1 /* @generated by `generate-fortify-tests.lua "stdio"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/resource.h> 8 #include <sys/time.h> 9 #include <sys/wait.h> 10 #include <dirent.h> 11 #include <errno.h> 12 #include <fcntl.h> 13 #include <limits.h> 14 #include <poll.h> 15 #include <signal.h> 16 #include <stdio.h> 17 #include <stdlib.h> 18 #include <string.h> 19 #include <strings.h> 20 #include <sysexits.h> 21 #include <unistd.h> 22 #include <wchar.h> 23 #include <atf-c.h> 24 25 static FILE * __unused 26 new_fp(size_t __len) 27 { 28 static char fpbuf[LINE_MAX]; 29 FILE *fp; 30 31 ATF_REQUIRE(__len <= sizeof(fpbuf)); 32 33 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 34 fpbuf[sizeof(fpbuf) - 1] = '\0'; 35 36 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 37 ATF_REQUIRE(fp != NULL); 38 39 return (fp); 40 } 41 42 /* 43 * Create a new symlink to use for readlink(2) style tests, we'll just use a 44 * random target name to have something interesting to look at. 45 */ 46 static const char * __unused 47 new_symlink(size_t __len) 48 { 49 static const char linkname[] = "link"; 50 char target[MAXNAMLEN]; 51 int error; 52 53 ATF_REQUIRE(__len <= sizeof(target)); 54 55 arc4random_buf(target, sizeof(target)); 56 57 error = unlink(linkname); 58 ATF_REQUIRE(error == 0 || errno == ENOENT); 59 60 error = symlink(target, linkname); 61 ATF_REQUIRE(error == 0); 62 63 return (linkname); 64 } 65 66 /* 67 * Constructs a tmpfile that we can use for testing read(2) and friends. 68 */ 69 static int __unused 70 new_tmpfile(void) 71 { 72 char buf[1024]; 73 ssize_t rv; 74 size_t written; 75 int fd; 76 77 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 78 ATF_REQUIRE(fd >= 0); 79 80 written = 0; 81 while (written < TMPFILE_SIZE) { 82 rv = write(fd, buf, sizeof(buf)); 83 ATF_REQUIRE(rv > 0); 84 85 written += rv; 86 } 87 88 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 89 return (fd); 90 } 91 92 static void 93 disable_coredumps(void) 94 { 95 struct rlimit rl = { 0 }; 96 97 if (setrlimit(RLIMIT_CORE, &rl) == -1) 98 _exit(EX_OSERR); 99 } 100 101 /* 102 * Replaces stdin with a file that we can actually read from, for tests where 103 * we want a FILE * or fd that we can get data from. 104 */ 105 static void __unused 106 replace_stdin(void) 107 { 108 int fd; 109 110 fd = new_tmpfile(); 111 112 (void)dup2(fd, STDIN_FILENO); 113 if (fd != STDIN_FILENO) 114 close(fd); 115 } 116 117 ATF_TC_WITHOUT_HEAD(ctermid_before_end); 118 ATF_TC_BODY(ctermid_before_end, tc) 119 { 120 #define BUF &__stack.__buf 121 struct { 122 uint8_t padding_l; 123 unsigned char __buf[L_ctermid + 1]; 124 uint8_t padding_r; 125 } __stack; 126 const size_t __bufsz __unused = sizeof(__stack.__buf); 127 const size_t __len = L_ctermid + 1; 128 const size_t __idx __unused = __len - 1; 129 130 ctermid(__stack.__buf); 131 #undef BUF 132 133 } 134 135 ATF_TC_WITHOUT_HEAD(ctermid_end); 136 ATF_TC_BODY(ctermid_end, tc) 137 { 138 #define BUF &__stack.__buf 139 struct { 140 uint8_t padding_l; 141 unsigned char __buf[L_ctermid]; 142 uint8_t padding_r; 143 } __stack; 144 const size_t __bufsz __unused = sizeof(__stack.__buf); 145 const size_t __len = L_ctermid; 146 const size_t __idx __unused = __len - 1; 147 148 ctermid(__stack.__buf); 149 #undef BUF 150 151 } 152 153 ATF_TC_WITHOUT_HEAD(ctermid_heap_before_end); 154 ATF_TC_BODY(ctermid_heap_before_end, tc) 155 { 156 #define BUF __stack.__buf 157 struct { 158 uint8_t padding_l; 159 unsigned char * __buf; 160 uint8_t padding_r; 161 } __stack; 162 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid + 1); 163 const size_t __len = L_ctermid + 1; 164 const size_t __idx __unused = __len - 1; 165 166 __stack.__buf = malloc(__bufsz); 167 168 ctermid(__stack.__buf); 169 #undef BUF 170 171 } 172 173 ATF_TC_WITHOUT_HEAD(ctermid_heap_end); 174 ATF_TC_BODY(ctermid_heap_end, tc) 175 { 176 #define BUF __stack.__buf 177 struct { 178 uint8_t padding_l; 179 unsigned char * __buf; 180 uint8_t padding_r; 181 } __stack; 182 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid); 183 const size_t __len = L_ctermid; 184 const size_t __idx __unused = __len - 1; 185 186 __stack.__buf = malloc(__bufsz); 187 188 ctermid(__stack.