1 /* @generated by `generate-fortify-tests.lua "string"` */
2
3 #define _FORTIFY_SOURCE 2
4 #define TMPFILE_SIZE (1024 * 32)
5
6 #include <sys/param.h>
7 #include <sys/jail.h>
8 #include <sys/random.h>
9 #include <sys/resource.h>
10 #include <sys/select.h>
11 #include <sys/socket.h>
12 #include <sys/time.h>
13 #include <sys/uio.h>
14 #include <sys/wait.h>
15 #include <dirent.h>
16 #include <errno.h>
17 #include <fcntl.h>
18 #include <limits.h>
19 #include <poll.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <strings.h>
25 #include <sysexits.h>
26 #include <unistd.h>
27 #include <wchar.h>
28 #include <atf-c.h>
29
30 static FILE * __unused
new_fp(size_t __len)31 new_fp(size_t __len)
32 {
33 static char fpbuf[LINE_MAX];
34 FILE *fp;
35
36 ATF_REQUIRE(__len <= sizeof(fpbuf));
37
38 memset(fpbuf, 'A', sizeof(fpbuf) - 1);
39 fpbuf[sizeof(fpbuf) - 1] = '\0';
40
41 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb");
42 ATF_REQUIRE(fp != NULL);
43
44 return (fp);
45 }
46
47 /*
48 * Create a new symlink to use for readlink(2) style tests, we'll just use a
49 * random target name to have something interesting to look at.
50 */
51 static const char * __unused
new_symlink(size_t __len)52 new_symlink(size_t __len)
53 {
54 static const char linkname[] = "link";
55 char target[MAXNAMLEN];
56 int error;
57
58 ATF_REQUIRE(__len <= sizeof(target));
59
60 arc4random_buf(target, sizeof(target));
61
62 error = unlink(linkname);
63 ATF_REQUIRE(error == 0 || errno == ENOENT);
64
65 error = symlink(target, linkname);
66 ATF_REQUIRE(error == 0);
67
68 return (linkname);
69 }
70
71 /*
72 * For our purposes, first descriptor will be the reader; we'll send both
73 * raw data and a control message over it so that the result can be used for
74 * any of our recv*() tests.
75 */
76 static void __unused
new_socket(int sock[2])77 new_socket(int sock[2])
78 {
79 unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 };
80 static char sockbuf[256];
81 ssize_t rv;
82 size_t total = 0;
83 struct msghdr hdr = { 0 };
84 struct cmsghdr *cmsg;
85 int error, fd;
86
87 error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
88 ATF_REQUIRE(error == 0);
89
90 while (total != sizeof(sockbuf)) {
91 rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0);
92
93 ATF_REQUIRE_MSG(rv > 0,
94 "expected bytes sent, got %zd with %zu left (size %zu, total %zu)",
95 rv, sizeof(sockbuf) - total, sizeof(sockbuf), total);
96 ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf),
97 "%zd exceeds total %zu", rv, sizeof(sockbuf));
98 total += rv;
99 }
100
101 hdr.msg_control = ctrl;
102 hdr.msg_controllen = sizeof(ctrl);
103
104 cmsg = CMSG_FIRSTHDR(&hdr);
105 cmsg->cmsg_level = SOL_SOCKET;
106 cmsg->cmsg_type = SCM_RIGHTS;
107 cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
108 fd = STDIN_FILENO;
109 memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
110
111 error = sendmsg(sock[1], &hdr, 0);
112 ATF_REQUIRE(error != -1);
113 }
114
115 /*
116 * Constructs a tmpfile that we can use for testing read(2) and friends.
117 */
118 static int __unused
new_tmpfile(void)119 new_tmpfile(void)
120 {
121 char buf[1024];
122 ssize_t rv;
123 size_t written;
124 int fd;
125
126 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644);
127 ATF_REQUIRE(fd >= 0);
128
129 written = 0;
130 while (written < TMPFILE_SIZE) {
131 rv = write(fd, buf, sizeof(buf));
132 ATF_REQUIRE(rv > 0);
133
134 written += rv;
135 }
136
137 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET));
138 return (fd);
139 }
140
141 static void
disable_coredumps(void)142 disable_coredumps(void)
143 {
144 struct rlimit rl = { 0 };
145
146 if (setrlimit(RLIMIT_CORE, &rl) == -1)
147 _exit(EX_OSERR);
148 }
149
150 /*
151 * Replaces stdin with a file that we can actually read from, for tests where
152 * we want a FILE * or fd that we can get data from.
153 */
154 static void __unused
replace_stdin(void)155 replace_stdin(void)
156 {
157 int fd;
158
159 fd = new_tmpfile();
160
161 (void)dup2(fd, STDIN_FILENO);
162 if (fd != STDIN_FILENO)
163 close(fd);
164 }
165
166 ATF_TC(memcpy_before_end);
ATF_TC_HEAD(memcpy_before_end,tc)167 ATF_TC_HEAD(memcpy_before_end, tc)
168 {
169 }
ATF_TC_BODY(memcpy_before_end,tc)170 ATF_TC_BODY(memcpy_before_end, tc)
171 {
172 #define BUF &__stack.__buf
173 struct {
174 uint8_t padding_l;
175 unsigned char __buf[42];
176 uint8_t padding_r;
177 } __stack;
178 const size_t __bufsz __unused = sizeof(__stack.__buf);
179 const size_t __len = 42 - 1;
180 const size_t __idx __unused = __len - 1;
181 char src[__len + 10];
182
183 memcpy(__stack.__buf, src, __len);
184 #undef BUF
185
186 }
187
188 ATF_TC(memcpy_end);
ATF_TC_HEAD(memcpy_end,tc)189 ATF_TC_HEAD(memcpy_end, tc)
190 {
191 }
ATF_TC_BODY(memcpy_end,tc)192 ATF_TC_BODY(memcpy_end, tc)
193 {
194 #define BUF &__stack.__buf
195 struct {
196 uint8_t padding_l;
197 unsigned char __buf[42];
198 uint8_t padding_r;
199 } __stack;
200 const size_t __bufsz __unused = sizeof(__stack.__buf);
201 const size_t __len = 42;
202 const size_t __idx __unused = __len - 1;
203 char src[__len + 10];
204
205 memcpy(__stack.__buf, src, __len);
206 #undef BUF
207
208 }
209
210 ATF_TC(memcpy_heap_before_end);
ATF_TC_HEAD(memcpy_heap_before_end,tc)211 ATF_TC_HEAD(memcpy_heap_before_end, tc)
212 {
213 }
ATF_TC_BODY(memcpy_heap_before_end,tc)214 ATF_TC_BODY(memcpy_heap_before_end, tc)
215 {
216 #define BUF __stack.__buf
217 struct {
218 uint8_t padding_l;
219 unsigned char * __buf;
220 uint8_t padding_r;
221 } __stack;
222 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
223 const size_t __len = 42 - 1;
224 const size_t __idx __unused = __len - 1;
225 char src[__len + 10];
226
227 __stack.__buf = malloc(__bufsz);
228
229 memcpy(__stack.__buf, src, __len);
230 #undef BUF
231
232 }
233
234 ATF_TC(memcpy_heap_end);
ATF_TC_HEAD(memcpy_heap_end,tc)235 ATF_TC_HEAD(memcpy_heap_end, tc)
236 {
237 }
ATF_TC_BODY(memcpy_heap_end,tc)238 ATF_TC_BODY(memcpy_heap_end, tc)
239 {
240 #define BUF __stack.__buf
241 struct {
242 uint8_t padding_l;
243 unsigned char * __buf;
244 uint8_t padding_r;
245 } __stack;
246 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
247 const size_t __len = 42;
248 const size_t __idx __unused = __len - 1;
249 char src[__len + 10];
250
251 __stack.__buf = malloc(__bufsz);
252
253 memcpy(__stack.__buf, src, __len);
254 #undef BUF
255
256 }
257
258 ATF_TC(memcpy_heap_after_end);
ATF_TC_HEAD(memcpy_heap_after_end,tc)259 ATF_TC_HEAD(memcpy_heap_after_end, tc)
260 {
261 }
ATF_TC_BODY(memcpy_heap_after_end,tc)262 ATF_TC_BODY(memcpy_heap_after_end, tc)
263 {
264 #define BUF __stack.__buf
265 struct {
266 uint8_t padding_l;
267 unsigned char * __buf;
268 uint8_t padding_r;
269 } __stack;
270 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
271 const size_t __len = 42 + 1;
272 const size_t __idx __unused = __len - 1;
273 pid_t __child;
274 int __status;
275 char src[__len + 10];
276
277 __child = fork();
278 ATF_REQUIRE(__child >= 0);
279 if (__child > 0)
280 goto monitor;
281
282 /* Child */
283 disable_coredumps();
284 __stack.__buf = malloc(__bufsz);
285
286 memcpy(__stack.__buf, src, __len);
287 _exit(EX_SOFTWARE); /* Should have aborted. */
288
289 monitor:
290 while (waitpid(__child, &__status, 0) != __child) {
291 ATF_REQUIRE_EQ(EINTR, errno);
292 }
293
294 if (!WIFSIGNALED(__status)) {
295 switch (WEXITSTATUS(__status)) {
296 case EX_SOFTWARE:
297 atf_tc_fail("FORTIFY_SOURCE failed to abort");
298 break;
