standlone fortify heaaders
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
sin e3fee64643
Bump to 1.1
4 years ago
include getgroups: do not trap on non-positive gidsetsize 4 years ago
LICENSE Bump copyright 4 years ago
Makefile Bump to 1.1 4 years ago
README Be less verbose in README 7 years ago

README

What is it?
===========

This is a standalone implementation of fortify source[0]. It provides
compile time buffer checks. It is libc-agnostic and simply overlays the
system headers by using the #include_next extension found in GCC. It was
initially intended to be used on musl[1] based Linux distributions[2].


Features
========

- It is portable, works on *BSD, Linux, Solaris and possibly others.
- It will only trap non-conformant programs. This means that fortify
level 2 is treated in the same way as level 1.
- Avoids making function calls when undefined behaviour has already been
invoked. This is handled by using __builtin_trap().
- Support for out-of-bounds read interfaces, such as send(), write(),
fwrite() etc.
- No ABI is enforced. All of the fortify check functions are inlined
into the resulting binary.


Sample usage
============

If you want to quickly test it, you can try something like the following:

cat > fgets.c <
int
main(void)
{
char buf[BUFSIZ];
fgets(buf, sizeof(buf) + 1, stdin);
return 0;
}
EOF
cc -I -D_FORTIFY_SOURCE=1 -O1 fgets.c
./a.out

At this point, the program will safely crash.


Supported interfaces
====================

FD_CLR
FD_SET
bcopy
bzero
confstr
fgets
fgetws
fread
fwrite
getcwd
getdomainname
getgroups
gethostname
getlogin_r
mbsnrtowcs
mbsrtowcs
mbstowcs
memcpy
memmove
mempcpy
memset
poll
ppoll
pread
read
readlink
readlinkat
realpath
recv
recvfrom
send
sendto
snprintf
sprintf
stpcpy
stpncpy
strcat
strcpy
strlcat
strlcpy
strncat
strncpy
ttyname_r
vsnprintf
vsprintf
wcrtomb
wcscat
wcscpy
wcsncat
wcsncpy
wcsnrtombs
wcsrtombs
wcstombs
wctomb
wmemcpy
wmemmove
wmemset
write


[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
[1] http://www.musl-libc.org/
[2] http://git.alpinelinux.org/cgit/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e