}
stub_warning (readlinkat)
+libc_hidden_def (readlinkat)
#include <stub-tag.h>
--- libc/debug/tst-chk1.c.jj 2005-09-12 09:20:17.000000000 +0200
+++ libc/debug/tst-chk1.c 2006-04-24 18:18:55.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
@@ -944,6 +944,34 @@ do_test (void)
CHK_FAIL_END
#endif
+ int tmpfd = open ("/tmp", O_RDONLY | O_DIRECTORY);
+ if (tmpfd < 0)
+ FAIL ();
+
+ if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf, 4) != 3
+ || memcmp (readlinkbuf, "bar", 3) != 0)
+ FAIL ();
+ if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf + 1,
+ l0 + 3) != 3
+ || memcmp (readlinkbuf, "bbar", 4) != 0)
+ FAIL ();
+
+#if __USE_FORTIFY_LEVEL >= 1
+ CHK_FAIL_START
+ if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf + 2,
+ l0 + 3) != 3)
+ FAIL ();
+ CHK_FAIL_END
+
+ CHK_FAIL_START
+ if (readlinkat (tmpfd, fname + sizeof ("/tmp/") - 1, readlinkbuf + 3,
+ 4) != 3)
+ FAIL ();
+ CHK_FAIL_END
+#endif
+
+ close (tmpfd);
+
char *cwd1 = getcwd (NULL, 0);
if (cwd1 == NULL)
FAIL ();
--- libc/debug/Versions.jj 2005-07-28 15:56:58.000000000 +0200
+++ libc/debug/Versions 2006-04-24 18:13:26.000000000 +0200
@@ -36,4 +36,7 @@ libc {
__stack_chk_fail;
}
+ GLIBC_2.5 {
+ __readlinkat_chk;
+ }
}
--- libc/debug/readlinkat_chk.c.jj 2006-04-24 18:01:51.000000000 +0200
+++ libc/debug/readlinkat_chk.c 2006-04-24 18:04:50.000000000 +0200
@@ -0,0 +1,31 @@
+/* Copyright (C) 2006 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <unistd.h>
+#include <sys/param.h>
+
+
+ssize_t
+__readlinkat_chk (int fd, const char *path, void *buf, size_t len,
+ size_t buflen)
+{
+ if (len > buflen)
+ __chk_fail ();
+
+ return readlinkat (fd, path, buf, len);
+}
--- libc/debug/Makefile.jj 2005-07-28 15:56:58.000000000 +0200
+++ libc/debug/Makefile 2006-04-24 18:12:35.000000000 +0200
@@ -31,7 +31,8 @@ routines = backtrace backtracesyms back
printf_chk fprintf_chk vprintf_chk vfprintf_chk \
gets_chk chk_fail readonly-area fgets_chk fgets_u_chk \
read_chk pread_chk pread64_chk recv_chk recvfrom_chk \
- readlink_chk getwd_chk getcwd_chk realpath_chk ptsname_r_chk \
+ readlink_chk readlinkat_chk getwd_chk getcwd_chk \
+ realpath_chk ptsname_r_chk \
wctomb_chk wcscpy_chk wmemcpy_chk wmemmove_chk wmempcpy_chk \
wcpcpy_chk wcsncpy_chk wcscat_chk wcsncat_chk wmemset_chk \
wcpncpy_chk \
--- libc/include/unistd.h.jj 2006-02-23 14:29:22.000000000 +0100
+++ libc/include/unistd.h 2006-02-23 14:29:22.000000000 +0100
@@ -15,6 +15,7 @@ libc_hidden_proto (getlogin_r)
libc_hidden_proto (seteuid)
libc_hidden_proto (setegid)
libc_hidden_proto (tcgetpgrp)
+libc_hidden_proto (readlinkat)
/* Now define the internal interfaces. */
extern int __access (__const char *__name, int __type);
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2}
2006-04-24 16:32 [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2} Jakub Jelinek
@ 2006-04-24 17:01 ` Ulrich Drepper
0 siblings, 0 replies; 2+ messages in thread
From: Ulrich Drepper @ 2006-04-24 17:01 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Glibc hackers
[-- Attachment #1: Type: text/plain, Size: 101 bytes --]
Applied.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 253 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-04-24 17:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-04-24 16:32 [PATCH] Fortify readlinkat when -D_FORTIFY_SOURCE={1,2} Jakub Jelinek
2006-04-24 17:01 ` Ulrich Drepper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).