Prepare the system for _FORTIFY_SOURCE

kevans91 · kevans91 · commit e55512504d01 · 2024-05-13T00:23:50.000-05:00
Notably: - libc needs to #undef some of the macros from ssp/* for underlying implementations - ssp/* wants a __RENAME() macro (snatched more or less from NetBSD) There's some extra hinkiness included for read(), since libc spells it as "_read" while the rest of the world spells it "read." Reviewed by: imp, ngie Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D32307
diff --git a/contrib/netbsd-tests/lib/libc/ssp/h_gets.c b/contrib/netbsd-tests/lib/libc/ssp/h_gets.c
@@ -34,6 +34,9 @@ __RCSID("$NetBSD: h_gets.c,v 1.1 2010/12/27 02:04:19 pgoyette Exp $");
 #include <stdio.h>
 
 #ifdef __FreeBSD__
+/* _FORTIFY_SOURCE, at the very least, may #define a gets() macro. */
+#undef gets
+
 /*
  * We want to test the gets() implementation, but cannot simply link against
  * the gets symbol because it is not in the default version. (We've made it
diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h
@@ -39,8 +39,12 @@
 #if __SSP_FORTIFY_LEVEL > 0
 __BEGIN_DECLS
 
-__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \
-    (__fd, __buf, __len));
+#ifndef _FORTIFY_SOURCE_read
+#define	_FORTIFY_SOURCE_read	read
+#endif
+
+__ssp_redirect0(ssize_t, _FORTIFY_SOURCE_read, (int __fd, void *__buf,
+    size_t __len), (__fd, __buf, __len));
 
 __ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \
     char *__restrict __buf, size_t __len), (__path, __buf, __len));
diff --git a/lib/libc/Makefile b/lib/libc/Makefile
@@ -19,6 +19,8 @@ LIBC_ARCH=${M}
 LIBC_ARCH=${MACHINE_CPUARCH}
 .endif
 
+CFLAGS+=-D_FORTIFY_SOURCE_read=_read
+
 # All library objects contain FreeBSD revision strings by default; they may be
 # excluded as a space-saving measure.  To produce a library that does
 # not contain these strings, add -DSTRIP_FBSDID (see <sys/cdefs.h>) to CFLAGS
diff --git a/lib/libc/amd64/string/bcopy.c b/lib/libc/amd64/string/bcopy.c
@@ -4,6 +4,8 @@
 
 #include <string.h>
 
+#undef bcopy	/* _FORTIFY_SOURCE */
+
 void
 bcopy(const void *src, void *dst, size_t len)
 {
diff --git a/lib/libc/amd64/string/bzero.c b/lib/libc/amd64/string/bzero.c
@@ -4,6 +4,8 @@
 
 #include <string.h>
 
+#undef bzero	/* _FORTIFY_SOURCE */
+
 void
 bzero(void *b, size_t len)
 {
diff --git a/lib/libc/amd64/string/strncat.c b/lib/libc/amd64/string/strncat.c
@@ -8,6 +8,8 @@
 
 #include <string.h>
 
+#undef strncat	/* _FORTIFY_SOURCE */
+
 void *__memccpy(void *restrict, const void *restrict, int, size_t);
 
 char *
diff --git a/lib/libc/amd64/string/strncpy.c b/lib/libc/amd64/string/strncpy.c
@@ -29,6 +29,8 @@
 #include <sys/cdefs.h>
 #include <string.h>
 
+#undef strncpy	/* _FORTIFY_SOURCE */
+
 char *__stpncpy(char *restrict, const char *restrict, size_t);
 
 char *
diff --git a/lib/libc/gen/getcwd.c b/lib/libc/gen/getcwd.c
@@ -40,6 +40,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <ssp/ssp.h>
 #include "un-namespace.h"
 
 #include "gen-private.h"
@@ -51,7 +52,7 @@
 extern int __getcwd(char *, size_t);
 
 char *
-getcwd(char *pt, size_t size)
+__ssp_real(getcwd)(char *pt, size_t size)
 {
 	struct dirent *dp;
 	DIR *dir = NULL;
diff --git a/lib/libc/stdio/fgets.c b/lib/libc/stdio/fgets.c
@@ -40,6 +40,8 @@
 #include "local.h"
 #include "libc_private.h"
 
