1 /* @generated by `generate-fortify-tests.lua "string"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/random.h> 8 #include <sys/resource.h> 9 #include <sys/time.h> 10 #include <sys/wait.h> 11 #include <dirent.h> 12 #include <errno.h> 13 #include <fcntl.h> 14 #include <limits.h> 15 #include <poll.h> 16 #include <signal.h> 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <string.h> 20 #include <strings.h> 21 #include <sysexits.h> 22 #include <unistd.h> 23 #include <wchar.h> 24 #include <atf-c.h> 25 26 static FILE * __unused 27 new_fp(size_t __len) 28 { 29 static char fpbuf[LINE_MAX]; 30 FILE *fp; 31 32 ATF_REQUIRE(__len <= sizeof(fpbuf)); 33 34 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 35 fpbuf[sizeof(fpbuf) - 1] = '\0'; 36 37 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 38 ATF_REQUIRE(fp != NULL); 39 40 return (fp); 41 } 42 43 /* 44 * Create a new symlink to use for readlink(2) style tests, we'll just use a 45 * random target name to have something interesting to look at. 46 */ 47 static const char * __unused 48 new_symlink(size_t __len) 49 { 50 static const char linkname[] = "link"; 51 char target[MAXNAMLEN]; 52 int error; 53 54 ATF_REQUIRE(__len <= sizeof(target)); 55 56 arc4random_buf(target, sizeof(target)); 57 58 error = unlink(linkname); 59 ATF_REQUIRE(error == 0 || errno == ENOENT); 60 61 error = symlink(target, linkname); 62 ATF_REQUIRE(error == 0); 63 64 return (linkname); 65 } 66 67 /* 68 * Constructs a tmpfile that we can use for testing read(2) and friends. 69 */ 70 static int __unused 71 new_tmpfile(void) 72 { 73 char buf[1024]; 74 ssize_t rv; 75 size_t written; 76 int fd; 77 78 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 79 ATF_REQUIRE(fd >= 0); 80 81 written = 0; 82 while (written < TMPFILE_SIZE) { 83 rv = write(fd, buf, sizeof(buf)); 84 ATF_REQUIRE(rv > 0); 85 86 written += rv; 87 } 88 89 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 90 return (fd); 91 } 92 93 static void 94 disable_coredumps(void) 95 { 96 struct rlimit rl = { 0 }; 97 98 if (setrlimit(RLIMIT_CORE, &rl) == -1) 99 _exit(EX_OSERR); 100 } 101 102 /* 103 * Replaces stdin with a file that we can actually read from, for tests where 104 * we want a FILE * or fd that we can get data from. 105 */ 106 static void __unused 107 replace_stdin(void) 108 { 109 int fd; 110 111 fd = new_tmpfile(); 112 113 (void)dup2(fd, STDIN_FILENO); 114 if (fd != STDIN_FILENO) 115 close(fd); 116 } 117 118 ATF_TC_WITHOUT_HEAD(memcpy_before_end); 119 ATF_TC_BODY(memcpy_before_end, tc) 120 { 121 #define BUF &__stack.__buf 122 struct { 123 uint8_t padding_l; 124 unsigned char __buf[42]; 125 uint8_t padding_r; 126 } __stack; 127 const size_t __bufsz __unused = sizeof(__stack.__buf); 128 const size_t __len = 42 - 1; 129 const size_t __idx __unused = __len - 1; 130 char src[__len + 10]; 131 132 memcpy(__stack.__buf, src, __len); 133 #undef BUF 134 135 } 136 137 ATF_TC_WITHOUT_HEAD(memcpy_end); 138 ATF_TC_BODY(memcpy_end, tc) 139 { 140 #define BUF &__stack.__buf 141 struct { 142 uint8_t padding_l; 143 unsigned char __buf[42]; 144 uint8_t padding_r; 145 } __stack; 146 const size_t __bufsz __unused = sizeof(__stack.__buf); 147 const size_t __len = 42; 148 const size_t __idx __unused = __len - 1; 149 char src[__len + 10]; 150 151 memcpy(__stack.__buf, src, __len); 152 #undef BUF 153 154 } 155 156 ATF_TC_WITHOUT_HEAD(memcpy_heap_before_end); 157 ATF_TC_BODY(memcpy_heap_before_end, tc) 158 { 159 #define BUF __stack.