__buf); 189 #undef BUF 190 191 } 192 193 ATF_TC_WITHOUT_HEAD(ctermid_heap_after_end); 194 ATF_TC_BODY(ctermid_heap_after_end, tc) 195 { 196 #define BUF __stack.__buf 197 struct { 198 uint8_t padding_l; 199 unsigned char * __buf; 200 uint8_t padding_r; 201 } __stack; 202 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid - 1); 203 const size_t __len = L_ctermid - 1; 204 const size_t __idx __unused = __len - 1; 205 pid_t __child; 206 int __status; 207 208 __child = fork(); 209 ATF_REQUIRE(__child >= 0); 210 if (__child > 0) 211 goto monitor; 212 213 /* Child */ 214 disable_coredumps(); 215 __stack.__buf = malloc(__bufsz); 216 217 ctermid(__stack.__buf); 218 _exit(EX_SOFTWARE); /* Should have aborted. */ 219 220 monitor: 221 while (waitpid(__child, &__status, 0) != __child) { 222 ATF_REQUIRE_EQ(EINTR, errno); 223 } 224 225 if (!WIFSIGNALED(__status)) { 226 switch (WEXITSTATUS(__status)) { 227 case EX_SOFTWARE: 228 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 229 break; 230 case EX_OSERR: 231 atf_tc_fail("setrlimit(2) failed"); 232 break; 233 default: 234 atf_tc_fail("child exited with status %d", 235 WEXITSTATUS(__status)); 236 } 237 } else { 238 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 239 } 240 #undef BUF 241 242 } 243 244 ATF_TC_WITHOUT_HEAD(ctermid_r_before_end); 245 ATF_TC_BODY(ctermid_r_before_end, tc) 246 { 247 #define BUF &__stack.__buf 248 struct { 249 uint8_t padding_l; 250 unsigned char __buf[L_ctermid + 1]; 251 uint8_t padding_r; 252 } __stack; 253 const size_t __bufsz __unused = sizeof(__stack.__buf); 254 const size_t __len = L_ctermid + 1; 255 const size_t __idx __unused = __len - 1; 256 257 ctermid_r(__stack.__buf); 258 #undef BUF 259 260 } 261 262 ATF_TC_WITHOUT_HEAD(ctermid_r_end); 263 ATF_TC_BODY(ctermid_r_end, tc) 264 { 265 #define BUF &__stack.__buf 266 struct { 267 uint8_t padding_l; 268 unsigned char __buf[L_ctermid]; 269 uint8_t padding_r; 270 } __stack; 271 const size_t __bufsz __unused = sizeof(__stack.__buf); 272 const size_t __len = L_ctermid; 273 const size_t __idx __unused = __len - 1; 274 275 ctermid_r(__stack.__buf); 276 #undef BUF 277 278 } 279 280 ATF_TC_WITHOUT_HEAD(ctermid_r_heap_before_end); 281 ATF_TC_BODY(ctermid_r_heap_before_end, tc) 282 { 283 #define BUF __stack.__buf 284 struct { 285 uint8_t padding_l; 286 unsigned char * __buf; 287 uint8_t padding_r; 288 } __stack; 289 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid + 1); 290 const size_t __len = L_ctermid + 1; 291 const size_t __idx __unused = __len - 1; 292 293 __stack.__buf = malloc(__bufsz); 294 295 ctermid_r(__stack.__buf); 296 #undef BUF 297 298 } 299 300 ATF_TC_WITHOUT_HEAD(ctermid_r_heap_end); 301 ATF_TC_BODY(ctermid_r_heap_end, tc) 302 { 303 #define BUF __stack.__buf 304 struct { 305 uint8_t padding_l; 306 unsigned char * __buf; 307 uint8_t padding_r; 308 } __stack; 309 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid); 310 const size_t __len = L_ctermid; 311 const size_t __idx __unused = __len - 1; 312 313 __stack.__buf = malloc(__bufsz); 314 315 ctermid_r(__stack.__buf); 316 #undef BUF 317 318 } 319 320 ATF_TC_WITHOUT_HEAD(ctermid_r_heap_after_end); 321 ATF_TC_BODY(ctermid_r_heap_after_end, tc) 322 { 323 #define BUF __stack.__buf 324 struct { 325 uint8_t padding_l; 326 unsigned char * __buf; 327 uint8_t padding_r; 328 } __stack; 329 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid - 1); 330 const size_t __len = L_ctermid - 1; 331 const size_t __idx __unused = __len - 1; 332 pid_t __child; 333 int __status; 334 335 __child = fork(); 336 ATF_REQUIRE(__child >= 0); 337 if (__child > 0) 338 goto monitor; 339 340 /* Child */ 341 disable_coredumps(); 342 __stack.__buf = malloc(__bufsz); 343 344 ctermid_r(__stack.__buf); 345 _exit(EX_SOFTWARE); /* Should have aborted. */ 346 347 monitor: 348 while (waitpid(__child, &__status, 0) != __child) { 349 ATF_REQUIRE_EQ(EINTR, errno); 350 } 351 352 if (!WIFSIGNALED(__status)) { 353 switch (WEXITSTATUS(__status)) { 354 case EX_SOFTWARE: 355 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 356 break; 357 case EX_OSERR: 358 atf_tc_fail("setrlimit(2) failed"); 359 break; 360 default: 361 atf_tc_fail("child exited with status %d", 362 WEXITSTATUS(__status)); 363 } 364 } else { 365 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 366 } 367 #undef BUF 368 369 } 370 371 ATF_TC_WITHOUT_HEAD(fread_before_end); 372 ATF_TC_BODY(fread_before_end, tc) 373 { 374 #define BUF &__stack.