299 case EX_OSERR:
300 atf_tc_fail("setrlimit(2) failed");
301 break;
302 default:
303 atf_tc_fail("child exited with status %d",
304 WEXITSTATUS(__status));
305 }
306 } else {
307 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
308 }
309 #undef BUF
310
311 }
312
313 ATF_TC(mempcpy_before_end);
ATF_TC_HEAD(mempcpy_before_end,tc)314 ATF_TC_HEAD(mempcpy_before_end, tc)
315 {
316 }
ATF_TC_BODY(mempcpy_before_end,tc)317 ATF_TC_BODY(mempcpy_before_end, tc)
318 {
319 #define BUF &__stack.__buf
320 struct {
321 uint8_t padding_l;
322 unsigned char __buf[42];
323 uint8_t padding_r;
324 } __stack;
325 const size_t __bufsz __unused = sizeof(__stack.__buf);
326 const size_t __len = 42 - 1;
327 const size_t __idx __unused = __len - 1;
328 char src[__len + 10];
329
330 mempcpy(__stack.__buf, src, __len);
331 #undef BUF
332
333 }
334
335 ATF_TC(mempcpy_end);
ATF_TC_HEAD(mempcpy_end,tc)336 ATF_TC_HEAD(mempcpy_end, tc)
337 {
338 }
ATF_TC_BODY(mempcpy_end,tc)339 ATF_TC_BODY(mempcpy_end, tc)
340 {
341 #define BUF &__stack.__buf
342 struct {
343 uint8_t padding_l;
344 unsigned char __buf[42];
345 uint8_t padding_r;
346 } __stack;
347 const size_t __bufsz __unused = sizeof(__stack.__buf);
348 const size_t __len = 42;
349 const size_t __idx __unused = __len - 1;
350 char src[__len + 10];
351
352 mempcpy(__stack.__buf, src, __len);
353 #undef BUF
354
355 }
356
357 ATF_TC(mempcpy_heap_before_end);
ATF_TC_HEAD(mempcpy_heap_before_end,tc)358 ATF_TC_HEAD(mempcpy_heap_before_end, tc)
359 {
360 }
ATF_TC_BODY(mempcpy_heap_before_end,tc)361 ATF_TC_BODY(mempcpy_heap_before_end, tc)
362 {
363 #define BUF __stack.__buf
364 struct {
365 uint8_t padding_l;
366 unsigned char * __buf;
367 uint8_t padding_r;
368 } __stack;
369 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
370 const size_t __len = 42 - 1;
371 const size_t __idx __unused = __len - 1;
372 char src[__len + 10];
373
374 __stack.__buf = malloc(__bufsz);
375
376 mempcpy(__stack.__buf, src, __len);
377 #undef BUF
378
379 }
380
381 ATF_TC(mempcpy_heap_end);
ATF_TC_HEAD(mempcpy_heap_end,tc)382 ATF_TC_HEAD(mempcpy_heap_end, tc)
383 {
384 }
ATF_TC_BODY(mempcpy_heap_end,tc)385 ATF_TC_BODY(mempcpy_heap_end, tc)
386 {
387 #define BUF __stack.__buf
388 struct {
389 uint8_t padding_l;
390 unsigned char * __buf;
391 uint8_t padding_r;
392 } __stack;
393 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
394 const size_t __len = 42;
395 const size_t __idx __unused = __len - 1;
396 char src[__len + 10];
397
398 __stack.__buf = malloc(__bufsz);
399
400 mempcpy(__stack.__buf, src, __len);
401 #undef BUF
402
403 }
404
405 ATF_TC(mempcpy_heap_after_end);
ATF_TC_HEAD(mempcpy_heap_after_end,tc)406 ATF_TC_HEAD(mempcpy_heap_after_end, tc)
407 {
408 }
ATF_TC_BODY(mempcpy_heap_after_end,tc)409 ATF_TC_BODY(mempcpy_heap_after_end, tc)
410 {
411 #define BUF __stack.__buf
412 struct {
413 uint8_t padding_l;
414 unsigned char * __buf;
415 uint8_t padding_r;
416 } __stack;
417 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
418 const size_t __len = 42 + 1;
419 const size_t __idx __unused = __len - 1;
420 pid_t __child;
421 int __status;
422 char src[__len + 10];
423
424 __child = fork();
425 ATF_REQUIRE(__child >= 0);
426 if (__child > 0)
427 goto monitor;
428
429 /* Child */
430 disable_coredumps();
431 __stack.__buf = malloc(__bufsz);
432
433 mempcpy(__stack.__buf, src, __len);
434 _exit(EX_SOFTWARE); /* Should have aborted. */
435
436 monitor:
437 while (waitpid(__child, &__status, 0) != __child) {
438 ATF_REQUIRE_EQ(EINTR, errno);
439 }
440
441 if (!WIFSIGNALED(__status)) {
442 switch (WEXITSTATUS(__status)) {
443 case EX_SOFTWARE:
444 atf_tc_fail("FORTIFY_SOURCE failed to abort");
445 break;
446 case EX_OSERR:
447 atf_tc_fail("setrlimit(2) failed");
448 break;
449 default:
450 atf_tc_fail("child exited with status %d",
451 WEXITSTATUS(__status));
452 }
453 } else {
454 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
455 }
456 #undef BUF
457
458 }
459
460 ATF_TC(memmove_before_end);
ATF_TC_HEAD(memmove_before_end,tc)461 ATF_TC_HEAD(memmove_before_end, tc)
462 {
463 }
ATF_TC_BODY(memmove_before_end,tc)464 ATF_TC_BODY(memmove_before_end, tc)
465 {
466 #define BUF &__stack.__buf
467 struct {
468 uint8_t padding_l;
469 unsigned char __buf[42];
470 uint8_t padding_r;
471 } __stack;
472 const size_t __bufsz __unused = sizeof(__stack.__buf);
473 const size_t __len = 42 - 1;
474 const size_t __idx __unused = __len - 1;
475 char src[__len + 10];
476
477 memmove(__stack.__buf, src, __len);
478 #undef BUF
479
480 }
481
482 ATF_TC(memmove_end);
ATF_TC_HEAD(memmove_end,tc)483 ATF_TC_HEAD(memmove_end, tc)
484 {
485 }
ATF_TC_BODY(memmove_end,tc)486 ATF_TC_BODY(memmove_end, tc)
487 {
488 #define BUF &__stack.__buf
489 struct {
490 uint8_t padding_l;
491 unsigned char __buf[42];
492 uint8_t padding_r;
493 } __stack;
494 const size_t __bufsz __unused = sizeof(__stack.__buf);
495 const size_t __len = 42;
496 const size_t __idx __unused = __len - 1;
497 char src[__len + 10];
498
499 memmove(__stack.__buf, src, __len);
500 #undef BUF
501
502 }
503
504 ATF_TC(memmove_heap_before_end);
ATF_TC_HEAD(memmove_heap_before_end,tc)505 ATF_TC_HEAD(memmove_heap_before_end, tc)
506 {
507 }
ATF_TC_BODY(memmove_heap_before_end,tc)508 ATF_TC_BODY(memmove_heap_before_end, tc)
509 {
510 #define BUF __stack.__buf
511 struct {
512 uint8_t padding_l;
513 unsigned char * __buf;
514 uint8_t padding_r;
515 } __stack;
516 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
517 const size_t __len = 42 - 1;
518 const size_t __idx __unused = __len - 1;
519 char src[__len + 10];
520
521 __stack.__buf = malloc(__bufsz);
522
523 memmove(__stack.__buf, src, __len);
524 #undef BUF
525
526 }
527
528 ATF_TC(memmove_heap_end);
ATF_TC_HEAD(memmove_heap_end,tc)529 ATF_TC_HEAD(memmove_heap_end, tc)
530 {
531 }
ATF_TC_BODY(memmove_heap_end,tc)532 ATF_TC_BODY(memmove_heap_end, tc)
533 {
534 #define BUF __stack.__buf
535 struct {
536 uint8_t padding_l;
537 unsigned char * __buf;
538 uint8_t padding_r;
539 } __stack;
540 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
541 const size_t __len = 42;
542 const size_t __idx __unused = __len - 1;
543 char src[__len + 10];
544
545 __stack.__buf = malloc(__bufsz);
546
547 memmove(__stack.__buf, src, __len);
548 #undef BUF
549
550 }
551
552 ATF_TC(memmove_heap_after_end);
ATF_TC_HEAD(memmove_heap_after_end,tc)553 ATF_TC_HEAD(memmove_heap_after_end, tc)
554 {
555 }
ATF_TC_BODY(memmove_heap_after_end,tc)556 ATF_TC_BODY(memmove_heap_after_end, tc)
557 {
558 #define BUF __stack.__buf
559 struct {
560 uint8_t padding_l;
561 unsigned char * __buf;
562 uint8_t padding_r;
563 } __stack;
564 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
565 const size_t __len = 42 + 1;
566 const size_t __idx __unused = __len - 1;
567 pid_t __child;
568 int __status;
569 char src[__len + 10];
570
571 __child = fork();
572 ATF_REQUIRE(__child >= 0);
573 if (__child > 0)
574 goto monitor;
575
576 /* Child */
577 disable_coredumps();
578 __stack.__buf = malloc(__bufsz);
579
580 memmove(__stack.__buf, src, __len);
581 _exit(EX_SOFTWARE); /* Should have aborted. */
582
583 monitor:
584 while (waitpid(__child, &__status, 0) != __child) {
585 ATF_REQUIRE_EQ(EINTR, errno);
586 }
587
588 if (!WIFSIGNALED(__status)) {
589 switch (WEXITSTATUS(__status)) {
590 case EX_SOFTWARE:
591 atf_tc_fail("FORTIFY_SOURCE failed to abort");
592 break;
593 case EX_OSERR:
594 atf_tc_fail("setrlimit(2) failed");
595 break;
596 default:
597 atf_tc_fail("child exited with status %d",
598 WEXITSTATUS(__status));
599 }
600 } else {
601 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
602 }
603 #undef BUF
604
605 }
606
607 ATF_TC(memset_before_end);
ATF_TC_HEAD(memset_before_end,tc)608 ATF_TC_HEAD(memset_before_end, tc)
609 {
610 }
ATF_TC_BODY(memset_before_end,tc)611 ATF_TC_BODY(memset_before_end, tc)
612 {
613 #define BUF &__stack.__buf
614 struct {
615 uint8_t padding_l;
616 unsigned char __buf[42];
617 uint8_t padding_r;
618 } __stack;
619 const size_t __bufsz __unused = sizeof(__stack.__buf);
620 const size_t __len = 42 - 1;
621 const size_t __idx __unused = __len - 1;
622
623 memset(__stack.__buf, 0, __len);
624 #undef BUF
625
626 }
627
628 ATF_TC(memset_end);
ATF_TC_HEAD(memset_end,tc)629 ATF_TC_HEAD(memset_end, tc)
630 {
631 }
ATF_TC_BODY(memset_end,tc)632 ATF_TC_BODY(memset_end, tc)
633 {
634 #define BUF &__stack.__buf
635 struct {
636 uint8_t padding_l;
637 unsigned char __buf[42];
638 uint8_t padding_r;
639 } __stack;
640 const size_t __bufsz __unused = sizeof(__stack.__buf);
641 const size_t __len = 42;
642 const size_t __idx __unused = __len - 1;
643
644 memset(__stack.__buf, 0, __len);
645 #undef BUF
646
647 }
648
649 ATF_TC(memset_heap_before_end);
ATF_TC_HEAD(memset_heap_before_end,tc)650 ATF_TC_HEAD(memset_heap_before_end, tc)
651 {
652 }
ATF_TC_BODY(memset_heap_before_end,tc)653 ATF_TC_BODY(memset_heap_before_end, tc)
654 {
655 #define BUF __stack.__buf
656 struct {
657 uint8_t padding_l;
658 unsigned char * __buf;
659 uint8_t padding_r;
660 } __stack;
661 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
662 const size_t __len = 42 - 1;
663 const size_t __idx __unused = __len - 1;
664
665 __stack.__buf = malloc(__bufsz);
666
667 memset(__stack.__buf, 0, __len);
668 #undef BUF
669
670 }
671
672 ATF_TC(memset_heap_end);
ATF_TC_HEAD(memset_heap_end,tc)673 ATF_TC_HEAD(memset_heap_end, tc)
674 {
675 }
ATF_TC_BODY(memset_heap_end,tc)676 ATF_TC_BODY(memset_heap_end, tc)
677 {
678 #define BUF __stack.__buf
679 struct {
680 uint8_t padding_l;
681 unsigned char * __buf;
682 uint8_t padding_r;
683 } __stack;
684 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
685 const size_t __len = 42;
686 const size_t __idx __unused = __len - 1;
687
688 __stack.__buf = malloc(__bufsz);
689
690 memset(__stack.__buf, 0, __len);
691 #undef BUF
692
693 }
694
695 ATF_TC(memset_heap_after_end);
ATF_TC_HEAD(memset_heap_after_end,tc)696 ATF_TC_HEAD(memset_heap_after_end, tc)
697 {
698 }
ATF_TC_BODY(memset_heap_after_end,tc)699 ATF_TC_BODY(memset_heap_after_end, tc)
700 {
701 #define BUF __stack.__buf
702 struct {
703 uint8_t padding_l;
704 unsigned char * __buf;
705 uint8_t padding_r;
706 } __stack;
707 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
708 const size_t __len = 42 + 1;
709 const size_t __idx __unused = __len - 1;
710 pid_t __child;
711 int __status;
712
713 __child = fork();
714 ATF_REQUIRE(__child >= 0);
715 if (__child > 0)
716 goto monitor;
717
718 /* Child */
719 disable_coredumps();
720 __stack.__buf = malloc(__bufsz);
721
722 memset(__stack.__buf, 0, __len);
723 _exit(EX_SOFTWARE); /* Should have aborted. */
724
725 monitor:
726 while (waitpid(__child, &__status, 0) != __child) {
727 ATF_REQUIRE_EQ(EINTR, errno);
728 }
729
730 if (!WIFSIGNALED(__status)) {
731 switch (WEXITSTATUS(__status)) {
732 case EX_SOFTWARE:
733 atf_tc_fail("FORTIFY_SOURCE failed to abort");
734 break;
735 case EX_OSERR:
736 atf_tc_fail("setrlimit(2) failed");
737 break;
738 default:
739 atf_tc_fail("child exited with status %d",
740 WEXITSTATUS(__status));
741 }
742 } else {
743 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
744 }
745 #undef BUF
746
747 }
748
749 ATF_TC(memset_explicit_before_end);
ATF_TC_HEAD(memset_explicit_before_end,tc)750 ATF_TC_HEAD(memset_explicit_before_end, tc)
751 {
752 }
ATF_TC_BODY(memset_explicit_before_end,tc)753 ATF_TC_BODY(memset_explicit_before_end, tc)
754 {
755 #define BUF &__stack.__buf
756 struct {
757 uint8_t padding_l;
758 unsigned char __buf[42];
759 uint8_t padding_r;
760 } __stack;
761 const size_t __bufsz __unused = sizeof(__stack.__buf);
762 const size_t __len = 42 - 1;
763 const size_t __idx __unused = __len - 1;
764
765 memset_explicit(__stack.__buf, 0, __len);
766 #undef BUF
767
768 }
769
770 ATF_TC(memset_explicit_end);
ATF_TC_HEAD(memset_explicit_end,tc)771 ATF_TC_HEAD(memset_explicit_end, tc)
772 {
773 }
ATF_TC_BODY(memset_explicit_end,tc)774 ATF_TC_BODY(memset_explicit_end, tc)
775 {
776 #define BUF &__stack.__buf
777 struct {
778 uint8_t padding_l;
779 unsigned char __buf[42];
780 uint8_t padding_r;
781 } __stack;
782 const size_t __bufsz __unused = sizeof(__stack.__buf);
783 const size_t __len = 42;
784 const size_t __idx __unused = __len - 1;
785
786 memset_explicit(__stack.__buf, 0, __len);
787 #undef BUF
788
789 }
790
791 ATF_TC(memset_explicit_heap_before_end);
ATF_TC_HEAD(memset_explicit_heap_before_end,tc)792 ATF_TC_HEAD(memset_explicit_heap_before_end, tc)
793 {
794 }
ATF_TC_BODY(memset_explicit_heap_before_end,tc)795 ATF_TC_BODY(memset_explicit_heap_before_end, tc)
796 {
797 #define BUF __stack.__buf
798 struct {
799 uint8_t padding_l;
800 unsigned char * __buf;
801 uint8_t padding_r;
802 } __stack;
803 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
804 const size_t __len = 42 - 1;
805 const size_t __idx __unused = __len - 1;
806
807 __stack.__buf = malloc(__bufsz);
808
809 memset_explicit(__stack.__buf, 0, __len);
810 #undef BUF
811
812 }
813
814 ATF_TC(memset_explicit_heap_end);
ATF_TC_HEAD(memset_explicit_heap_end,tc)815 ATF_TC_HEAD(memset_explicit_heap_end, tc)
816 {
817 }
ATF_TC_BODY(memset_explicit_heap_end,tc)818 ATF_TC_BODY(memset_explicit_heap_end, tc)
819 {
820 #define BUF __stack.__buf
821 struct {
822 uint8_t padding_l;
823 unsigned char * __buf;
824 uint8_t padding_r;
825 } __stack;
826 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
827 const size_t __len = 42;
828 const size_t __idx __unused = __len - 1;
829
830 __stack.__buf = malloc(__bufsz);
831
832 memset_explicit(__stack.__buf, 0, __len);
833 #undef BUF
834
835 }
836
837 ATF_TC(memset_explicit_heap_after_end);
ATF_TC_HEAD(memset_explicit_heap_after_end,tc)838 ATF_TC_HEAD(memset_explicit_heap_after_end, tc)
839 {
840 }
ATF_TC_BODY(memset_explicit_heap_after_end,tc)841 ATF_TC_BODY(memset_explicit_heap_after_end, tc)
842 {
843 #define BUF __stack.__buf
844 struct {
845 uint8_t padding_l;
846 unsigned char * __buf;
847 uint8_t padding_r;
848 } __stack;
849 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
850 const size_t __len = 42 + 1;
851 const size_t __idx __unused = __len - 1;
852 pid_t __child;
853 int __status;
854
855 __child = fork();
856 ATF_REQUIRE(__child >= 0);
857 if (__child > 0)
858 goto monitor;
859
860 /* Child */
861 disable_coredumps();
862 __stack.__buf = malloc(__bufsz);
863
864 memset_explicit(__stack.__buf, 0, __len);
865 _exit(EX_SOFTWARE); /* Should have aborted. */
866
867 monitor:
868 while (waitpid(__child, &__status, 0) != __child) {
869 ATF_REQUIRE_EQ(EINTR, errno);
870 }
871
872 if (!WIFSIGNALED(__status)) {
873 switch (WEXITSTATUS(__status)) {
874 case EX_SOFTWARE:
875 atf_tc_fail("FORTIFY_SOURCE failed to abort");
876 break;
877 case EX_OSERR:
878 atf_tc_fail("setrlimit(2) failed");
879 break;
880 default:
881 atf_tc_fail("child exited with status %d",
882 WEXITSTATUS(__status));
883 }
884 } else {
885 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