__buf 160 struct { 161 uint8_t padding_l; 162 unsigned char * __buf; 163 uint8_t padding_r; 164 } __stack; 165 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 166 const size_t __len = 42 - 1; 167 const size_t __idx __unused = __len - 1; 168 char src[__len + 10]; 169 170 __stack.__buf = malloc(__bufsz); 171 172 memcpy(__stack.__buf, src, __len); 173 #undef BUF 174 175 } 176 177 ATF_TC_WITHOUT_HEAD(memcpy_heap_end); 178 ATF_TC_BODY(memcpy_heap_end, tc) 179 { 180 #define BUF __stack.__buf 181 struct { 182 uint8_t padding_l; 183 unsigned char * __buf; 184 uint8_t padding_r; 185 } __stack; 186 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 187 const size_t __len = 42; 188 const size_t __idx __unused = __len - 1; 189 char src[__len + 10]; 190 191 __stack.__buf = malloc(__bufsz); 192 193 memcpy(__stack.__buf, src, __len); 194 #undef BUF 195 196 } 197 198 ATF_TC_WITHOUT_HEAD(memcpy_heap_after_end); 199 ATF_TC_BODY(memcpy_heap_after_end, tc) 200 { 201 #define BUF __stack.__buf 202 struct { 203 uint8_t padding_l; 204 unsigned char * __buf; 205 uint8_t padding_r; 206 } __stack; 207 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 208 const size_t __len = 42 + 1; 209 const size_t __idx __unused = __len - 1; 210 pid_t __child; 211 int __status; 212 char src[__len + 10]; 213 214 __child = fork(); 215 ATF_REQUIRE(__child >= 0); 216 if (__child > 0) 217 goto monitor; 218 219 /* Child */ 220 disable_coredumps(); 221 __stack.__buf = malloc(__bufsz); 222 223 memcpy(__stack.__buf, src, __len); 224 _exit(EX_SOFTWARE); /* Should have aborted. */ 225 226 monitor: 227 while (waitpid(__child, &__status, 0) != __child) { 228 ATF_REQUIRE_EQ(EINTR, errno); 229 } 230 231 if (!WIFSIGNALED(__status)) { 232 switch (WEXITSTATUS(__status)) { 233 case EX_SOFTWARE: 234 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 235 break; 236 case EX_OSERR: 237 atf_tc_fail("setrlimit(2) failed"); 238 break; 239 default: 240 atf_tc_fail("child exited with status %d", 241 WEXITSTATUS(__status)); 242 } 243 } else { 244 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 245 } 246 #undef BUF 247 248 } 249 250 ATF_TC_WITHOUT_HEAD(mempcpy_before_end); 251 ATF_TC_BODY(mempcpy_before_end, tc) 252 { 253 #define BUF &__stack.__buf 254 struct { 255 uint8_t padding_l; 256 unsigned char __buf[42]; 257 uint8_t padding_r; 258 } __stack; 259 const size_t __bufsz __unused = sizeof(__stack.__buf); 260 const size_t __len = 42 - 1; 261 const size_t __idx __unused = __len - 1; 262 char src[__len + 10]; 263 264 mempcpy(__stack.__buf, src, __len); 265 #undef BUF 266 267 } 268 269 ATF_TC_WITHOUT_HEAD(mempcpy_end); 270 ATF_TC_BODY(mempcpy_end, tc) 271 { 272 #define BUF &__stack.__buf 273 struct { 274 uint8_t padding_l; 275 unsigned char __buf[42]; 276 uint8_t padding_r; 277 } __stack; 278 const size_t __bufsz __unused = sizeof(__stack.__buf); 279 const size_t __len = 42; 280 const size_t __idx __unused = __len - 1; 281 char src[__len + 10]; 282 283 mempcpy(__stack.__buf, src, __len); 284 #undef BUF 285 286 } 287 288 ATF_TC_WITHOUT_HEAD(mempcpy_heap_before_end); 289 ATF_TC_BODY(mempcpy_heap_before_end, tc) 290 { 291 #define BUF __stack.__buf 292 struct { 293 uint8_t padding_l; 294 unsigned char * __buf; 295 uint8_t padding_r; 296 } __stack; 297 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 298 const size_t __len = 42 - 1; 299 const size_t __idx __unused = __len - 1; 300 char src[__len + 10]; 301 302 __stack.__buf = malloc(__bufsz); 303 304 mempcpy(__stack.