__buf 375 struct { 376 uint8_t padding_l; 377 unsigned char __buf[42]; 378 uint8_t padding_r; 379 } __stack; 380 const size_t __bufsz __unused = sizeof(__stack.__buf); 381 const size_t __len = 42 - 1; 382 const size_t __idx __unused = __len - 1; 383 384 replace_stdin(); 385 386 fread(__stack.__buf, __len, 1, stdin); 387 #undef BUF 388 389 } 390 391 ATF_TC_WITHOUT_HEAD(fread_end); 392 ATF_TC_BODY(fread_end, tc) 393 { 394 #define BUF &__stack.__buf 395 struct { 396 uint8_t padding_l; 397 unsigned char __buf[42]; 398 uint8_t padding_r; 399 } __stack; 400 const size_t __bufsz __unused = sizeof(__stack.__buf); 401 const size_t __len = 42; 402 const size_t __idx __unused = __len - 1; 403 404 replace_stdin(); 405 406 fread(__stack.__buf, __len, 1, stdin); 407 #undef BUF 408 409 } 410 411 ATF_TC_WITHOUT_HEAD(fread_heap_before_end); 412 ATF_TC_BODY(fread_heap_before_end, tc) 413 { 414 #define BUF __stack.__buf 415 struct { 416 uint8_t padding_l; 417 unsigned char * __buf; 418 uint8_t padding_r; 419 } __stack; 420 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 421 const size_t __len = 42 - 1; 422 const size_t __idx __unused = __len - 1; 423 424 __stack.__buf = malloc(__bufsz); 425 replace_stdin(); 426 427 fread(__stack.__buf, __len, 1, stdin); 428 #undef BUF 429 430 } 431 432 ATF_TC_WITHOUT_HEAD(fread_heap_end); 433 ATF_TC_BODY(fread_heap_end, tc) 434 { 435 #define BUF __stack.__buf 436 struct { 437 uint8_t padding_l; 438 unsigned char * __buf; 439 uint8_t padding_r; 440 } __stack; 441 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 442 const size_t __len = 42; 443 const size_t __idx __unused = __len - 1; 444 445 __stack.__buf = malloc(__bufsz); 446 replace_stdin(); 447 448 fread(__stack.__buf, __len, 1, stdin); 449 #undef BUF 450 451 } 452 453 ATF_TC_WITHOUT_HEAD(fread_heap_after_end); 454 ATF_TC_BODY(fread_heap_after_end, tc) 455 { 456 #define BUF __stack.__buf 457 struct { 458 uint8_t padding_l; 459 unsigned char * __buf; 460 uint8_t padding_r; 461 } __stack; 462 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 463 const size_t __len = 42 + 1; 464 const size_t __idx __unused = __len - 1; 465 pid_t __child; 466 int __status; 467 468 __child = fork(); 469 ATF_REQUIRE(__child >= 0); 470 if (__child > 0) 471 goto monitor; 472 473 /* Child */ 474 disable_coredumps(); 475 __stack.__buf = malloc(__bufsz); 476 replace_stdin(); 477 478 fread(__stack.__buf, __len, 1, stdin); 479 _exit(EX_SOFTWARE); /* Should have aborted. */ 480 481 monitor: 482 while (waitpid(__child, &__status, 0) != __child) { 483 ATF_REQUIRE_EQ(EINTR, errno); 484 } 485 486 if (!WIFSIGNALED(__status)) { 487 switch (WEXITSTATUS(__status)) { 488 case EX_SOFTWARE: 489 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 490 break; 491 case EX_OSERR: 492 atf_tc_fail("setrlimit(2) failed"); 493 break; 494 default: 495 atf_tc_fail("child exited with status %d", 496 WEXITSTATUS(__status)); 497 } 498 } else { 499 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 500 } 501 #undef BUF 502 503 } 504 505 ATF_TC_WITHOUT_HEAD(fread_unlocked_before_end); 506 ATF_TC_BODY(fread_unlocked_before_end, tc) 507 { 508 #define BUF &__stack.__buf 509 struct { 510 uint8_t padding_l; 511 unsigned char __buf[42]; 512 uint8_t padding_r; 513 } __stack; 514 const size_t __bufsz __unused = sizeof(__stack.__buf); 515 const size_t __len = 42 - 1; 516 const size_t __idx __unused = __len - 1; 517 518 replace_stdin(); 519 520 fread_unlocked(__stack.__buf, __len, 1, stdin); 521 #undef BUF 522 523 } 524 525 ATF_TC_WITHOUT_HEAD(fread_unlocked_end); 526 ATF_TC_BODY(fread_unlocked_end, tc) 527 { 528 #define BUF &__stack.__buf 529 struct { 530 uint8_t padding_l; 531 unsigned char __buf[42]; 532 uint8_t padding_r; 533 } __stack; 534 const size_t __bufsz __unused = sizeof(__stack.__buf); 535 const size_t __len = 42; 536 const size_t __idx __unused = __len - 1; 537 538 replace_stdin(); 539 540 fread_unlocked(__stack.__buf, __len, 1, stdin); 541 #undef BUF 542 543 } 544 545 ATF_TC_WITHOUT_HEAD(fread_unlocked_heap_before_end); 546 ATF_TC_BODY(fread_unlocked_heap_before_end, tc) 547 { 548 #define BUF __stack.