+#undef fgets	/* _FORTIFY_SOURCE */
+
 /*
  * Read at most n-1 characters from the given file.
  * Stop when a newline has been read, or the count runs out.
diff --git a/lib/libc/stdio/snprintf.c b/lib/libc/stdio/snprintf.c
@@ -45,6 +45,8 @@
 
 #include "local.h"
 
+#undef snprintf	/* _FORTIFY_SOURCE */
+
 int
 snprintf(char * __restrict str, size_t n, char const * __restrict fmt, ...)
 {
diff --git a/lib/libc/stdio/sprintf.c b/lib/libc/stdio/sprintf.c
@@ -43,6 +43,8 @@
 #include "local.h"
 #include "xlocale_private.h"
 
+#undef sprintf	/* _FORTIFY_SOURCE */
+
 int
 sprintf(char * __restrict str, char const * __restrict fmt, ...)
 {
diff --git a/lib/libc/stdio/vsnprintf.c b/lib/libc/stdio/vsnprintf.c
@@ -43,6 +43,8 @@
 #include "local.h"
 #include "xlocale_private.h"
 
+#undef vsnprintf	/* _FORTIFY_SOURCE */
+
 int
 vsnprintf_l(char * __restrict str, size_t n, locale_t locale, 
 		const char * __restrict fmt, __va_list ap)
diff --git a/lib/libc/stdio/vsprintf.c b/lib/libc/stdio/vsprintf.c
@@ -42,6 +42,8 @@
 #include "local.h"
 #include "xlocale_private.h"
 
+#undef vsprintf	/* _FORTIFY_SOURCE */
+
 int
 vsprintf_l(char * __restrict str, locale_t locale,
 		const char * __restrict fmt, __va_list ap)
diff --git a/lib/libc/string/bcopy.c b/lib/libc/string/bcopy.c
@@ -47,6 +47,9 @@ typedef	intptr_t word;		/* "word" used for optimal copy speed */
 #if defined(MEMCOPY) || defined(MEMMOVE)
 #include <string.h>
 
+#undef memcpy	/* _FORTIFY_SOURCE */
+#undef memmove	/* _FORTIFY_SOURCE */
+
 void *
 #ifdef MEMCOPY
 memcpy
@@ -57,6 +60,8 @@ memmove
 #else
 #include <strings.h>
 
+#undef bcopy	/* _FORTIFY_SOURCE */
+
 void
 bcopy(const void *src0, void *dst0, size_t length)
 #endif
diff --git a/lib/libc/string/memset.c b/lib/libc/string/memset.c
@@ -42,6 +42,8 @@
 #ifdef BZERO
 #include <strings.h>
 
+#undef bzero	/* _FORTIFY_SOURCE */
+
 #define	RETURN	return
 #define	VAL	0
 #define	WIDEVAL	0
@@ -51,6 +53,8 @@ bzero(void *dst0, size_t length)
 #else
 #include <string.h>
 
+#undef memset	/* _FORTIFY_SOURCE */
+
 #define	RETURN	return (dst0)
 #define	VAL	c0
 #define	WIDEVAL	c
diff --git a/lib/libc/string/stpcpy.c b/lib/libc/string/stpcpy.c
@@ -33,6 +33,8 @@
 
 #include <string.h>
 
+#undef stpcpy	/* _FORTIFY_SOURCE */
+
 char *
 stpcpy(char * __restrict to, const char * __restrict from)
 {
diff --git a/lib/libc/string/stpncpy.c b/lib/libc/string/stpncpy.c
@@ -28,6 +28,8 @@
 
 #include <string.h>
 
+#undef stpncpy	/* _FORTIFY_SOURCE */
+
 char *
 stpncpy(char * __restrict dst, const char * __restrict src, size_t n)
 {
diff --git a/lib/libc/string/strcat.c b/lib/libc/string/strcat.c
@@ -31,6 +31,8 @@
 