__buf, src, __len); 305 #undef BUF 306 307 } 308 309 ATF_TC_WITHOUT_HEAD(mempcpy_heap_end); 310 ATF_TC_BODY(mempcpy_heap_end, tc) 311 { 312 #define BUF __stack.__buf 313 struct { 314 uint8_t padding_l; 315 unsigned char * __buf; 316 uint8_t padding_r; 317 } __stack; 318 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 319 const size_t __len = 42; 320 const size_t __idx __unused = __len - 1; 321 char src[__len + 10]; 322 323 __stack.__buf = malloc(__bufsz); 324 325 mempcpy(__stack.__buf, src, __len); 326 #undef BUF 327 328 } 329 330 ATF_TC_WITHOUT_HEAD(mempcpy_heap_after_end); 331 ATF_TC_BODY(mempcpy_heap_after_end, tc) 332 { 333 #define BUF __stack.__buf 334 struct { 335 uint8_t padding_l; 336 unsigned char * __buf; 337 uint8_t padding_r; 338 } __stack; 339 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 340 const size_t __len = 42 + 1; 341 const size_t __idx __unused = __len - 1; 342 pid_t __child; 343 int __status; 344 char src[__len + 10]; 345 346 __child = fork(); 347 ATF_REQUIRE(__child >= 0); 348 if (__child > 0) 349 goto monitor; 350 351 /* Child */ 352 disable_coredumps(); 353 __stack.__buf = malloc(__bufsz); 354 355 mempcpy(__stack.__buf, src, __len); 356 _exit(EX_SOFTWARE); /* Should have aborted. */ 357 358 monitor: 359 while (waitpid(__child, &__status, 0) != __child) { 360 ATF_REQUIRE_EQ(EINTR, errno); 361 } 362 363 if (!WIFSIGNALED(__status)) { 364 switch (WEXITSTATUS(__status)) { 365 case EX_SOFTWARE: 366 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 367 break; 368 case EX_OSERR: 369 atf_tc_fail("setrlimit(2) failed"); 370 break; 371 default: 372 atf_tc_fail("child exited with status %d", 373 WEXITSTATUS(__status)); 374 } 375 } else { 376 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 377 } 378 #undef BUF 379 380 } 381 382 ATF_TC_WITHOUT_HEAD(memmove_before_end); 383 ATF_TC_BODY(memmove_before_end, tc) 384 { 385 #define BUF &__stack.__buf 386 struct { 387 uint8_t padding_l; 388 unsigned char __buf[42]; 389 uint8_t padding_r; 390 } __stack; 391 const size_t __bufsz __unused = sizeof(__stack.__buf); 392 const size_t __len = 42 - 1; 393 const size_t __idx __unused = __len - 1; 394 char src[__len + 10]; 395 396 memmove(__stack.__buf, src, __len); 397 #undef BUF 398 399 } 400 401 ATF_TC_WITHOUT_HEAD(memmove_end); 402 ATF_TC_BODY(memmove_end, tc) 403 { 404 #define BUF &__stack.__buf 405 struct { 406 uint8_t padding_l; 407 unsigned char __buf[42]; 408 uint8_t padding_r; 409 } __stack; 410 const size_t __bufsz __unused = sizeof(__stack.__buf); 411 const size_t __len = 42; 412 const size_t __idx __unused = __len - 1; 413 char src[__len + 10]; 414 415 memmove(__stack.__buf, src, __len); 416 #undef BUF 417 418 } 419 420 ATF_TC_WITHOUT_HEAD(memmove_heap_before_end); 421 ATF_TC_BODY(memmove_heap_before_end, tc) 422 { 423 #define BUF __stack.__buf 424 struct { 425 uint8_t padding_l; 426 unsigned char * __buf; 427 uint8_t padding_r; 428 } __stack; 429 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 430 const size_t __len = 42 - 1; 431 const size_t __idx __unused = __len - 1; 432 char src[__len + 10]; 433 434 __stack.__buf = malloc(__bufsz); 435 436 memmove(__stack.__buf, src, __len); 437 #undef BUF 438 439 } 440 441 ATF_TC_WITHOUT_HEAD(memmove_heap_end); 442 ATF_TC_BODY(memmove_heap_end, tc) 443 { 444 #define BUF __stack.__buf 445 struct { 446 uint8_t padding_l; 447 unsigned char * __buf; 448 uint8_t padding_r; 449 } __stack; 450 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 451 const size_t __len = 42; 452 const size_t __idx __unused = __len - 1; 453 char src[__len + 10]; 454 455 __stack.