atmos
/
fortify-headers
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
standlone fortify heaaders
163 Commits 2 Branches 11 Tags 159 KiB
C 98.1%
Makefile 1.9%
Go to file
A. Wilcox a9ffac8596 Don't use __extension__ in C++ code 
A few important notes:

*  __extension__ is a GNU C "alternate" keyword, not a C++ keyword.[1]

*  __extension__ is designed to work on "expressions"; it does work on
   #include_next in C mode, but it has no effect in C++ mode; the
   warning will still appear, if enabled, even with __extension__
   preceding #include_next.  This is because #include_next is not
   considered an expression in C++, so the compiler attaches
   __extension__ to the first expression of the header.

All of this leads us to a build failure while building at least all
Mozilla software.  Moz has an alternate -isystem dir searched before
/usr/include that overrides some headers, including <features.h>.  The
first statement in each of these headers is a #pragma, and since
__extension__ is looking for an expression, and #pragma is a "null"
expression, we end up with the following error:

dist/system_wrappers/features.h:1:9: error: '#pragma' is not allowed here

Since __extension__ has no effect on #include_next in C++ mode anyway,
and since it can cause breakage, this commit omits __extension__ in C++
mode.

[1]: https://gcc.gnu.org/onlinedocs/gcc-6.4.0/gcc/Alternate-Keywords.html
 		2018-07-24 11:00:30 +01:00
include Don't use __extension__ in C++ code 2018-07-24 11:00:30 +01:00
LICENSE Bump copyright year 2016-09-10 12:54:17 +01:00
Makefile Bump to 0.9 2017-08-22 11:38:57 +01:00
README Be less verbose in README 2015-05-19 10:22:59 +01:00

README 

What is it?
===========

This is a standalone implementation of fortify source[0].  It provides
compile time buffer checks.  It is libc-agnostic and simply overlays the
system headers by using the #include_next extension found in GCC.  It was
initially intended to be used on musl[1] based Linux distributions[2].


Features
========

- It is portable, works on *BSD, Linux, Solaris and possibly others.
- It will only trap non-conformant programs.  This means that fortify
  level 2 is treated in the same way as level 1.
- Avoids making function calls when undefined behaviour has already been
  invoked.  This is handled by using __builtin_trap().
- Support for out-of-bounds read interfaces, such as send(), write(),
  fwrite() etc.
- No ABI is enforced.  All of the fortify check functions are inlined
  into the resulting binary.


Sample usage
============

If you want to quickly test it, you can try something like the following:

cat > fgets.c <<EOF
#include <stdio.h>
int
main(void)
{
	char buf[BUFSIZ];
	fgets(buf, sizeof(buf) + 1, stdin);
	return 0;
}
EOF
cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
./a.out

At this point, the program will safely crash.


Supported interfaces
====================

FD_CLR
FD_SET
bcopy
bzero
confstr
fgets
fgetws
fread
fwrite
getcwd
getdomainname
getgroups
gethostname
getlogin_r
mbsnrtowcs
mbsrtowcs
mbstowcs
memcpy
memmove
mempcpy
memset
poll
ppoll
pread
read
readlink
readlinkat
realpath
recv
recvfrom
send
sendto
snprintf
sprintf
stpcpy
stpncpy
strcat
strcpy
strlcat
strlcpy
strncat
strncpy
ttyname_r
vsnprintf
vsprintf
wcrtomb
wcscat
wcscpy
wcsncat
wcsncpy
wcsnrtombs
wcsrtombs
wcstombs
wctomb
wmemcpy
wmemmove
wmemset
write


[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
[1] http://www.musl-libc.org/
[2] http://git.alpinelinux.org/cgit/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e