__buf 549 struct { 550 uint8_t padding_l; 551 unsigned char * __buf; 552 uint8_t padding_r; 553 } __stack; 554 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 555 const size_t __len = 42 - 1; 556 const size_t __idx __unused = __len - 1; 557 558 __stack.__buf = malloc(__bufsz); 559 replace_stdin(); 560 561 fread_unlocked(__stack.__buf, __len, 1, stdin); 562 #undef BUF 563 564 } 565 566 ATF_TC_WITHOUT_HEAD(fread_unlocked_heap_end); 567 ATF_TC_BODY(fread_unlocked_heap_end, tc) 568 { 569 #define BUF __stack.__buf 570 struct { 571 uint8_t padding_l; 572 unsigned char * __buf; 573 uint8_t padding_r; 574 } __stack; 575 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 576 const size_t __len = 42; 577 const size_t __idx __unused = __len - 1; 578 579 __stack.__buf = malloc(__bufsz); 580 replace_stdin(); 581 582 fread_unlocked(__stack.__buf, __len, 1, stdin); 583 #undef BUF 584 585 } 586 587 ATF_TC_WITHOUT_HEAD(fread_unlocked_heap_after_end); 588 ATF_TC_BODY(fread_unlocked_heap_after_end, tc) 589 { 590 #define BUF __stack.__buf 591 struct { 592 uint8_t padding_l; 593 unsigned char * __buf; 594 uint8_t padding_r; 595 } __stack; 596 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 597 const size_t __len = 42 + 1; 598 const size_t __idx __unused = __len - 1; 599 pid_t __child; 600 int __status; 601 602 __child = fork(); 603 ATF_REQUIRE(__child >= 0); 604 if (__child > 0) 605 goto monitor; 606 607 /* Child */ 608 disable_coredumps(); 609 __stack.__buf = malloc(__bufsz); 610 replace_stdin(); 611 612 fread_unlocked(__stack.__buf, __len, 1, stdin); 613 _exit(EX_SOFTWARE); /* Should have aborted. */ 614 615 monitor: 616 while (waitpid(__child, &__status, 0) != __child) { 617 ATF_REQUIRE_EQ(EINTR, errno); 618 } 619 620 if (!WIFSIGNALED(__status)) { 621 switch (WEXITSTATUS(__status)) { 622 case EX_SOFTWARE: 623 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 624 break; 625 case EX_OSERR: 626 atf_tc_fail("setrlimit(2) failed"); 627 break; 628 default: 629 atf_tc_fail("child exited with status %d", 630 WEXITSTATUS(__status)); 631 } 632 } else { 633 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 634 } 635 #undef BUF 636 637 } 638 639 ATF_TC_WITHOUT_HEAD(gets_s_before_end); 640 ATF_TC_BODY(gets_s_before_end, tc) 641 { 642 #define BUF &__stack.__buf 643 struct { 644 uint8_t padding_l; 645 unsigned char __buf[42]; 646 uint8_t padding_r; 647 } __stack; 648 const size_t __bufsz __unused = sizeof(__stack.__buf); 649 const size_t __len = 42 - 1; 650 const size_t __idx __unused = __len - 1; 651 652 replace_stdin(); 653 654 gets_s(__stack.__buf, __len); 655 #undef BUF 656 657 } 658 659 ATF_TC_WITHOUT_HEAD(gets_s_end); 660 ATF_TC_BODY(gets_s_end, tc) 661 { 662 #define BUF &__stack.__buf 663 struct { 664 uint8_t padding_l; 665 unsigned char __buf[42]; 666 uint8_t padding_r; 667 } __stack; 668 const size_t __bufsz __unused = sizeof(__stack.__buf); 669 const size_t __len = 42; 670 const size_t __idx __unused = __len - 1; 671 672 replace_stdin(); 673 674 gets_s(__stack.__buf, __len); 675 #undef BUF 676 677 } 678 679 ATF_TC_WITHOUT_HEAD(gets_s_heap_before_end); 680 ATF_TC_BODY(gets_s_heap_before_end, tc) 681 { 682 #define BUF __stack.__buf 683 struct { 684 uint8_t padding_l; 685 unsigned char * __buf; 686 uint8_t padding_r; 687 } __stack; 688 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 689 const size_t __len = 42 - 1; 690 const size_t __idx __unused = __len - 1; 691 692 __stack.__buf = malloc(__bufsz); 693 replace_stdin(); 694 695 gets_s(__stack.__buf, __len); 696 #undef BUF 697 698 } 699 700 ATF_TC_WITHOUT_HEAD(gets_s_heap_end); 701 ATF_TC_BODY(gets_s_heap_end, tc) 702 { 703 #define BUF __stack.__buf 704 struct { 705 uint8_t padding_l; 706 unsigned char * __buf; 707 uint8_t padding_r; 708 } __stack; 709 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 710 const size_t __len = 42; 711 const size_t __idx __unused = __len - 1; 712 713 __stack.__buf = malloc(__bufsz); 714 replace_stdin(); 715 716 gets_s(__stack.__buf, __len); 717 #undef BUF 718 719 } 720 721 ATF_TC_WITHOUT_HEAD(gets_s_heap_after_end); 722 ATF_TC_BODY(gets_s_heap_after_end, tc) 723 { 724 #define BUF __stack.