__buf = malloc(__bufsz); 456 457 memmove(__stack.__buf, src, __len); 458 #undef BUF 459 460 } 461 462 ATF_TC_WITHOUT_HEAD(memmove_heap_after_end); 463 ATF_TC_BODY(memmove_heap_after_end, tc) 464 { 465 #define BUF __stack.__buf 466 struct { 467 uint8_t padding_l; 468 unsigned char * __buf; 469 uint8_t padding_r; 470 } __stack; 471 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 472 const size_t __len = 42 + 1; 473 const size_t __idx __unused = __len - 1; 474 pid_t __child; 475 int __status; 476 char src[__len + 10]; 477 478 __child = fork(); 479 ATF_REQUIRE(__child >= 0); 480 if (__child > 0) 481 goto monitor; 482 483 /* Child */ 484 disable_coredumps(); 485 __stack.__buf = malloc(__bufsz); 486 487 memmove(__stack.__buf, src, __len); 488 _exit(EX_SOFTWARE); /* Should have aborted. */ 489 490 monitor: 491 while (waitpid(__child, &__status, 0) != __child) { 492 ATF_REQUIRE_EQ(EINTR, errno); 493 } 494 495 if (!WIFSIGNALED(__status)) { 496 switch (WEXITSTATUS(__status)) { 497 case EX_SOFTWARE: 498 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 499 break; 500 case EX_OSERR: 501 atf_tc_fail("setrlimit(2) failed"); 502 break; 503 default: 504 atf_tc_fail("child exited with status %d", 505 WEXITSTATUS(__status)); 506 } 507 } else { 508 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 509 } 510 #undef BUF 511 512 } 513 514 ATF_TC_WITHOUT_HEAD(memset_before_end); 515 ATF_TC_BODY(memset_before_end, tc) 516 { 517 #define BUF &__stack.__buf 518 struct { 519 uint8_t padding_l; 520 unsigned char __buf[42]; 521 uint8_t padding_r; 522 } __stack; 523 const size_t __bufsz __unused = sizeof(__stack.__buf); 524 const size_t __len = 42 - 1; 525 const size_t __idx __unused = __len - 1; 526 527 memset(__stack.__buf, 0, __len); 528 #undef BUF 529 530 } 531 532 ATF_TC_WITHOUT_HEAD(memset_end); 533 ATF_TC_BODY(memset_end, tc) 534 { 535 #define BUF &__stack.__buf 536 struct { 537 uint8_t padding_l; 538 unsigned char __buf[42]; 539 uint8_t padding_r; 540 } __stack; 541 const size_t __bufsz __unused = sizeof(__stack.__buf); 542 const size_t __len = 42; 543 const size_t __idx __unused = __len - 1; 544 545 memset(__stack.__buf, 0, __len); 546 #undef BUF 547 548 } 549 550 ATF_TC_WITHOUT_HEAD(memset_heap_before_end); 551 ATF_TC_BODY(memset_heap_before_end, tc) 552 { 553 #define BUF __stack.__buf 554 struct { 555 uint8_t padding_l; 556 unsigned char * __buf; 557 uint8_t padding_r; 558 } __stack; 559 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 560 const size_t __len = 42 - 1; 561 const size_t __idx __unused = __len - 1; 562 563 __stack.__buf = malloc(__bufsz); 564 565 memset(__stack.__buf, 0, __len); 566 #undef BUF 567 568 } 569 570 ATF_TC_WITHOUT_HEAD(memset_heap_end); 571 ATF_TC_BODY(memset_heap_end, tc) 572 { 573 #define BUF __stack.__buf 574 struct { 575 uint8_t padding_l; 576 unsigned char * __buf; 577 uint8_t padding_r; 578 } __stack; 579 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 580 const size_t __len = 42; 581 const size_t __idx __unused = __len - 1; 582 583 __stack.__buf = malloc(__bufsz); 584 585 memset(__stack.__buf, 0, __len); 586 #undef BUF 587 588 } 589 590 ATF_TC_WITHOUT_HEAD(memset_heap_after_end); 591 ATF_TC_BODY(memset_heap_after_end, tc) 592 { 593 #define BUF __stack.__buf 594 struct { 595 uint8_t padding_l; 596 unsigned char * __buf; 597 uint8_t padding_r; 598 } __stack; 599 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 600 const size_t __len = 42 + 1; 601 const size_t __idx __unused = __len - 1; 602 pid_t __child; 603 int __status; 604 605 __child = fork(); 606 ATF_REQUIRE(__child >= 0); 607 if (__child > 0) 608 goto monitor; 609 610 /* Child */ 611 disable_coredumps(); 612 __stack.