| #
1f155d48 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <sys/socket.h>
The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.
Reviewed by: markj
Sponsored by: Klara, Inc.
S
include: ssp: fortify <sys/socket.h>
The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45686
show more ...
|
| #
1ace24b3 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <sys/uio.h>
Check both the buffer size of the iov object itself, as well as that
of each indidvidually io base.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stor
include: ssp: fortify <sys/uio.h>
Check both the buffer size of the iov object itself, as well as that
of each indidvidually io base.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45684
show more ...
|
| #
062d9380 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <sys/random.h>
That is to say, fortify getrandom(2).
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/
include: ssp: fortify <sys/random.h>
That is to say, fortify getrandom(2).
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45683
show more ...
|
| #
b53d7aa8 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <wchar.h>
This includes all of the w*() equivalents to str*()/mem*() implemented
in more or less the same way. For these ones, we'll just use
header-only implementations from
include: ssp: fortify <wchar.h>
This includes all of the w*() equivalents to str*()/mem*() implemented
in more or less the same way. For these ones, we'll just use
header-only implementations from the start to stop further cluttering
the libc symbol table.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45682
show more ...
|
| #
d0b74459 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <stdlib.h>
The immediately obvious and attractive targets from <stdlib.h> are
arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal
much else of interest.
Rev
include: ssp: fortify <stdlib.h>
The immediately obvious and attractive targets from <stdlib.h> are
arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal
much else of interest.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45681
show more ...
|
| #
88276dfb |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify poll/ppoll from <poll.h>
For poll/ppoll we just need to bounds-check the poll array that we're
about to write out to.
Reviewed by: kib, markj (earlier version)
Sponsored by: K
include: ssp: fortify poll/ppoll from <poll.h>
For poll/ppoll we just need to bounds-check the poll array that we're
about to write out to.
Reviewed by: kib, markj (earlier version)
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45680
show more ...
|
|
Revision tags: release/14.1.0 |
|
| #
0ed58ac8 |
| 14-May-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: kill off leftover $FreeBSD$ tag
Most of these were fixed when rebasing the patch forward, but this one
seems to have been missed.
Reported by: marck
Fixes: be04fec426 ("Import _FORTIF
include: ssp: kill off leftover $FreeBSD$ tag
Most of these were fixed when rebasing the patch forward, but this one
seems to have been missed.
Reported by: marck
Fixes: be04fec426 ("Import _FORTIFY_SOURCE implementation [...]")
show more ...
|
| #
be04fec4 |
| 13-May-2024 |
Kyle Evans <kevans@FreeBSD.org> |
Import _FORTIFY_SOURCE implementation from NetBSD
This is a mostly-unmodified copy of the various *_chk implementations
and headers from NetBSD, without yet modifying system headers to start
actuall
Import _FORTIFY_SOURCE implementation from NetBSD
This is a mostly-unmodified copy of the various *_chk implementations
and headers from NetBSD, without yet modifying system headers to start
actually including them. A future commit will also apply the needed
bits to fix ssp/unistd.h.
Reviewed by: imp, pauamma_gundo.com (both previous versions), kib
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32306
show more ...
|