886 }
887 #undef BUF
888
889 }
890
891 ATF_TC(stpcpy_before_end);
ATF_TC_HEAD(stpcpy_before_end,tc)892 ATF_TC_HEAD(stpcpy_before_end, tc)
893 {
894 }
ATF_TC_BODY(stpcpy_before_end,tc)895 ATF_TC_BODY(stpcpy_before_end, tc)
896 {
897 #define BUF &__stack.__buf
898 struct {
899 uint8_t padding_l;
900 unsigned char __buf[42];
901 uint8_t padding_r;
902 } __stack;
903 const size_t __bufsz __unused = sizeof(__stack.__buf);
904 const size_t __len = 42 - 1;
905 const size_t __idx __unused = __len - 1;
906 char src[__len];
907
908 memset(__stack.__buf, 0, __len);
909 memset(src, 'A', __len - 1);
910 src[__len - 1] = '\0';
911
912 stpcpy(__stack.__buf, src);
913 #undef BUF
914
915 }
916
917 ATF_TC(stpcpy_end);
ATF_TC_HEAD(stpcpy_end,tc)918 ATF_TC_HEAD(stpcpy_end, tc)
919 {
920 }
ATF_TC_BODY(stpcpy_end,tc)921 ATF_TC_BODY(stpcpy_end, tc)
922 {
923 #define BUF &__stack.__buf
924 struct {
925 uint8_t padding_l;
926 unsigned char __buf[42];
927 uint8_t padding_r;
928 } __stack;
929 const size_t __bufsz __unused = sizeof(__stack.__buf);
930 const size_t __len = 42;
931 const size_t __idx __unused = __len - 1;
932 char src[__len];
933
934 memset(__stack.__buf, 0, __len);
935 memset(src, 'A', __len - 1);
936 src[__len - 1] = '\0';
937
938 stpcpy(__stack.__buf, src);
939 #undef BUF
940
941 }
942
943 ATF_TC(stpcpy_heap_before_end);
ATF_TC_HEAD(stpcpy_heap_before_end,tc)944 ATF_TC_HEAD(stpcpy_heap_before_end, tc)
945 {
946 }
ATF_TC_BODY(stpcpy_heap_before_end,tc)947 ATF_TC_BODY(stpcpy_heap_before_end, tc)
948 {
949 #define BUF __stack.__buf
950 struct {
951 uint8_t padding_l;
952 unsigned char * __buf;
953 uint8_t padding_r;
954 } __stack;
955 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
956 const size_t __len = 42 - 1;
957 const size_t __idx __unused = __len - 1;
958 char src[__len];
959
960 __stack.__buf = malloc(__bufsz);
961 memset(__stack.__buf, 0, __len);
962 memset(src, 'A', __len - 1);
963 src[__len - 1] = '\0';
964
965 stpcpy(__stack.__buf, src);
966 #undef BUF
967
968 }
969
970 ATF_TC(stpcpy_heap_end);
ATF_TC_HEAD(stpcpy_heap_end,tc)971 ATF_TC_HEAD(stpcpy_heap_end, tc)
972 {
973 }
ATF_TC_BODY(stpcpy_heap_end,tc)974 ATF_TC_BODY(stpcpy_heap_end, tc)
975 {
976 #define BUF __stack.__buf
977 struct {
978 uint8_t padding_l;
979 unsigned char * __buf;
980 uint8_t padding_r;
981 } __stack;
982 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
983 const size_t __len = 42;
984 const size_t __idx __unused = __len - 1;
985 char src[__len];
986
987 __stack.__buf = malloc(__bufsz);
988 memset(__stack.__buf, 0, __len);
989 memset(src, 'A', __len - 1);
990 src[__len - 1] = '\0';
991
992 stpcpy(__stack.__buf, src);
993 #undef BUF
994
995 }
996
997 ATF_TC(stpcpy_heap_after_end);
ATF_TC_HEAD(stpcpy_heap_after_end,tc)998 ATF_TC_HEAD(stpcpy_heap_after_end, tc)
999 {
1000 }
ATF_TC_BODY(stpcpy_heap_after_end,tc)1001 ATF_TC_BODY(stpcpy_heap_after_end, tc)
1002 {
1003 #define BUF __stack.__buf
1004 struct {
1005 uint8_t padding_l;
1006 unsigned char * __buf;
1007 uint8_t padding_r;
1008 } __stack;
1009 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1010 const size_t __len = 42 + 1;
1011 const size_t __idx __unused = __len - 1;
1012 pid_t __child;
1013 int __status;
1014 char src[__len];
1015
1016 __child = fork();
1017 ATF_REQUIRE(__child >= 0);
1018 if (__child > 0)
1019 goto monitor;
1020
1021 /* Child */
1022 disable_coredumps();
1023 __stack.__buf = malloc(__bufsz);
1024 memset(__stack.__buf, 0, __len);
1025 memset(src, 'A', __len - 1);
1026 src[__len - 1] = '\0';
1027
1028 stpcpy(__stack.__buf, src);
1029 _exit(EX_SOFTWARE); /* Should have aborted. */
1030
1031 monitor:
1032 while (waitpid(__child, &__status, 0) != __child) {
1033 ATF_REQUIRE_EQ(EINTR, errno);
1034 }
1035
1036 if (!WIFSIGNALED(__status)) {
1037 switch (WEXITSTATUS(__status)) {
1038 case EX_SOFTWARE:
1039 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1040 break;
1041 case EX_OSERR:
1042 atf_tc_fail("setrlimit(2) failed");
1043 break;
1044 default:
1045 atf_tc_fail("child exited with status %d",
1046 WEXITSTATUS(__status));
1047 }
1048 } else {
1049 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1050 }
1051 #undef BUF
1052
1053 }
1054
1055 ATF_TC(stpncpy_before_end);
ATF_TC_HEAD(stpncpy_before_end,tc)1056 ATF_TC_HEAD(stpncpy_before_end, tc)
1057 {
1058 }
ATF_TC_BODY(stpncpy_before_end,tc)1059 ATF_TC_BODY(stpncpy_before_end, tc)
1060 {
1061 #define BUF &__stack.__buf
1062 struct {
1063 uint8_t padding_l;
1064 unsigned char __buf[42];
1065 uint8_t padding_r;
1066 } __stack;
1067 const size_t __bufsz __unused = sizeof(__stack.__buf);
1068 const size_t __len = 42 - 1;
1069 const size_t __idx __unused = __len - 1;
1070 char src[__len];
1071
1072 memset(__stack.__buf, 0, __len);
1073 memset(src, 'A', __len - 1);
1074 src[__len - 1] = '\0';
1075
1076 stpncpy(__stack.__buf, src, __len);
1077 #undef BUF
1078
1079 }
1080
1081 ATF_TC(stpncpy_end);
ATF_TC_HEAD(stpncpy_end,tc)1082 ATF_TC_HEAD(stpncpy_end, tc)
1083 {
1084 }
ATF_TC_BODY(stpncpy_end,tc)1085 ATF_TC_BODY(stpncpy_end, tc)
1086 {
1087 #define BUF &__stack.__buf
1088 struct {
1089 uint8_t padding_l;
1090 unsigned char __buf[42];
1091 uint8_t padding_r;
1092 } __stack;
1093 const size_t __bufsz __unused = sizeof(__stack.__buf);
1094 const size_t __len = 42;
1095 const size_t __idx __unused = __len - 1;
1096 char src[__len];
1097
1098 memset(__stack.__buf, 0, __len);
1099 memset(src, 'A', __len - 1);
1100 src[__len - 1] = '\0';
1101
1102 stpncpy(__stack.__buf, src, __len);
1103 #undef BUF
1104
1105 }
1106
1107 ATF_TC(stpncpy_heap_before_end);
ATF_TC_HEAD(stpncpy_heap_before_end,tc)1108 ATF_TC_HEAD(stpncpy_heap_before_end, tc)
1109 {
1110 }
ATF_TC_BODY(stpncpy_heap_before_end,tc)1111 ATF_TC_BODY(stpncpy_heap_before_end, tc)
1112 {
1113 #define BUF __stack.__buf
1114 struct {
1115 uint8_t padding_l;
1116 unsigned char * __buf;
1117 uint8_t padding_r;
1118 } __stack;
1119 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1120 const size_t __len = 42 - 1;
1121 const size_t __idx __unused = __len - 1;
1122 char src[__len];
1123
1124 __stack.__buf = malloc(__bufsz);
1125 memset(__stack.__buf, 0, __len);
1126 memset(src, 'A', __len - 1);
1127 src[__len - 1] = '\0';
1128
1129 stpncpy(__stack.__buf, src, __len);
1130 #undef BUF
1131
1132 }
1133
1134 ATF_TC(stpncpy_heap_end);
ATF_TC_HEAD(stpncpy_heap_end,tc)1135 ATF_TC_HEAD(stpncpy_heap_end, tc)
1136 {
1137 }
ATF_TC_BODY(stpncpy_heap_end,tc)1138 ATF_TC_BODY(stpncpy_heap_end, tc)
1139 {
1140 #define BUF __stack.__buf
1141 struct {
1142 uint8_t padding_l;
1143 unsigned char * __buf;
1144 uint8_t padding_r;
1145 } __stack;
1146 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1147 const size_t __len = 42;
1148 const size_t __idx __unused = __len - 1;
1149 char src[__len];
1150
1151 __stack.__buf = malloc(__bufsz);
1152 memset(__stack.__buf, 0, __len);
1153 memset(src, 'A', __len - 1);
1154 src[__len - 1] = '\0';
1155
1156 stpncpy(__stack.__buf, src, __len);
1157 #undef BUF
1158
1159 }
1160
1161 ATF_TC(stpncpy_heap_after_end);
ATF_TC_HEAD(stpncpy_heap_after_end,tc)1162 ATF_TC_HEAD(stpncpy_heap_after_end, tc)
1163 {
1164 }
ATF_TC_BODY(stpncpy_heap_after_end,tc)1165 ATF_TC_BODY(stpncpy_heap_after_end, tc)
1166 {
1167 #define BUF __stack.__buf
1168 struct {
1169 uint8_t padding_l;
1170 unsigned char * __buf;
1171 uint8_t padding_r;
1172 } __stack;
1173 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1174 const size_t __len = 42 + 1;
