summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 759111c)
raw | patch | inline | side by side (parent: 759111c)
| author | Nick Kralevich <nnk@google.com> | |
| Tue, 24 Sep 2013 23:32:07 +0000 (16:32 -0700) | ||
| committer | Nick Kralevich <nnk@google.com> | |
| Tue, 24 Sep 2013 23:45:01 +0000 (16:45 -0700) |
Fortify calls to recv() and recvfrom().
We use __bos0 to match glibc's behavior, and because I haven't
tested using __bos.
Change-Id: Iad6ae96551a89af17a9c347b80cdefcf2020c505
We use __bos0 to match glibc's behavior, and because I haven't
tested using __bos.
Change-Id: Iad6ae96551a89af17a9c347b80cdefcf2020c505
| libc/Android.mk | patch | blob | history | |
| libc/bionic/__recvfrom_chk.cpp | [new file with mode: 0644] | patch | blob |
| libc/include/sys/socket.h | patch | blob | history | |
| tests/fortify_test.cpp | patch | blob | history |
diff --git a/libc/Android.mk b/libc/Android.mk
index 273b73e3dbee3cf00c4da69f769cb82fcfd19d67..f685565d6cfbbdd1a3e0f63d0eda32bd93323c04 100644 (file)
--- a/libc/Android.mk
+++ b/libc/Android.mk
bionic/__memcpy_chk.cpp \
bionic/__memmove_chk.cpp \
bionic/__memset_chk.cpp \
+ bionic/__recvfrom_chk.cpp \
bionic/__strcat_chk.cpp \
bionic/__strchr_chk.cpp \
bionic/__strcpy_chk.cpp \
diff --git a/libc/bionic/__recvfrom_chk.cpp b/libc/bionic/__recvfrom_chk.cpp
--- /dev/null
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#undef _FORTIFY_SOURCE
+
+#include <stddef.h>
+#include <sys/socket.h>
+#include "libc_logging.h"
+
+extern "C"
+ssize_t __recvfrom_chk(int socket, void* buf, size_t len, size_t buflen, unsigned int flags,
+ const struct sockaddr* src_addr, socklen_t* addrlen)
+{
+ if (__predict_false(len > buflen)) {
+ __fortify_chk_fail("recvfrom overflow", 0);
+ }
+
+ return recvfrom(socket, buf, len, flags, src_addr, addrlen);
+}
index 17ba0a18d4a2fbcde25a98d675d7eacedce5d791..ed7c4a025e820636d5da1a1437c01dffc8d47180 100644 (file)
__socketcall ssize_t sendto(int, const void *, size_t, int, const struct sockaddr *, socklen_t);
__socketcall ssize_t recvfrom(int, void *, size_t, unsigned int, const struct sockaddr *, socklen_t *);
+#if defined(__BIONIC_FORTIFY)
+__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer");
+extern ssize_t __recvfrom_chk(int, void*, size_t, size_t, unsigned int, const struct sockaddr*, socklen_t *);
+extern ssize_t __recvfrom_real(int, void *, size_t, unsigned int, const struct sockaddr*, socklen_t*)
+ __asm__(__USER_LABEL_PREFIX__ "recvfrom");
+
+__BIONIC_FORTIFY_INLINE
+ssize_t recvfrom(int fd, void* buf, size_t len, unsigned int flags, const struct sockaddr* src_addr, socklen_t* addrlen) {
+ size_t bos = __bos0(buf);
+
+#if !defined(__clang__)
+ if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+ return __recvfrom_real(fd, buf, len, flags, src_addr, addrlen);
+ }
+
+ if (__builtin_constant_p(len) && (len <= bos)) {
+ return __recvfrom_real(fd, buf, len, flags, src_addr, addrlen);
+ }
+
+ if (__builtin_constant_p(len) && (len > bos)) {
+ __recvfrom_error();
+ }
+#endif
+
+ return __recvfrom_chk(fd, buf, len, bos, flags, src_addr, addrlen);
+}
+
+__BIONIC_FORTIFY_INLINE
+ssize_t recv(int socket, void *buf, size_t buflen, unsigned int flags) {
+ return recvfrom(socket, buf, buflen, flags, NULL, 0);
+}
+
+#endif /* __BIONIC_FORTIFY */
+
#undef __socketcall
__END_DECLS
diff --git a/tests/fortify_test.cpp b/tests/fortify_test.cpp
index 5ec15b811a6d9d245cbb955a33ef65b16f63c939..4ea868b791cda4204926710def2d7b50fc187166 100644 (file)
--- a/tests/fortify_test.cpp
+++ b/tests/fortify_test.cpp
#include <stdarg.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/socket.h>
// We have to say "DeathTest" here so gtest knows to run this test (which exits)
// in its own process. Unfortunately, the C preprocessor doesn't give us an
ASSERT_EXIT(umask(mask), testing::KilledBySignal(SIGABRT), "");
}
+TEST(DEATHTEST, recv_fortified) {
+ ::testing::FLAGS_gtest_death_test_style = "threadsafe";
+ size_t data_len = atoi("11"); // suppress compiler optimizations
+ char buf[10];
+ ASSERT_EXIT(recv(0, buf, data_len, 0), testing::KilledBySignal(SIGABRT), "");
+}
+
extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
extern "C" char* __strcat_chk(char*, const char*, size_t);