__buf 725 struct { 726 uint8_t padding_l; 727 unsigned char * __buf; 728 uint8_t padding_r; 729 } __stack; 730 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 731 const size_t __len = 42 + 1; 732 const size_t __idx __unused = __len - 1; 733 pid_t __child; 734 int __status; 735 736 __child = fork(); 737 ATF_REQUIRE(__child >= 0); 738 if (__child > 0) 739 goto monitor; 740 741 /* Child */ 742 disable_coredumps(); 743 __stack.__buf = malloc(__bufsz); 744 replace_stdin(); 745 746 gets_s(__stack.__buf, __len); 747 _exit(EX_SOFTWARE); /* Should have aborted. */ 748 749 monitor: 750 while (waitpid(__child, &__status, 0) != __child) { 751 ATF_REQUIRE_EQ(EINTR, errno); 752 } 753 754 if (!WIFSIGNALED(__status)) { 755 switch (WEXITSTATUS(__status)) { 756 case EX_SOFTWARE: 757 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 758 break; 759 case EX_OSERR: 760 atf_tc_fail("setrlimit(2) failed"); 761 break; 762 default: 763 atf_tc_fail("child exited with status %d", 764 WEXITSTATUS(__status)); 765 } 766 } else { 767 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 768 } 769 #undef BUF 770 771 } 772 773 ATF_TC_WITHOUT_HEAD(sprintf_before_end); 774 ATF_TC_BODY(sprintf_before_end, tc) 775 { 776 #define BUF &__stack.__buf 777 struct { 778 uint8_t padding_l; 779 unsigned char __buf[42]; 780 uint8_t padding_r; 781 } __stack; 782 const size_t __bufsz __unused = sizeof(__stack.__buf); 783 const size_t __len = 42 - 1; 784 const size_t __idx __unused = __len - 1; 785 char srcvar[__len + 10]; 786 787 memset(srcvar, 'A', sizeof(srcvar) - 1); 788 srcvar[sizeof(srcvar) - 1] = '\0'; 789 790 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 791 #undef BUF 792 793 } 794 795 ATF_TC_WITHOUT_HEAD(sprintf_end); 796 ATF_TC_BODY(sprintf_end, tc) 797 { 798 #define BUF &__stack.__buf 799 struct { 800 uint8_t padding_l; 801 unsigned char __buf[42]; 802 uint8_t padding_r; 803 } __stack; 804 const size_t __bufsz __unused = sizeof(__stack.__buf); 805 const size_t __len = 42; 806 const size_t __idx __unused = __len - 1; 807 char srcvar[__len + 10]; 808 809 memset(srcvar, 'A', sizeof(srcvar) - 1); 810 srcvar[sizeof(srcvar) - 1] = '\0'; 811 812 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 813 #undef BUF 814 815 } 816 817 ATF_TC_WITHOUT_HEAD(sprintf_heap_before_end); 818 ATF_TC_BODY(sprintf_heap_before_end, tc) 819 { 820 #define BUF __stack.__buf 821 struct { 822 uint8_t padding_l; 823 unsigned char * __buf; 824 uint8_t padding_r; 825 } __stack; 826 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 827 const size_t __len = 42 - 1; 828 const size_t __idx __unused = __len - 1; 829 char srcvar[__len + 10]; 830 831 __stack.__buf = malloc(__bufsz); 832 memset(srcvar, 'A', sizeof(srcvar) - 1); 833 srcvar[sizeof(srcvar) - 1] = '\0'; 834 835 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 836 #undef BUF 837 838 } 839 840 ATF_TC_WITHOUT_HEAD(sprintf_heap_end); 841 ATF_TC_BODY(sprintf_heap_end, tc) 842 { 843 #define BUF __stack.__buf 844 struct { 845 uint8_t padding_l; 846 unsigned char * __buf; 847 uint8_t padding_r; 848 } __stack; 849 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 850 const size_t __len = 42; 851 const size_t __idx __unused = __len - 1; 852 char srcvar[__len + 10]; 853 854 __stack.__buf = malloc(__bufsz); 855 memset(srcvar, 'A', sizeof(srcvar) - 1); 856 srcvar[sizeof(srcvar) - 1] = '\0'; 857 858 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 859 #undef BUF 860 861 } 862 863 ATF_TC_WITHOUT_HEAD(sprintf_heap_after_end); 864 ATF_TC_BODY(sprintf_heap_after_end, tc) 865 { 866 #define BUF __stack.__buf 867 struct { 868 uint8_t padding_l; 869 unsigned char * __buf; 870 uint8_t padding_r; 871 } __stack; 872 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 873 const size_t __len = 42 + 1; 874 const size_t __idx __unused = __len - 1; 875 pid_t __child; 876 int __status; 877 char srcvar[__len + 10]; 878 879 __child = fork(); 880 ATF_REQUIRE(__child >= 0); 881 if (__child > 0) 882 goto monitor; 883 884 /* Child */ 885 disable_coredumps(); 886 __stack.