1175 const size_t __idx __unused = __len - 1;
1176 pid_t __child;
1177 int __status;
1178 char src[__len];
1179
1180 __child = fork();
1181 ATF_REQUIRE(__child >= 0);
1182 if (__child > 0)
1183 goto monitor;
1184
1185 /* Child */
1186 disable_coredumps();
1187 __stack.__buf = malloc(__bufsz);
1188 memset(__stack.__buf, 0, __len);
1189 memset(src, 'A', __len - 1);
1190 src[__len - 1] = '\0';
1191
1192 stpncpy(__stack.__buf, src, __len);
1193 _exit(EX_SOFTWARE); /* Should have aborted. */
1194
1195 monitor:
1196 while (waitpid(__child, &__status, 0) != __child) {
1197 ATF_REQUIRE_EQ(EINTR, errno);
1198 }
1199
1200 if (!WIFSIGNALED(__status)) {
1201 switch (WEXITSTATUS(__status)) {
1202 case EX_SOFTWARE:
1203 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1204 break;
1205 case EX_OSERR:
1206 atf_tc_fail("setrlimit(2) failed");
1207 break;
1208 default:
1209 atf_tc_fail("child exited with status %d",
1210 WEXITSTATUS(__status));
1211 }
1212 } else {
1213 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1214 }
1215 #undef BUF
1216
1217 }
1218
1219 ATF_TC(strcat_before_end);
ATF_TC_HEAD(strcat_before_end,tc)1220 ATF_TC_HEAD(strcat_before_end, tc)
1221 {
1222 }
ATF_TC_BODY(strcat_before_end,tc)1223 ATF_TC_BODY(strcat_before_end, tc)
1224 {
1225 #define BUF &__stack.__buf
1226 struct {
1227 uint8_t padding_l;
1228 unsigned char __buf[42];
1229 uint8_t padding_r;
1230 } __stack;
1231 const size_t __bufsz __unused = sizeof(__stack.__buf);
1232 const size_t __len = 42 - 1;
1233 const size_t __idx __unused = __len - 1;
1234 char src[__len];
1235
1236 memset(__stack.__buf, 0, __len);
1237 memset(src, 'A', __len - 1);
1238 src[__len - 1] = '\0';
1239
1240 strcat(__stack.__buf, src);
1241 #undef BUF
1242
1243 }
1244
1245 ATF_TC(strcat_end);
ATF_TC_HEAD(strcat_end,tc)1246 ATF_TC_HEAD(strcat_end, tc)
1247 {
1248 }
ATF_TC_BODY(strcat_end,tc)1249 ATF_TC_BODY(strcat_end, tc)
1250 {
1251 #define BUF &__stack.__buf
1252 struct {
1253 uint8_t padding_l;
1254 unsigned char __buf[42];
1255 uint8_t padding_r;
1256 } __stack;
1257 const size_t __bufsz __unused = sizeof(__stack.__buf);
1258 const size_t __len = 42;
1259 const size_t __idx __unused = __len - 1;
1260 char src[__len];
1261
1262 memset(__stack.__buf, 0, __len);
1263 memset(src, 'A', __len - 1);
1264 src[__len - 1] = '\0';
1265
1266 strcat(__stack.__buf, src);
1267 #undef BUF
1268
1269 }
1270
1271 ATF_TC(strcat_heap_before_end);
ATF_TC_HEAD(strcat_heap_before_end,tc)1272 ATF_TC_HEAD(strcat_heap_before_end, tc)
1273 {
1274 }
ATF_TC_BODY(strcat_heap_before_end,tc)1275 ATF_TC_BODY(strcat_heap_before_end, tc)
1276 {
1277 #define BUF __stack.__buf
1278 struct {
1279 uint8_t padding_l;
1280 unsigned char * __buf;
1281 uint8_t padding_r;
1282 } __stack;
1283 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1284 const size_t __len = 42 - 1;
1285 const size_t __idx __unused = __len - 1;
1286 char src[__len];
1287
1288 __stack.__buf = malloc(__bufsz);
1289 memset(__stack.__buf, 0, __len);
1290 memset(src, 'A', __len - 1);
1291 src[__len - 1] = '\0';
1292
1293 strcat(__stack.__buf, src);
1294 #undef BUF
1295
1296 }
1297
1298 ATF_TC(strcat_heap_end);
ATF_TC_HEAD(strcat_heap_end,tc)1299 ATF_TC_HEAD(strcat_heap_end, tc)
1300 {
1301 }
ATF_TC_BODY(strcat_heap_end,tc)1302 ATF_TC_BODY(strcat_heap_end, tc)
1303 {
1304 #define BUF __stack.__buf
1305 struct {
1306 uint8_t padding_l;
1307 unsigned char * __buf;
1308 uint8_t padding_r;
1309 } __stack;
1310 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1311 const size_t __len = 42;
1312 const size_t __idx __unused = __len - 1;
1313 char src[__len];
1314
1315 __stack.__buf = malloc(__bufsz);
1316 memset(__stack.__buf, 0, __len);
1317 memset(src, 'A', __len - 1);
1318 src[__len - 1] = '\0';
1319
1320 strcat(__stack.__buf, src);
1321 #undef BUF
1322
1323 }
1324
1325 ATF_TC(strcat_heap_after_end);
ATF_TC_HEAD(strcat_heap_after_end,tc)1326 ATF_TC_HEAD(strcat_heap_after_end, tc)
1327 {
1328 }
ATF_TC_BODY(strcat_heap_after_end,tc)1329 ATF_TC_BODY(strcat_heap_after_end, tc)
1330 {
1331 #define BUF __stack.__buf
1332 struct {
1333 uint8_t padding_l;
1334 unsigned char * __buf;
1335 uint8_t padding_r;
1336 } __stack;
1337 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1338 const size_t __len = 42 + 1;
1339 const size_t __idx __unused = __len - 1;
1340 pid_t __child;
1341 int __status;
1342 char src[__len];
1343
1344 __child = fork();
1345 ATF_REQUIRE(__child >= 0);
1346 if (__child > 0)
1347 goto monitor;
1348
1349 /* Child */
1350 disable_coredumps();
1351 __stack.__buf = malloc(__bufsz);
1352 memset(__stack.__buf, 0, __len);
1353 memset(src, 'A', __len - 1);
1354 src[__len - 1] = '\0';
1355
1356 strcat(__stack.__buf, src);
1357 _exit(EX_SOFTWARE); /* Should have aborted. */
1358
1359 monitor:
1360 while (waitpid(__child, &__status, 0) != __child) {
1361 ATF_REQUIRE_EQ(EINTR, errno);
1362 }
1363
1364 if (!WIFSIGNALED(__status)) {
1365 switch (WEXITSTATUS(__status)) {
1366 case EX_SOFTWARE:
1367 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1368 break;
1369 case EX_OSERR:
1370 atf_tc_fail("setrlimit(2) failed");
1371 break;
1372 default:
1373 atf_tc_fail("child exited with status %d",
1374 WEXITSTATUS(__status));
1375 }
1376 } else {
1377 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1378 }
1379 #undef BUF
1380
1381 }
1382
1383 ATF_TC(strlcat_before_end);
ATF_TC_HEAD(strlcat_before_end,tc)1384 ATF_TC_HEAD(strlcat_before_end, tc)
1385 {
1386 }
ATF_TC_BODY(strlcat_before_end,tc)1387 ATF_TC_BODY(strlcat_before_end, tc)
1388 {
1389 #define BUF &__stack.__buf
1390 struct {
1391 uint8_t padding_l;
1392 unsigned char __buf[42];
1393 uint8_t padding_r;
1394 } __stack;
1395 const size_t __bufsz __unused = sizeof(__stack.__buf);
1396 const size_t __len = 42 - 1;
1397 const size_t __idx __unused = __len - 1;
1398 char src[__len];
1399
1400 memset(__stack.__buf, 0, __len);
1401 memset(src, 'A', __len - 1);
1402 src[__len - 1] = '\0';
1403
1404 strlcat(__stack.__buf, src, __len);
1405 #undef BUF
1406
1407 }
1408
1409 ATF_TC(strlcat_end);
ATF_TC_HEAD(strlcat_end,tc)1410 ATF_TC_HEAD(strlcat_end, tc)
1411 {
1412 }
ATF_TC_BODY(strlcat_end,tc)1413 ATF_TC_BODY(strlcat_end, tc)
1414 {
1415 #define BUF &__stack.__buf
1416 struct {
1417 uint8_t padding_l;
1418 unsigned char __buf[42];
1419 uint8_t padding_r;
1420 } __stack;
1421 const size_t __bufsz __unused = sizeof(__stack.__buf);
1422 const size_t __len = 42;
1423 const size_t __idx __unused = __len - 1;
1424 char src[__len];
1425
1426 memset(__stack.__buf, 0, __len);
1427 memset(src, 'A', __len - 1);
1428 src[__len - 1] = '\0';
1429
1430 strlcat(__stack.__buf, src, __len);
1431 #undef BUF
1432
1433 }
1434
1435 ATF_TC(strlcat_heap_before_end);
ATF_TC_HEAD(strlcat_heap_before_end,tc)1436 ATF_TC_HEAD(strlcat_heap_before_end, tc)
1437 {
1438 }
ATF_TC_BODY(strlcat_heap_before_end,tc)1439 ATF_TC_BODY(strlcat_heap_before_end, tc)
1440 {
1441 #define BUF __stack.__buf
1442 struct {
1443 uint8_t padding_l;
1444 unsigned char * __buf;
1445 uint8_t padding_r;
1446 } __stack;
1447 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1448 const size_t __len = 42 - 1;
1449 const size_t __idx __unused = __len - 1;
1450 char src[__len];
1451
1452 __stack.__buf = malloc(__bufsz);
1453 memset(__stack.__buf, 0, __len);
1454 memset(src, 'A', __len - 1);
1455 src[__len - 1] = '\0';
1456
1457 strlcat(__stack.__buf, src, __len);
1458 #undef BUF
1459
1460 }
1461
1462 ATF_TC(strlcat_heap_end);