 #include <string.h>
 
+#undef strcat	/* _FORTIFY_SOURCE */
+
 char *
 strcat(char * __restrict s, const char * __restrict append)
 {
diff --git a/lib/libc/string/strncat.c b/lib/libc/string/strncat.c
@@ -34,6 +34,8 @@
 
 #include <string.h>
 
+#undef strncat	/* _FORTIFY_SOURCE */
+
 /*
  * Concatenate src on the end of dst.  At most strlen(dst)+n+1 bytes
  * are written at dst (at most n+1 bytes being appended).  Return dst.
diff --git a/sys/sys/cdefs.h b/sys/sys/cdefs.h
@@ -609,6 +609,16 @@
 #define	__DEQUALIFY(type, var)	((type)(__uintptr_t)(const volatile void *)(var))
 #endif
 
+#if !defined(_STANDALONE) && !defined(_KERNEL)
+#if defined(__GNUC__) || defined(__PCC__)
+#define	__RENAME(x)	__asm(__STRING(x))
+#else
+#define	__RENAME(x)	no renaming support for compiler in use
+#endif /* __GNUC__ */
+#else /* _STANDALONE || _KERNEL */
+#define	__RENAME(x)	no renaming in kernel/standalone environment
+#endif
+
 /*-
  * The following definitions are an extension of the behavior originally
  * implemented in <sys/_posix.h>, but with a different level of granularity.

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,8 @@`
`4`	`4`
`5`	`5`	`#include <string.h>`
`6`	`6`
	`7`	`+#undef bcopy /* _FORTIFY_SOURCE */`
	`8`	`+`
`7`	`9`	`void`
`8`	`10`	`bcopy(const void src, void dst, size_t len)`
`9`	`11`	`{`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,8 @@`
`4`	`4`
`5`	`5`	`#include <string.h>`
`6`	`6`
	`7`	`+#undef bzero /* _FORTIFY_SOURCE */`
	`8`	`+`
`7`	`9`	`void`
`8`	`10`	`bzero(void *b, size_t len)`
`9`	`11`	`{`
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,8 @@`
`45`	`45`
`46`	`46`	`#include "local.h"`
`47`	`47`
	`48`	`+#undef snprintf /* _FORTIFY_SOURCE */`
	`49`	`+`
`48`	`50`	`int`
`49`	`51`	`snprintf(char * __restrict str, size_t n, char const * __restrict fmt, ...)`
`50`	`52`	`{`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,8 @@`
`43`	`43`	`#include "local.h"`
`44`	`44`	`#include "xlocale_private.h"`
`45`	`45`
	`46`	`+#undef sprintf /* _FORTIFY_SOURCE */`
	`47`	`+`
`46`	`48`	`int`
`47`	`49`	`sprintf(char * __restrict str, char const * __restrict fmt, ...)`
`48`	`50`	`{`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,8 @@`
`33`	`33`
`34`	`34`	`#include <string.h>`
`35`	`35`
	`36`	`+#undef stpcpy /* _FORTIFY_SOURCE */`
	`37`	`+`
`36`	`38`	`char *`
`37`	`39`	`stpcpy(char * __restrict to, const char * __restrict from)`
`38`	`40`	`{`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,8 @@`
`28`	`28`
`29`	`29`	`#include <string.h>`
`30`	`30`
	`31`	`+#undef stpncpy /* _FORTIFY_SOURCE */`
	`32`	`+`
`31`	`33`	`char *`
`32`	`34`	`stpncpy(char * __restrict dst, const char * __restrict src, size_t n)`
`33`	`35`	`{`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,8 @@`
`31`	`31`
`32`	`32`	`#include <string.h>`
`33`	`33`
	`34`	`+#undef strcat /* _FORTIFY_SOURCE */`
	`35`	`+`
`34`	`36`	`char *`
`35`	`37`	`strcat(char * __restrict s, const char * __restrict append)`
`36`	`38`	`{`