__buf = malloc(__bufsz); 887 memset(srcvar, 'A', sizeof(srcvar) - 1); 888 srcvar[sizeof(srcvar) - 1] = '\0'; 889 890 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 891 _exit(EX_SOFTWARE); /* Should have aborted. */ 892 893 monitor: 894 while (waitpid(__child, &__status, 0) != __child) { 895 ATF_REQUIRE_EQ(EINTR, errno); 896 } 897 898 if (!WIFSIGNALED(__status)) { 899 switch (WEXITSTATUS(__status)) { 900 case EX_SOFTWARE: 901 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 902 break; 903 case EX_OSERR: 904 atf_tc_fail("setrlimit(2) failed"); 905 break; 906 default: 907 atf_tc_fail("child exited with status %d", 908 WEXITSTATUS(__status)); 909 } 910 } else { 911 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 912 } 913 #undef BUF 914 915 } 916 917 ATF_TC_WITHOUT_HEAD(snprintf_before_end); 918 ATF_TC_BODY(snprintf_before_end, tc) 919 { 920 #define BUF &__stack.__buf 921 struct { 922 uint8_t padding_l; 923 unsigned char __buf[42]; 924 uint8_t padding_r; 925 } __stack; 926 const size_t __bufsz __unused = sizeof(__stack.__buf); 927 const size_t __len = 42 - 1; 928 const size_t __idx __unused = __len - 1; 929 char srcvar[__len + 10]; 930 931 memset(srcvar, 'A', sizeof(srcvar) - 1); 932 srcvar[sizeof(srcvar) - 1] = '\0'; 933 934 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 935 #undef BUF 936 937 } 938 939 ATF_TC_WITHOUT_HEAD(snprintf_end); 940 ATF_TC_BODY(snprintf_end, tc) 941 { 942 #define BUF &__stack.__buf 943 struct { 944 uint8_t padding_l; 945 unsigned char __buf[42]; 946 uint8_t padding_r; 947 } __stack; 948 const size_t __bufsz __unused = sizeof(__stack.__buf); 949 const size_t __len = 42; 950 const size_t __idx __unused = __len - 1; 951 char srcvar[__len + 10]; 952 953 memset(srcvar, 'A', sizeof(srcvar) - 1); 954 srcvar[sizeof(srcvar) - 1] = '\0'; 955 956 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 957 #undef BUF 958 959 } 960 961 ATF_TC_WITHOUT_HEAD(snprintf_heap_before_end); 962 ATF_TC_BODY(snprintf_heap_before_end, tc) 963 { 964 #define BUF __stack.__buf 965 struct { 966 uint8_t padding_l; 967 unsigned char * __buf; 968 uint8_t padding_r; 969 } __stack; 970 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 971 const size_t __len = 42 - 1; 972 const size_t __idx __unused = __len - 1; 973 char srcvar[__len + 10]; 974 975 __stack.__buf = malloc(__bufsz); 976 memset(srcvar, 'A', sizeof(srcvar) - 1); 977 srcvar[sizeof(srcvar) - 1] = '\0'; 978 979 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 980 #undef BUF 981 982 } 983 984 ATF_TC_WITHOUT_HEAD(snprintf_heap_end); 985 ATF_TC_BODY(snprintf_heap_end, tc) 986 { 987 #define BUF __stack.__buf 988 struct { 989 uint8_t padding_l; 990 unsigned char * __buf; 991 uint8_t padding_r; 992 } __stack; 993 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 994 const size_t __len = 42; 995 const size_t __idx __unused = __len - 1; 996 char srcvar[__len + 10]; 997 998 __stack.__buf = malloc(__bufsz); 999 memset(srcvar, 'A', sizeof(srcvar) - 1); 1000 srcvar[sizeof(srcvar) - 1] = '\0'; 1001 1002 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 1003 #undef BUF 1004 1005 } 1006 1007 ATF_TC_WITHOUT_HEAD(snprintf_heap_after_end); 1008 ATF_TC_BODY(snprintf_heap_after_end, tc) 1009 { 1010 #define BUF __stack.__buf 1011 struct { 1012 uint8_t padding_l; 1013 unsigned char * __buf; 1014 uint8_t padding_r; 1015 } __stack; 1016 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1017 const size_t __len = 42 + 1; 1018 const size_t __idx __unused = __len - 1; 1019 pid_t __child; 1020 int __status; 1021 char srcvar[__len + 10]; 1022 1023 __child = fork(); 1024 ATF_REQUIRE(__child >= 0); 1025 if (__child > 0) 1026 goto monitor; 1027 1028 /* Child */ 1029 disable_coredumps(); 1030 __stack.__buf = malloc(__bufsz); 1031 memset(srcvar, 'A', sizeof(srcvar) - 1); 1032 srcvar[sizeof(srcvar) - 1] = '\0'; 1033 1034 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 1035 _exit(EX_SOFTWARE); /* Should have aborted. */ 1036 1037 monitor: 1038 while (waitpid(__child, &__status, 0) != __child) { 1039 ATF_REQUIRE_EQ(EINTR, errno); 1040 } 1041 1042 if (!WIFSIGNALED(__status)) { 1043 switch (WEXITSTATUS(__status)) { 1044 case EX_SOFTWARE: 1045 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1046 break; 1047 case EX_OSERR: 1048 atf_tc_fail("setrlimit(2) failed"); 1049 break; 1050 default: 1051 atf_tc_fail("child exited with status %d", 1052 WEXITSTATUS(__status)); 1053 } 1054 } else { 1055 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1056 } 1057 #undef BUF 1058 1059 } 1060 1061 ATF_TC_WITHOUT_HEAD(tmpnam_before_end); 1062 ATF_TC_BODY(tmpnam_before_end, tc) 1063 { 1064 #define BUF &__stack.