ATF_TC_HEAD(strlcat_heap_end,tc)1463 ATF_TC_HEAD(strlcat_heap_end, tc)
1464 {
1465 }
ATF_TC_BODY(strlcat_heap_end,tc)1466 ATF_TC_BODY(strlcat_heap_end, tc)
1467 {
1468 #define BUF __stack.__buf
1469 struct {
1470 uint8_t padding_l;
1471 unsigned char * __buf;
1472 uint8_t padding_r;
1473 } __stack;
1474 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1475 const size_t __len = 42;
1476 const size_t __idx __unused = __len - 1;
1477 char src[__len];
1478
1479 __stack.__buf = malloc(__bufsz);
1480 memset(__stack.__buf, 0, __len);
1481 memset(src, 'A', __len - 1);
1482 src[__len - 1] = '\0';
1483
1484 strlcat(__stack.__buf, src, __len);
1485 #undef BUF
1486
1487 }
1488
1489 ATF_TC(strlcat_heap_after_end);
ATF_TC_HEAD(strlcat_heap_after_end,tc)1490 ATF_TC_HEAD(strlcat_heap_after_end, tc)
1491 {
1492 }
ATF_TC_BODY(strlcat_heap_after_end,tc)1493 ATF_TC_BODY(strlcat_heap_after_end, tc)
1494 {
1495 #define BUF __stack.__buf
1496 struct {
1497 uint8_t padding_l;
1498 unsigned char * __buf;
1499 uint8_t padding_r;
1500 } __stack;
1501 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1502 const size_t __len = 42 + 1;
1503 const size_t __idx __unused = __len - 1;
1504 pid_t __child;
1505 int __status;
1506 char src[__len];
1507
1508 __child = fork();
1509 ATF_REQUIRE(__child >= 0);
1510 if (__child > 0)
1511 goto monitor;
1512
1513 /* Child */
1514 disable_coredumps();
1515 __stack.__buf = malloc(__bufsz);
1516 memset(__stack.__buf, 0, __len);
1517 memset(src, 'A', __len - 1);
1518 src[__len - 1] = '\0';
1519
1520 strlcat(__stack.__buf, src, __len);
1521 _exit(EX_SOFTWARE); /* Should have aborted. */
1522
1523 monitor:
1524 while (waitpid(__child, &__status, 0) != __child) {
1525 ATF_REQUIRE_EQ(EINTR, errno);
1526 }
1527
1528 if (!WIFSIGNALED(__status)) {
1529 switch (WEXITSTATUS(__status)) {
1530 case EX_SOFTWARE:
1531 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1532 break;
1533 case EX_OSERR:
1534 atf_tc_fail("setrlimit(2) failed");
1535 break;
1536 default:
1537 atf_tc_fail("child exited with status %d",
1538 WEXITSTATUS(__status));
1539 }
1540 } else {
1541 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1542 }
1543 #undef BUF
1544
1545 }
1546
1547 ATF_TC(strncat_before_end);
ATF_TC_HEAD(strncat_before_end,tc)1548 ATF_TC_HEAD(strncat_before_end, tc)
1549 {
1550 }
ATF_TC_BODY(strncat_before_end,tc)1551 ATF_TC_BODY(strncat_before_end, tc)
1552 {
1553 #define BUF &__stack.__buf
1554 struct {
1555 uint8_t padding_l;
1556 unsigned char __buf[42];
1557 uint8_t padding_r;
1558 } __stack;
1559 const size_t __bufsz __unused = sizeof(__stack.__buf);
1560 const size_t __len = 42 - 1;
1561 const size_t __idx __unused = __len - 1;
1562 char src[__len];
1563
1564 memset(__stack.__buf, 0, __len);
1565 memset(src, 'A', __len - 1);
1566 src[__len - 1] = '\0';
1567
1568 strncat(__stack.__buf, src, __len);
1569 #undef BUF
1570
1571 }
1572
1573 ATF_TC(strncat_end);
ATF_TC_HEAD(strncat_end,tc)1574 ATF_TC_HEAD(strncat_end, tc)
1575 {
1576 }
ATF_TC_BODY(strncat_end,tc)1577 ATF_TC_BODY(strncat_end, tc)
1578 {
1579 #define BUF &__stack.__buf
1580 struct {
1581 uint8_t padding_l;
1582 unsigned char __buf[42];
1583 uint8_t padding_r;
1584 } __stack;
1585 const size_t __bufsz __unused = sizeof(__stack.__buf);
1586 const size_t __len = 42;
1587 const size_t __idx __unused = __len - 1;
1588 char src[__len];
1589
1590 memset(__stack.__buf, 0, __len);
1591 memset(src, 'A', __len - 1);
1592 src[__len - 1] = '\0';
1593
1594 strncat(__stack.__buf, src, __len);
1595 #undef BUF
1596
1597 }
1598
1599 ATF_TC(strncat_heap_before_end);
ATF_TC_HEAD(strncat_heap_before_end,tc)1600 ATF_TC_HEAD(strncat_heap_before_end, tc)
1601 {
1602 }
ATF_TC_BODY(strncat_heap_before_end,tc)1603 ATF_TC_BODY(strncat_heap_before_end, tc)
1604 {
1605 #define BUF __stack.__buf
1606 struct {
1607 uint8_t padding_l;
1608 unsigned char * __buf;
1609 uint8_t padding_r;
1610 } __stack;
1611 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1612 const size_t __len = 42 - 1;
1613 const size_t __idx __unused = __len - 1;
1614 char src[__len];
1615
1616 __stack.__buf = malloc(__bufsz);
1617 memset(__stack.__buf, 0, __len);
1618 memset(src, 'A', __len - 1);
1619 src[__len - 1] = '\0';
1620
1621 strncat(__stack.__buf, src, __len);
1622 #undef BUF
1623
1624 }
1625
1626 ATF_TC(strncat_heap_end);
ATF_TC_HEAD(strncat_heap_end,tc)1627 ATF_TC_HEAD(strncat_heap_end, tc)
1628 {
1629 }
ATF_TC_BODY(strncat_heap_end,tc)1630 ATF_TC_BODY(strncat_heap_end, tc)
1631 {
1632 #define BUF __stack.__buf
1633 struct {
1634 uint8_t padding_l;
1635 unsigned char * __buf;
1636 uint8_t padding_r;
1637 } __stack;
1638 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1639 const size_t __len = 42;
1640 const size_t __idx __unused = __len - 1;
1641 char src[__len];
1642
1643 __stack.__buf = malloc(__bufsz);
1644 memset(__stack.__buf, 0, __len);
1645 memset(src, 'A', __len - 1);
1646 src[__len - 1] = '\0';
1647
1648 strncat(__stack.__buf, src, __len);
1649 #undef BUF
1650
1651 }
1652
1653 ATF_TC(strncat_heap_after_end);
ATF_TC_HEAD(strncat_heap_after_end,tc)1654 ATF_TC_HEAD(strncat_heap_after_end, tc)
1655 {
1656 }
ATF_TC_BODY(strncat_heap_after_end,tc)1657 ATF_TC_BODY(strncat_heap_after_end, tc)
1658 {
1659 #define BUF __stack.__buf
1660 struct {
1661 uint8_t padding_l;
1662 unsigned char * __buf;
1663 uint8_t padding_r;
1664 } __stack;
1665 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1666 const size_t __len = 42 + 1;
1667 const size_t __idx __unused = __len - 1;
1668 pid_t __child;
1669 int __status;
1670 char src[__len];
1671
1672 __child = fork();
1673 ATF_REQUIRE(__child >= 0);
1674 if (__child > 0)
1675 goto monitor;
1676
1677 /* Child */
1678 disable_coredumps();
1679 __stack.__buf = malloc(__bufsz);
1680 memset(__stack.__buf, 0, __len);
1681 memset(src, 'A', __len - 1);
1682 src[__len - 1] = '\0';
1683
1684 strncat(__stack.__buf, src, __len);
1685 _exit(EX_SOFTWARE); /* Should have aborted. */
1686
1687 monitor:
1688 while (waitpid(__child, &__status, 0) != __child) {
1689 ATF_REQUIRE_EQ(EINTR, errno);
1690 }
1691
1692 if (!WIFSIGNALED(__status)) {
1693 switch (WEXITSTATUS(__status)) {
1694 case EX_SOFTWARE:
1695 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1696 break;
1697 case EX_OSERR:
1698 atf_tc_fail("setrlimit(2) failed");
1699 break;
1700 default:
1701 atf_tc_fail("child exited with status %d",
1702 WEXITSTATUS(__status));
1703 }
1704 } else {
1705 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1706 }
1707 #undef BUF
1708
1709 }
1710
1711 ATF_TC(strcpy_before_end);
ATF_TC_HEAD(strcpy_before_end,tc)1712 ATF_TC_HEAD(strcpy_before_end, tc)
1713 {
1714 }
ATF_TC_BODY(strcpy_before_end,tc)1715 ATF_TC_BODY(strcpy_before_end, tc)
1716 {
1717 #define BUF &__stack.__buf
1718 struct {
1719 uint8_t padding_l;
1720 unsigned char __buf[42];
1721 uint8_t padding_r;
1722 } __stack;
1723 const size_t __bufsz __unused = sizeof(__stack.__buf);
1724 const size_t __len = 42 - 1;
1725 const size_t __idx __unused = __len - 1;
1726 char src[__len];
1727
1728 memset(__stack.__buf, 0, __len);
1729 memset(src, 'A', __len - 1);
1730 src[__len - 1] = '\0';
1731
1732 strcpy(__stack.__buf, src);
1733 #undef BUF
1734
1735 }
1736
1737 ATF_TC(strcpy_end);
ATF_TC_HEAD(strcpy_end,tc)1738 ATF_TC_HEAD(strcpy_end, tc)
1739 {
1740 }
ATF_TC_BODY(strcpy_end,tc)1741 ATF_TC_BODY(strcpy_end, tc)
1742 {
1743 #define BUF &__stack.__buf
1744 struct {
1745 uint8_t padding_l;
1746 unsigned char __buf[42];
1747 uint8_t padding_r;