__buf = malloc(__bufsz); 613 614 memset(__stack.__buf, 0, __len); 615 _exit(EX_SOFTWARE); /* Should have aborted. */ 616 617 monitor: 618 while (waitpid(__child, &__status, 0) != __child) { 619 ATF_REQUIRE_EQ(EINTR, errno); 620 } 621 622 if (!WIFSIGNALED(__status)) { 623 switch (WEXITSTATUS(__status)) { 624 case EX_SOFTWARE: 625 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 626 break; 627 case EX_OSERR: 628 atf_tc_fail("setrlimit(2) failed"); 629 break; 630 default: 631 atf_tc_fail("child exited with status %d", 632 WEXITSTATUS(__status)); 633 } 634 } else { 635 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 636 } 637 #undef BUF 638 639 } 640 641 ATF_TC_WITHOUT_HEAD(stpcpy_before_end); 642 ATF_TC_BODY(stpcpy_before_end, tc) 643 { 644 #define BUF &__stack.__buf 645 struct { 646 uint8_t padding_l; 647 unsigned char __buf[42]; 648 uint8_t padding_r; 649 } __stack; 650 const size_t __bufsz __unused = sizeof(__stack.__buf); 651 const size_t __len = 42 - 1; 652 const size_t __idx __unused = __len - 1; 653 char src[__len]; 654 655 memset(__stack.__buf, 0, __len); 656 memset(src, 'A', __len - 1); 657 src[__len - 1] = '\0'; 658 659 stpcpy(__stack.__buf, src); 660 #undef BUF 661 662 } 663 664 ATF_TC_WITHOUT_HEAD(stpcpy_end); 665 ATF_TC_BODY(stpcpy_end, tc) 666 { 667 #define BUF &__stack.__buf 668 struct { 669 uint8_t padding_l; 670 unsigned char __buf[42]; 671 uint8_t padding_r; 672 } __stack; 673 const size_t __bufsz __unused = sizeof(__stack.__buf); 674 const size_t __len = 42; 675 const size_t __idx __unused = __len - 1; 676 char src[__len]; 677 678 memset(__stack.__buf, 0, __len); 679 memset(src, 'A', __len - 1); 680 src[__len - 1] = '\0'; 681 682 stpcpy(__stack.__buf, src); 683 #undef BUF 684 685 } 686 687 ATF_TC_WITHOUT_HEAD(stpcpy_heap_before_end); 688 ATF_TC_BODY(stpcpy_heap_before_end, tc) 689 { 690 #define BUF __stack.__buf 691 struct { 692 uint8_t padding_l; 693 unsigned char * __buf; 694 uint8_t padding_r; 695 } __stack; 696 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 697 const size_t __len = 42 - 1; 698 const size_t __idx __unused = __len - 1; 699 char src[__len]; 700 701 __stack.__buf = malloc(__bufsz); 702 memset(__stack.__buf, 0, __len); 703 memset(src, 'A', __len - 1); 704 src[__len - 1] = '\0'; 705 706 stpcpy(__stack.__buf, src); 707 #undef BUF 708 709 } 710 711 ATF_TC_WITHOUT_HEAD(stpcpy_heap_end); 712 ATF_TC_BODY(stpcpy_heap_end, tc) 713 { 714 #define BUF __stack.__buf 715 struct { 716 uint8_t padding_l; 717 unsigned char * __buf; 718 uint8_t padding_r; 719 } __stack; 720 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 721 const size_t __len = 42; 722 const size_t __idx __unused = __len - 1; 723 char src[__len]; 724 725 __stack.__buf = malloc(__bufsz); 726 memset(__stack.__buf, 0, __len); 727 memset(src, 'A', __len - 1); 728 src[__len - 1] = '\0'; 729 730 stpcpy(__stack.__buf, src); 731 #undef BUF 732 733 } 734 735 ATF_TC_WITHOUT_HEAD(stpcpy_heap_after_end); 736 ATF_TC_BODY(stpcpy_heap_after_end, tc) 737 { 738 #define BUF __stack.__buf 739 struct { 740 uint8_t padding_l; 741 unsigned char * __buf; 742 uint8_t padding_r; 743 } __stack; 744 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 745 const size_t __len = 42 + 1; 746 const size_t __idx __unused = __len - 1; 747 pid_t __child; 748 int __status; 749 char src[__len]; 750 751 __child = fork(); 752 ATF_REQUIRE(__child >= 0); 753 if (__child > 0) 754 goto monitor; 755 756 /* Child */ 757 disable_coredumps(); 758 __stack.