__buf 1065 struct { 1066 uint8_t padding_l; 1067 unsigned char __buf[L_tmpnam + 1]; 1068 uint8_t padding_r; 1069 } __stack; 1070 const size_t __bufsz __unused = sizeof(__stack.__buf); 1071 const size_t __len = L_tmpnam + 1; 1072 const size_t __idx __unused = __len - 1; 1073 1074 tmpnam(__stack.__buf); 1075 #undef BUF 1076 1077 } 1078 1079 ATF_TC_WITHOUT_HEAD(tmpnam_end); 1080 ATF_TC_BODY(tmpnam_end, tc) 1081 { 1082 #define BUF &__stack.__buf 1083 struct { 1084 uint8_t padding_l; 1085 unsigned char __buf[L_tmpnam]; 1086 uint8_t padding_r; 1087 } __stack; 1088 const size_t __bufsz __unused = sizeof(__stack.__buf); 1089 const size_t __len = L_tmpnam; 1090 const size_t __idx __unused = __len - 1; 1091 1092 tmpnam(__stack.__buf); 1093 #undef BUF 1094 1095 } 1096 1097 ATF_TC_WITHOUT_HEAD(tmpnam_heap_before_end); 1098 ATF_TC_BODY(tmpnam_heap_before_end, tc) 1099 { 1100 #define BUF __stack.__buf 1101 struct { 1102 uint8_t padding_l; 1103 unsigned char * __buf; 1104 uint8_t padding_r; 1105 } __stack; 1106 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam + 1); 1107 const size_t __len = L_tmpnam + 1; 1108 const size_t __idx __unused = __len - 1; 1109 1110 __stack.__buf = malloc(__bufsz); 1111 1112 tmpnam(__stack.__buf); 1113 #undef BUF 1114 1115 } 1116 1117 ATF_TC_WITHOUT_HEAD(tmpnam_heap_end); 1118 ATF_TC_BODY(tmpnam_heap_end, tc) 1119 { 1120 #define BUF __stack.__buf 1121 struct { 1122 uint8_t padding_l; 1123 unsigned char * __buf; 1124 uint8_t padding_r; 1125 } __stack; 1126 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam); 1127 const size_t __len = L_tmpnam; 1128 const size_t __idx __unused = __len - 1; 1129 1130 __stack.__buf = malloc(__bufsz); 1131 1132 tmpnam(__stack.__buf); 1133 #undef BUF 1134 1135 } 1136 1137 ATF_TC_WITHOUT_HEAD(tmpnam_heap_after_end); 1138 ATF_TC_BODY(tmpnam_heap_after_end, tc) 1139 { 1140 #define BUF __stack.__buf 1141 struct { 1142 uint8_t padding_l; 1143 unsigned char * __buf; 1144 uint8_t padding_r; 1145 } __stack; 1146 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam - 1); 1147 const size_t __len = L_tmpnam - 1; 1148 const size_t __idx __unused = __len - 1; 1149 pid_t __child; 1150 int __status; 1151 1152 __child = fork(); 1153 ATF_REQUIRE(__child >= 0); 1154 if (__child > 0) 1155 goto monitor; 1156 1157 /* Child */ 1158 disable_coredumps(); 1159 __stack.__buf = malloc(__bufsz); 1160 1161 tmpnam(__stack.__buf); 1162 _exit(EX_SOFTWARE); /* Should have aborted. */ 1163 1164 monitor: 1165 while (waitpid(__child, &__status, 0) != __child) { 1166 ATF_REQUIRE_EQ(EINTR, errno); 1167 } 1168 1169 if (!WIFSIGNALED(__status)) { 1170 switch (WEXITSTATUS(__status)) { 1171 case EX_SOFTWARE: 1172 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1173 break; 1174 case EX_OSERR: 1175 atf_tc_fail("setrlimit(2) failed"); 1176 break; 1177 default: 1178 atf_tc_fail("child exited with status %d", 1179 WEXITSTATUS(__status)); 1180 } 1181 } else { 1182 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1183 } 1184 #undef BUF 1185 1186 } 1187 1188 ATF_TC_WITHOUT_HEAD(fgets_before_end); 1189 ATF_TC_BODY(fgets_before_end, tc) 1190 { 1191 #define BUF &__stack.__buf 1192 struct { 1193 uint8_t padding_l; 1194 unsigned char __buf[42]; 1195 uint8_t padding_r; 1196 } __stack; 1197 const size_t __bufsz __unused = sizeof(__stack.__buf); 1198 const size_t __len = 42 - 1; 1199 const size_t __idx __unused = __len - 1; 1200 FILE *fp; 1201 1202 fp = new_fp(__len); 1203 1204 fgets(__stack.__buf, __len, fp); 1205 #undef BUF 1206 1207 } 1208 1209 ATF_TC_WITHOUT_HEAD(fgets_end); 1210 ATF_TC_BODY(fgets_end, tc) 1211 { 1212 #define BUF &__stack.__buf 1213 struct { 1214 uint8_t padding_l; 1215 unsigned char __buf[42]; 1216 uint8_t padding_r; 1217 } __stack; 1218 const size_t __bufsz __unused = sizeof(__stack.__buf); 1219 const size_t __len = 42; 1220 const size_t __idx __unused = __len - 1; 1221 FILE *fp; 1222 1223 fp = new_fp(__len); 1224 1225 fgets(__stack.__buf, __len, fp); 1226 #undef BUF 1227 1228 } 1229 1230 ATF_TC_WITHOUT_HEAD(fgets_heap_before_end); 1231 ATF_TC_BODY(fgets_heap_before_end, tc) 1232 { 1233 #define BUF __stack.