1748 } __stack;
1749 const size_t __bufsz __unused = sizeof(__stack.__buf);
1750 const size_t __len = 42;
1751 const size_t __idx __unused = __len - 1;
1752 char src[__len];
1753
1754 memset(__stack.__buf, 0, __len);
1755 memset(src, 'A', __len - 1);
1756 src[__len - 1] = '\0';
1757
1758 strcpy(__stack.__buf, src);
1759 #undef BUF
1760
1761 }
1762
1763 ATF_TC(strcpy_heap_before_end);
ATF_TC_HEAD(strcpy_heap_before_end,tc)1764 ATF_TC_HEAD(strcpy_heap_before_end, tc)
1765 {
1766 }
ATF_TC_BODY(strcpy_heap_before_end,tc)1767 ATF_TC_BODY(strcpy_heap_before_end, tc)
1768 {
1769 #define BUF __stack.__buf
1770 struct {
1771 uint8_t padding_l;
1772 unsigned char * __buf;
1773 uint8_t padding_r;
1774 } __stack;
1775 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1776 const size_t __len = 42 - 1;
1777 const size_t __idx __unused = __len - 1;
1778 char src[__len];
1779
1780 __stack.__buf = malloc(__bufsz);
1781 memset(__stack.__buf, 0, __len);
1782 memset(src, 'A', __len - 1);
1783 src[__len - 1] = '\0';
1784
1785 strcpy(__stack.__buf, src);
1786 #undef BUF
1787
1788 }
1789
1790 ATF_TC(strcpy_heap_end);
ATF_TC_HEAD(strcpy_heap_end,tc)1791 ATF_TC_HEAD(strcpy_heap_end, tc)
1792 {
1793 }
ATF_TC_BODY(strcpy_heap_end,tc)1794 ATF_TC_BODY(strcpy_heap_end, tc)
1795 {
1796 #define BUF __stack.__buf
1797 struct {
1798 uint8_t padding_l;
1799 unsigned char * __buf;
1800 uint8_t padding_r;
1801 } __stack;
1802 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1803 const size_t __len = 42;
1804 const size_t __idx __unused = __len - 1;
1805 char src[__len];
1806
1807 __stack.__buf = malloc(__bufsz);
1808 memset(__stack.__buf, 0, __len);
1809 memset(src, 'A', __len - 1);
1810 src[__len - 1] = '\0';
1811
1812 strcpy(__stack.__buf, src);
1813 #undef BUF
1814
1815 }
1816
1817 ATF_TC(strcpy_heap_after_end);
ATF_TC_HEAD(strcpy_heap_after_end,tc)1818 ATF_TC_HEAD(strcpy_heap_after_end, tc)
1819 {
1820 }
ATF_TC_BODY(strcpy_heap_after_end,tc)1821 ATF_TC_BODY(strcpy_heap_after_end, tc)
1822 {
1823 #define BUF __stack.__buf
1824 struct {
1825 uint8_t padding_l;
1826 unsigned char * __buf;
1827 uint8_t padding_r;
1828 } __stack;
1829 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1830 const size_t __len = 42 + 1;
1831 const size_t __idx __unused = __len - 1;
1832 pid_t __child;
1833 int __status;
1834 char src[__len];
1835
1836 __child = fork();
1837 ATF_REQUIRE(__child >= 0);
1838 if (__child > 0)
1839 goto monitor;
1840
1841 /* Child */
1842 disable_coredumps();
1843 __stack.__buf = malloc(__bufsz);
1844 memset(__stack.__buf, 0, __len);
1845 memset(src, 'A', __len - 1);
1846 src[__len - 1] = '\0';
1847
1848 strcpy(__stack.__buf, src);
1849 _exit(EX_SOFTWARE); /* Should have aborted. */
1850
1851 monitor:
1852 while (waitpid(__child, &__status, 0) != __child) {
1853 ATF_REQUIRE_EQ(EINTR, errno);
1854 }
1855
1856 if (!WIFSIGNALED(__status)) {
1857 switch (WEXITSTATUS(__status)) {
1858 case EX_SOFTWARE:
1859 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1860 break;
1861 case EX_OSERR:
1862 atf_tc_fail("setrlimit(2) failed");
1863 break;
1864 default:
1865 atf_tc_fail("child exited with status %d",
1866 WEXITSTATUS(__status));
1867 }
1868 } else {
1869 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1870 }
1871 #undef BUF
1872
1873 }
1874
1875 ATF_TC(strlcpy_before_end);
ATF_TC_HEAD(strlcpy_before_end,tc)1876 ATF_TC_HEAD(strlcpy_before_end, tc)
1877 {
1878 }
ATF_TC_BODY(strlcpy_before_end,tc)1879 ATF_TC_BODY(strlcpy_before_end, tc)
1880 {
1881 #define BUF &__stack.__buf
1882 struct {
1883 uint8_t padding_l;
1884 unsigned char __buf[42];
1885 uint8_t padding_r;
1886 } __stack;
1887 const size_t __bufsz __unused = sizeof(__stack.__buf);
1888 const size_t __len = 42 - 1;
1889 const size_t __idx __unused = __len - 1;
1890 char src[__len];
1891
1892 memset(__stack.__buf, 0, __len);
1893 memset(src, 'A', __len - 1);
1894 src[__len - 1] = '\0';
1895
1896 strlcpy(__stack.__buf, src, __len);
1897 #undef BUF
1898
1899 }
1900
1901 ATF_TC(strlcpy_end);
ATF_TC_HEAD(strlcpy_end,tc)1902 ATF_TC_HEAD(strlcpy_end, tc)
1903 {
1904 }
ATF_TC_BODY(strlcpy_end,tc)1905 ATF_TC_BODY(strlcpy_end, tc)
1906 {
1907 #define BUF &__stack.__buf
1908 struct {
1909 uint8_t padding_l;
1910 unsigned char __buf[42];
1911 uint8_t padding_r;
1912 } __stack;
1913 const size_t __bufsz __unused = sizeof(__stack.__buf);
1914 const size_t __len = 42;
1915 const size_t __idx __unused = __len - 1;
1916 char src[__len];
1917
1918 memset(__stack.__buf, 0, __len);
1919 memset(src, 'A', __len - 1);
1920 src[__len - 1] = '\0';
1921
1922 strlcpy(__stack.__buf, src, __len);
1923 #undef BUF
1924
1925 }
1926
1927 ATF_TC(strlcpy_heap_before_end);
ATF_TC_HEAD(strlcpy_heap_before_end,tc)1928 ATF_TC_HEAD(strlcpy_heap_before_end, tc)
1929 {
1930 }
ATF_TC_BODY(strlcpy_heap_before_end,tc)1931 ATF_TC_BODY(strlcpy_heap_before_end, tc)
1932 {
1933 #define BUF __stack.__buf
1934 struct {
1935 uint8_t padding_l;
1936 unsigned char * __buf;
1937 uint8_t padding_r;
1938 } __stack;
1939 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1940 const size_t __len = 42 - 1;
1941 const size_t __idx __unused = __len - 1;
1942 char src[__len];
1943
1944 __stack.__buf = malloc(__bufsz);
1945 memset(__stack.__buf, 0, __len);
1946 memset(src, 'A', __len - 1);
1947 src[__len - 1] = '\0';
1948
1949 strlcpy(__stack.__buf, src, __len);
1950 #undef BUF
1951
1952 }
1953
1954 ATF_TC(strlcpy_heap_end);
ATF_TC_HEAD(strlcpy_heap_end,tc)1955 ATF_TC_HEAD(strlcpy_heap_end, tc)
1956 {
1957 }
ATF_TC_BODY(strlcpy_heap_end,tc)1958 ATF_TC_BODY(strlcpy_heap_end, tc)
1959 {
1960 #define BUF __stack.__buf
1961 struct {
1962 uint8_t padding_l;
1963 unsigned char * __buf;
1964 uint8_t padding_r;
1965 } __stack;
1966 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1967 const size_t __len = 42;
1968 const size_t __idx __unused = __len - 1;
1969 char src[__len];
1970
1971 __stack.__buf = malloc(__bufsz);
1972 memset(__stack.__buf, 0, __len);
1973 memset(src, 'A', __len - 1);
1974 src[__len - 1] = '\0';
1975
1976 strlcpy(__stack.__buf, src, __len);
1977 #undef BUF
1978
1979 }
1980
1981 ATF_TC(strlcpy_heap_after_end);
ATF_TC_HEAD(strlcpy_heap_after_end,tc)1982 ATF_TC_HEAD(strlcpy_heap_after_end, tc)
1983 {
1984 }
ATF_TC_BODY(strlcpy_heap_after_end,tc)1985 ATF_TC_BODY(strlcpy_heap_after_end, tc)
1986 {
1987 #define BUF __stack.__buf
1988 struct {
1989 uint8_t padding_l;
1990 unsigned char * __buf;
1991 uint8_t padding_r;
1992 } __stack;
1993 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1994 const size_t __len = 42 + 1;
1995 const size_t __idx __unused = __len - 1;
1996 pid_t __child;
1997 int __status;
1998 char src[__len];
1999
2000 __child = fork();
2001 ATF_REQUIRE(__child >= 0);
2002 if (__child > 0)
2003 goto monitor;
2004
2005 /* Child */
2006 disable_coredumps();
2007 __stack.__buf = malloc(__bufsz);
2008 memset(__stack.__buf, 0, __len);
2009 memset(src, 'A', __len - 1);
2010 src[__len - 1] = '\0';
2011
2012 strlcpy(__stack.__buf, src, __len);
2013 _exit(EX_SOFTWARE); /* Should have aborted. */
2014
2015 monitor:
2016 while (waitpid(__child, &__status, 0) != __child) {
2017 ATF_REQUIRE_EQ(EINTR, errno);
2018 }
2019
2020 if (!WIFSIGNALED(__status)) {
2021 switch (WEXITSTATUS(__status)) {
2022 case EX_SOFTWARE:
2023 atf_tc_fail("FORTIFY_SOURCE failed to abort");
2024 break;
2025 case EX_OSERR:
2026 atf_tc_fail("setrlimit(2) failed");
2027 break;
2028 default:
2029 atf_tc_fail("child exited with status %d",
