|
Revision tags: release/14.3.0 |
|
| #
b0334450 |
| 18-May-2025 |
Ricardo Branco <rbranco@suse.de> |
include: ssp: fortify <signal.h>
sig2str(3)
Reviewed by: imp, kib, des, jilles
Pull Request: https://github.com/freebsd/freebsd-src/pull/1696
Closes: https://github.com/freebsd/freebsd-src/pull/1696
|
| #
873420ca |
| 27-Apr-2025 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
libc: Add getenv_r() function.
This is a calque of the NetBSD function of the same name.
MFC after: never
Relontes: yes
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://
libc: Add getenv_r() function.
This is a calque of the NetBSD function of the same name.
MFC after: never
Relontes: yes
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D49979
show more ...
|
|
Revision tags: release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3 |
|
| #
22178cb2 |
| 20-Mar-2025 |
Kyle Evans <kevans@FreeBSD.org> |
libc: tests: fix the gethostname() and getdomainname() tests
Instead of relying on any particular domainname and hostname to succeed,
spin up a jail before we execute the test with them set to some
libc: tests: fix the gethostname() and getdomainname() tests
Instead of relying on any particular domainname and hostname to succeed,
spin up a jail before we execute the test with them set to some known,
fixed values. This allows them to be meaningfully tested -- previously,
they were skipped much more often than not.
Reported by: jlduran
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49237
show more ...
|
| #
09cdbf04 |
| 20-Mar-2025 |
Kyle Evans <kevans@FreeBSD.org> |
libc: tests: allow fortified test cases to require root
An upcoming test will require root to create a jail with its own
domainname/hostname to avoid external requirements on the test runner
as we w
libc: tests: allow fortified test cases to require root
An upcoming test will require root to create a jail with its own
domainname/hostname to avoid external requirements on the test runner
as we want to fetch them with valid and plausible sizes.
Generate test headers for all cases to reduce churn in future diffs as
metadata is added to individual tests, or in case other test options
are added to correspond to different metadata to set.
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49236
show more ...
|
| #
85242b59 |
| 20-Mar-2025 |
Kyle Evans <kevans@FreeBSD.org> |
libc: tests: fix luacheck warnings in the fortification test generator
All of these are simple shadowing that don't need to happen; we're
passing the shadowed value through in every case anyways, ju
libc: tests: fix luacheck warnings in the fortification test generator
All of these are simple shadowing that don't need to happen; we're
passing the shadowed value through in every case anyways, just use it
in the closure in a more lua-natural fashion.
While we're here, lint the generator every time we generate tests to
ensure that we don't regress without having to remember to manually
run luacheck.
Reported by: jlduran
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49235
show more ...
|
|
Revision tags: release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0 |
|
| #
8983acc8 |
| 25-Oct-2024 |
Robert Clausecker <fuz@FreeBSD.org> |
lib/libc/string: apply SSP hardening and tests to memset_explicit
Reviewed by: emaste, kevans
Differential Revision: https://reviews.freebsd.org/D47286
|
|
Revision tags: release/13.4.0 |
|
| #
1f155d48 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <sys/socket.h>
The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.
Reviewed by: markj
Sponsored by: Klara, Inc.
S
include: ssp: fortify <sys/socket.h>
The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45686
show more ...
|
| #
2aba0eea |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <sys/select.h>
Notably sanity check indices passed to the FD_*() macros against the
size of the fd_set itself.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Storm
include: ssp: fortify <sys/select.h>
Notably sanity check indices passed to the FD_*() macros against the
size of the fd_set itself.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45685
show more ...
|
| #
1ace24b3 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <sys/uio.h>
Check both the buffer size of the iov object itself, as well as that
of each indidvidually io base.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stor
include: ssp: fortify <sys/uio.h>
Check both the buffer size of the iov object itself, as well as that
of each indidvidually io base.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45684
show more ...
|
| #
062d9380 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <sys/random.h>
That is to say, fortify getrandom(2).
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/
include: ssp: fortify <sys/random.h>
That is to say, fortify getrandom(2).
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45683
show more ...
|
| #
b53d7aa8 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <wchar.h>
This includes all of the w*() equivalents to str*()/mem*() implemented
in more or less the same way. For these ones, we'll just use
header-only implementations from
include: ssp: fortify <wchar.h>
This includes all of the w*() equivalents to str*()/mem*() implemented
in more or less the same way. For these ones, we'll just use
header-only implementations from the start to stop further cluttering
the libc symbol table.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45682
show more ...
|
| #
d0b74459 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify <stdlib.h>
The immediately obvious and attractive targets from <stdlib.h> are
arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal
much else of interest.
Rev
include: ssp: fortify <stdlib.h>
The immediately obvious and attractive targets from <stdlib.h> are
arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal
much else of interest.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45681
show more ...
|
| #
88276dfb |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: fortify poll/ppoll from <poll.h>
For poll/ppoll we just need to bounds-check the poll array that we're
about to write out to.
Reviewed by: kib, markj (earlier version)
Sponsored by: K
include: ssp: fortify poll/ppoll from <poll.h>
For poll/ppoll we just need to bounds-check the poll array that we're
about to write out to.
Reviewed by: kib, markj (earlier version)
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45680
show more ...
|
| #
cf8e5289 |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
include: ssp: round out fortification of current set of headers
ssp/ssp.h needed some improvements:
- `len` isn't always a size_t, it may need casted
- In some cases we may want to use a len that
include: ssp: round out fortification of current set of headers
ssp/ssp.h needed some improvements:
- `len` isn't always a size_t, it may need casted
- In some cases we may want to use a len that isn't specified as a
parameter (e.g., L_ctermid), so __ssp_redirect() should be more
flexible.
- In other cases we may want additional checking, so pull all of the
declaration bits out of __ssp_redirect_raw() so that some functions
can implement the body themselves.
strlcat/strlcpy should be the last of the fortified functions that get
their own __*_chk symbols, and these cases are only done to be
consistent with the rest of the str*() set.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45679
show more ...
|
| #
020d003c |
| 13-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
libc: tests: add testing infrastructure for _FORTIFY_SOURCE
The _FORTIFY_SOURCE tests will be generated by a lua script to avoid a
lot of redundancy in writing these tests. For each function that w
libc: tests: add testing infrastructure for _FORTIFY_SOURCE
The _FORTIFY_SOURCE tests will be generated by a lua script to avoid a
lot of redundancy in writing these tests. For each function that we're
fortifying, the plan is to test at least the following three scenarios:
- Writing up to one byte before the end of the buffer,
- Writing up to the end of the buffer,
- Writing one byte past the end of the buffer
The buffer is shoved into a struct on the stack to guarantee a stack
layout in which we have a valid byte after the buffer so that level 2
fortification will trip and we can have confidence that it wasn't some
other stack/memory protection instead.
The generated tests are divided roughly into which header we're
attributing them to so that we can parallelize the build -- the full set
is a bit over 9000 lines of C and takes 11s to build on the hardware
that I'm testing on if it's a single monolothic file.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45678
show more ...
|