__buf 1234 struct { 1235 uint8_t padding_l; 1236 unsigned char * __buf; 1237 uint8_t padding_r; 1238 } __stack; 1239 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1240 const size_t __len = 42 - 1; 1241 const size_t __idx __unused = __len - 1; 1242 FILE *fp; 1243 1244 __stack.__buf = malloc(__bufsz); 1245 fp = new_fp(__len); 1246 1247 fgets(__stack.__buf, __len, fp); 1248 #undef BUF 1249 1250 } 1251 1252 ATF_TC_WITHOUT_HEAD(fgets_heap_end); 1253 ATF_TC_BODY(fgets_heap_end, tc) 1254 { 1255 #define BUF __stack.__buf 1256 struct { 1257 uint8_t padding_l; 1258 unsigned char * __buf; 1259 uint8_t padding_r; 1260 } __stack; 1261 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1262 const size_t __len = 42; 1263 const size_t __idx __unused = __len - 1; 1264 FILE *fp; 1265 1266 __stack.__buf = malloc(__bufsz); 1267 fp = new_fp(__len); 1268 1269 fgets(__stack.__buf, __len, fp); 1270 #undef BUF 1271 1272 } 1273 1274 ATF_TC_WITHOUT_HEAD(fgets_heap_after_end); 1275 ATF_TC_BODY(fgets_heap_after_end, tc) 1276 { 1277 #define BUF __stack.__buf 1278 struct { 1279 uint8_t padding_l; 1280 unsigned char * __buf; 1281 uint8_t padding_r; 1282 } __stack; 1283 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1284 const size_t __len = 42 + 1; 1285 const size_t __idx __unused = __len - 1; 1286 pid_t __child; 1287 int __status; 1288 FILE *fp; 1289 1290 __child = fork(); 1291 ATF_REQUIRE(__child >= 0); 1292 if (__child > 0) 1293 goto monitor; 1294 1295 /* Child */ 1296 disable_coredumps(); 1297 __stack.__buf = malloc(__bufsz); 1298 fp = new_fp(__len); 1299 1300 fgets(__stack.__buf, __len, fp); 1301 _exit(EX_SOFTWARE); /* Should have aborted. */ 1302 1303 monitor: 1304 while (waitpid(__child, &__status, 0) != __child) { 1305 ATF_REQUIRE_EQ(EINTR, errno); 1306 } 1307 1308 if (!WIFSIGNALED(__status)) { 1309 switch (WEXITSTATUS(__status)) { 1310 case EX_SOFTWARE: 1311 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1312 break; 1313 case EX_OSERR: 1314 atf_tc_fail("setrlimit(2) failed"); 1315 break; 1316 default: 1317 atf_tc_fail("child exited with status %d", 1318 WEXITSTATUS(__status)); 1319 } 1320 } else { 1321 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1322 } 1323 #undef BUF 1324 1325 } 1326 1327 ATF_TP_ADD_TCS(tp) 1328 { 1329 ATF_TP_ADD_TC(tp, ctermid_before_end); 1330 ATF_TP_ADD_TC(tp, ctermid_end); 1331 ATF_TP_ADD_TC(tp, ctermid_heap_before_end); 1332 ATF_TP_ADD_TC(tp, ctermid_heap_end); 1333 ATF_TP_ADD_TC(tp, ctermid_heap_after_end); 1334 ATF_TP_ADD_TC(tp, ctermid_r_before_end); 1335 ATF_TP_ADD_TC(tp, ctermid_r_end); 1336 ATF_TP_ADD_TC(tp, ctermid_r_heap_before_end); 1337 ATF_TP_ADD_TC(tp, ctermid_r_heap_end); 1338 ATF_TP_ADD_TC(tp, ctermid_r_heap_after_end); 1339 ATF_TP_ADD_TC(tp, fread_before_end); 1340 ATF_TP_ADD_TC(tp, fread_end); 1341 ATF_TP_ADD_TC(tp, fread_heap_before_end); 1342 ATF_TP_ADD_TC(tp, fread_heap_end); 1343 ATF_TP_ADD_TC(tp, fread_heap_after_end); 1344 ATF_TP_ADD_TC(tp, fread_unlocked_before_end); 1345 ATF_TP_ADD_TC(tp, fread_unlocked_end); 1346 ATF_TP_ADD_TC(tp, fread_unlocked_heap_before_end); 1347 ATF_TP_ADD_TC(tp, fread_unlocked_heap_end); 1348 ATF_TP_ADD_TC(tp, fread_unlocked_heap_after_end); 1349 ATF_TP_ADD_TC(tp, gets_s_before_end); 1350 ATF_TP_ADD_TC(tp, gets_s_end); 1351 ATF_TP_ADD_TC(tp, gets_s_heap_before_end); 1352 ATF_TP_ADD_TC(tp, gets_s_heap_end); 1353 ATF_TP_ADD_TC(tp, gets_s_heap_after_end); 1354 ATF_TP_ADD_TC(tp, sprintf_before_end); 1355 ATF_TP_ADD_TC(tp, sprintf_end); 1356 ATF_TP_ADD_TC(tp, sprintf_heap_before_end); 1357 ATF_TP_ADD_TC(tp, sprintf_heap_end); 1358 ATF_TP_ADD_TC(tp, sprintf_heap_after_end); 1359 ATF_TP_ADD_TC(tp, snprintf_before_end); 1360 ATF_TP_ADD_TC(tp, snprintf_end); 1361 ATF_TP_ADD_TC(tp, snprintf_heap_before_end); 1362 ATF_TP_ADD_TC(tp, snprintf_heap_end); 1363 ATF_TP_ADD_TC(tp, snprintf_heap_after_end); 1364 ATF_TP_ADD_TC(tp, tmpnam_before_end); 1365 ATF_TP_ADD_TC(tp, tmpnam_end); 1366 ATF_TP_ADD_TC(tp, tmpnam_heap_before_end); 1367 ATF_TP_ADD_TC(tp, tmpnam_heap_end); 1368 ATF_TP_ADD_TC(tp, tmpnam_heap_after_end); 1369 ATF_TP_ADD_TC(tp, fgets_before_end); 1370 ATF_TP_ADD_TC(tp, fgets_end); 1371 ATF_TP_ADD_TC(tp, fgets_heap_before_end); 1372 ATF_TP_ADD_TC(tp, fgets_heap_end); 1373 ATF_TP_ADD_TC(tp, fgets_heap_after_end); 1374 return (atf_no_error()); 1375 } 1376