2030 WEXITSTATUS(__status));
2031 }
2032 } else {
2033 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
2034 }
2035 #undef BUF
2036
2037 }
2038
2039 ATF_TC(strncpy_before_end);
ATF_TC_HEAD(strncpy_before_end,tc)2040 ATF_TC_HEAD(strncpy_before_end, tc)
2041 {
2042 }
ATF_TC_BODY(strncpy_before_end,tc)2043 ATF_TC_BODY(strncpy_before_end, tc)
2044 {
2045 #define BUF &__stack.__buf
2046 struct {
2047 uint8_t padding_l;
2048 unsigned char __buf[42];
2049 uint8_t padding_r;
2050 } __stack;
2051 const size_t __bufsz __unused = sizeof(__stack.__buf);
2052 const size_t __len = 42 - 1;
2053 const size_t __idx __unused = __len - 1;
2054 char src[__len];
2055
2056 memset(__stack.__buf, 0, __len);
2057 memset(src, 'A', __len - 1);
2058 src[__len - 1] = '\0';
2059
2060 strncpy(__stack.__buf, src, __len);
2061 #undef BUF
2062
2063 }
2064
2065 ATF_TC(strncpy_end);
ATF_TC_HEAD(strncpy_end,tc)2066 ATF_TC_HEAD(strncpy_end, tc)
2067 {
2068 }
ATF_TC_BODY(strncpy_end,tc)2069 ATF_TC_BODY(strncpy_end, tc)
2070 {
2071 #define BUF &__stack.__buf
2072 struct {
2073 uint8_t padding_l;
2074 unsigned char __buf[42];
2075 uint8_t padding_r;
2076 } __stack;
2077 const size_t __bufsz __unused = sizeof(__stack.__buf);
2078 const size_t __len = 42;
2079 const size_t __idx __unused = __len - 1;
2080 char src[__len];
2081
2082 memset(__stack.__buf, 0, __len);
2083 memset(src, 'A', __len - 1);
2084 src[__len - 1] = '\0';
2085
2086 strncpy(__stack.__buf, src, __len);
2087 #undef BUF
2088
2089 }
2090
2091 ATF_TC(strncpy_heap_before_end);
ATF_TC_HEAD(strncpy_heap_before_end,tc)2092 ATF_TC_HEAD(strncpy_heap_before_end, tc)
2093 {
2094 }
ATF_TC_BODY(strncpy_heap_before_end,tc)2095 ATF_TC_BODY(strncpy_heap_before_end, tc)
2096 {
2097 #define BUF __stack.__buf
2098 struct {
2099 uint8_t padding_l;
2100 unsigned char * __buf;
2101 uint8_t padding_r;
2102 } __stack;
2103 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
2104 const size_t __len = 42 - 1;
2105 const size_t __idx __unused = __len - 1;
2106 char src[__len];
2107
2108 __stack.__buf = malloc(__bufsz);
2109 memset(__stack.__buf, 0, __len);
2110 memset(src, 'A', __len - 1);
2111 src[__len - 1] = '\0';
2112
2113 strncpy(__stack.__buf, src, __len);
2114 #undef BUF
2115
2116 }
2117
2118 ATF_TC(strncpy_heap_end);
ATF_TC_HEAD(strncpy_heap_end,tc)2119 ATF_TC_HEAD(strncpy_heap_end, tc)
2120 {
2121 }
ATF_TC_BODY(strncpy_heap_end,tc)2122 ATF_TC_BODY(strncpy_heap_end, tc)
2123 {
2124 #define BUF __stack.__buf
2125 struct {
2126 uint8_t padding_l;
2127 unsigned char * __buf;
2128 uint8_t padding_r;
2129 } __stack;
2130 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
2131 const size_t __len = 42;
2132 const size_t __idx __unused = __len - 1;
2133 char src[__len];
2134
2135 __stack.__buf = malloc(__bufsz);
2136 memset(__stack.__buf, 0, __len);
2137 memset(src, 'A', __len - 1);
2138 src[__len - 1] = '\0';
2139
2140 strncpy(__stack.__buf, src, __len);
2141 #undef BUF
2142
2143 }
2144
2145 ATF_TC(strncpy_heap_after_end);
ATF_TC_HEAD(strncpy_heap_after_end,tc)2146 ATF_TC_HEAD(strncpy_heap_after_end, tc)
2147 {
2148 }
ATF_TC_BODY(strncpy_heap_after_end,tc)2149 ATF_TC_BODY(strncpy_heap_after_end, tc)
2150 {
2151 #define BUF __stack.__buf
2152 struct {
2153 uint8_t padding_l;
2154 unsigned char * __buf;
2155 uint8_t padding_r;
2156 } __stack;
2157 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
2158 const size_t __len = 42 + 1;
2159 const size_t __idx __unused = __len - 1;
2160 pid_t __child;
2161 int __status;
2162 char src[__len];
2163
2164 __child = fork();
2165 ATF_REQUIRE(__child >= 0);
2166 if (__child > 0)
2167 goto monitor;
2168
2169 /* Child */
2170 disable_coredumps();
2171 __stack.__buf = malloc(__bufsz);
2172 memset(__stack.__buf, 0, __len);
2173 memset(src, 'A', __len - 1);
2174 src[__len - 1] = '\0';
2175
2176 strncpy(__stack.__buf, src, __len);
2177 _exit(EX_SOFTWARE); /* Should have aborted. */
2178
2179 monitor:
2180 while (waitpid(__child, &__status, 0) != __child) {
2181 ATF_REQUIRE_EQ(EINTR, errno);
2182 }
2183
2184 if (!WIFSIGNALED(__status)) {
2185 switch (WEXITSTATUS(__status)) {
2186 case EX_SOFTWARE:
2187 atf_tc_fail("FORTIFY_SOURCE failed to abort");
2188 break;
2189 case EX_OSERR:
2190 atf_tc_fail("setrlimit(2) failed");
2191 break;
2192 default:
2193 atf_tc_fail("child exited with status %d",
2194 WEXITSTATUS(__status));
2195 }
2196 } else {
2197 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
2198 }
2199 #undef BUF
2200
2201 }
2202
ATF_TP_ADD_TCS(tp)2203 ATF_TP_ADD_TCS(tp)
2204 {
2205 ATF_TP_ADD_TC(tp, memcpy_before_end);
2206 ATF_TP_ADD_TC(tp, memcpy_end);
2207 ATF_TP_ADD_TC(tp, memcpy_heap_before_end);
2208 ATF_TP_ADD_TC(tp, memcpy_heap_end);
2209 ATF_TP_ADD_TC(tp, memcpy_heap_after_end);
2210 ATF_TP_ADD_TC(tp, mempcpy_before_end);
2211 ATF_TP_ADD_TC(tp, mempcpy_end);
2212 ATF_TP_ADD_TC(tp, mempcpy_heap_before_end);
2213 ATF_TP_ADD_TC(tp, mempcpy_heap_end);
2214 ATF_TP_ADD_TC(tp, mempcpy_heap_after_end);
2215 ATF_TP_ADD_TC(tp, memmove_before_end);
2216 ATF_TP_ADD_TC(tp, memmove_end);
2217 ATF_TP_ADD_TC(tp, memmove_heap_before_end);
2218 ATF_TP_ADD_TC(tp, memmove_heap_end);
2219 ATF_TP_ADD_TC(tp, memmove_heap_after_end);
2220 ATF_TP_ADD_TC(tp, memset_before_end);
2221 ATF_TP_ADD_TC(tp, memset_end);
2222 ATF_TP_ADD_TC(tp, memset_heap_before_end);
2223 ATF_TP_ADD_TC(tp, memset_heap_end);
2224 ATF_TP_ADD_TC(tp, memset_heap_after_end);
2225 ATF_TP_ADD_TC(tp, memset_explicit_before_end);
2226 ATF_TP_ADD_TC(tp, memset_explicit_end);
2227 ATF_TP_ADD_TC(tp, memset_explicit_heap_before_end);
2228 ATF_TP_ADD_TC(tp, memset_explicit_heap_end);
2229 ATF_TP_ADD_TC(tp, memset_explicit_heap_after_end);
2230 ATF_TP_ADD_TC(tp, stpcpy_before_end);
2231 ATF_TP_ADD_TC(tp, stpcpy_end);
2232 ATF_TP_ADD_TC(tp, stpcpy_heap_before_end);
2233 ATF_TP_ADD_TC(tp, stpcpy_heap_end);
2234 ATF_TP_ADD_TC(tp, stpcpy_heap_after_end);
2235 ATF_TP_ADD_TC(tp, stpncpy_before_end);
2236 ATF_TP_ADD_TC(tp, stpncpy_end);
2237 ATF_TP_ADD_TC(tp, stpncpy_heap_before_end);
2238 ATF_TP_ADD_TC(tp, stpncpy_heap_end);
2239 ATF_TP_ADD_TC(tp, stpncpy_heap_after_end);
2240 ATF_TP_ADD_TC(tp, strcat_before_end);
2241 ATF_TP_ADD_TC(tp, strcat_end);
2242 ATF_TP_ADD_TC(tp, strcat_heap_before_end);
2243 ATF_TP_ADD_TC(tp, strcat_heap_end);
2244 ATF_TP_ADD_TC(tp, strcat_heap_after_end);
2245 ATF_TP_ADD_TC(tp, strlcat_before_end);
2246 ATF_TP_ADD_TC(tp, strlcat_end);
2247 ATF_TP_ADD_TC(tp, strlcat_heap_before_end);
2248 ATF_TP_ADD_TC(tp, strlcat_heap_end);
2249 ATF_TP_ADD_TC(tp, strlcat_heap_after_end);
2250 ATF_TP_ADD_TC(tp, strncat_before_end);
2251 ATF_TP_ADD_TC(tp, strncat_end);
2252 ATF_TP_ADD_TC(tp, strncat_heap_before_end);
2253 ATF_TP_ADD_TC(tp, strncat_heap_end);
2254 ATF_TP_ADD_TC(tp, strncat_heap_after_end);
2255 ATF_TP_ADD_TC(tp, strcpy_before_end);
2256 ATF_TP_ADD_TC(tp, strcpy_end);
2257 ATF_TP_ADD_TC(tp, strcpy_heap_before_end);
2258 ATF_TP_ADD_TC(tp, strcpy_heap_end);
2259 ATF_TP_ADD_TC(tp, strcpy_heap_after_end);
2260 ATF_TP_ADD_TC(tp, strlcpy_before_end);
2261 ATF_TP_ADD_TC(tp, strlcpy_end);
2262 ATF_TP_ADD_TC(tp, strlcpy_heap_before_end);
2263 ATF_TP_ADD_TC(tp, strlcpy_heap_end);
2264 ATF_TP_ADD_TC(tp, strlcpy_heap_after_end);
2265 ATF_TP_ADD_TC(tp, strncpy_before_end);
2266 ATF_TP_ADD_TC(tp, strncpy_end);
2267 ATF_TP_ADD_TC(tp, strncpy_heap_before_end);
2268 ATF_TP_ADD_TC(tp, strncpy_heap_end);
2269 ATF_TP_ADD_TC(tp, strncpy_heap_after_end);
2270 return (atf_no_error());
2271 }
2272