__buf = malloc(__bufsz); 759 memset(__stack.__buf, 0, __len); 760 memset(src, 'A', __len - 1); 761 src[__len - 1] = '\0'; 762 763 stpcpy(__stack.__buf, src); 764 _exit(EX_SOFTWARE); /* Should have aborted. */ 765 766 monitor: 767 while (waitpid(__child, &__status, 0) != __child) { 768 ATF_REQUIRE_EQ(EINTR, errno); 769 } 770 771 if (!WIFSIGNALED(__status)) { 772 switch (WEXITSTATUS(__status)) { 773 case EX_SOFTWARE: 774 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 775 break; 776 case EX_OSERR: 777 atf_tc_fail("setrlimit(2) failed"); 778 break; 779 default: 780 atf_tc_fail("child exited with status %d", 781 WEXITSTATUS(__status)); 782 } 783 } else { 784 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 785 } 786 #undef BUF 787 788 } 789 790 ATF_TC_WITHOUT_HEAD(stpncpy_before_end); 791 ATF_TC_BODY(stpncpy_before_end, tc) 792 { 793 #define BUF &__stack.__buf 794 struct { 795 uint8_t padding_l; 796 unsigned char __buf[42]; 797 uint8_t padding_r; 798 } __stack; 799 const size_t __bufsz __unused = sizeof(__stack.__buf); 800 const size_t __len = 42 - 1; 801 const size_t __idx __unused = __len - 1; 802 char src[__len]; 803 804 memset(__stack.__buf, 0, __len); 805 memset(src, 'A', __len - 1); 806 src[__len - 1] = '\0'; 807 808 stpncpy(__stack.__buf, src, __len); 809 #undef BUF 810 811 } 812 813 ATF_TC_WITHOUT_HEAD(stpncpy_end); 814 ATF_TC_BODY(stpncpy_end, tc) 815 { 816 #define BUF &__stack.__buf 817 struct { 818 uint8_t padding_l; 819 unsigned char __buf[42]; 820 uint8_t padding_r; 821 } __stack; 822 const size_t __bufsz __unused = sizeof(__stack.__buf); 823 const size_t __len = 42; 824 const size_t __idx __unused = __len - 1; 825 char src[__len]; 826 827 memset(__stack.__buf, 0, __len); 828 memset(src, 'A', __len - 1); 829 src[__len - 1] = '\0'; 830 831 stpncpy(__stack.__buf, src, __len); 832 #undef BUF 833 834 } 835 836 ATF_TC_WITHOUT_HEAD(stpncpy_heap_before_end); 837 ATF_TC_BODY(stpncpy_heap_before_end, tc) 838 { 839 #define BUF __stack.__buf 840 struct { 841 uint8_t padding_l; 842 unsigned char * __buf; 843 uint8_t padding_r; 844 } __stack; 845 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 846 const size_t __len = 42 - 1; 847 const size_t __idx __unused = __len - 1; 848 char src[__len]; 849 850 __stack.__buf = malloc(__bufsz); 851 memset(__stack.__buf, 0, __len); 852 memset(src, 'A', __len - 1); 853 src[__len - 1] = '\0'; 854 855 stpncpy(__stack.__buf, src, __len); 856 #undef BUF 857 858 } 859 860 ATF_TC_WITHOUT_HEAD(stpncpy_heap_end); 861 ATF_TC_BODY(stpncpy_heap_end, tc) 862 { 863 #define BUF __stack.__buf 864 struct { 865 uint8_t padding_l; 866 unsigned char * __buf; 867 uint8_t padding_r; 868 } __stack; 869 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 870 const size_t __len = 42; 871 const size_t __idx __unused = __len - 1; 872 char src[__len]; 873 874 __stack.__buf = malloc(__bufsz); 875 memset(__stack.__buf, 0, __len); 876 memset(src, 'A', __len - 1); 877 src[__len - 1] = '\0'; 878 879 stpncpy(__stack.__buf, src, __len); 880 #undef BUF 881 882 } 883 884 ATF_TC_WITHOUT_HEAD(stpncpy_heap_after_end); 885 ATF_TC_BODY(stpncpy_heap_after_end, tc) 886 { 887 #define BUF __stack.__buf 888 struct { 889 uint8_t padding_l; 890 unsigned char * __buf; 891 uint8_t padding_r; 892 } __stack; 893 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 894 const size_t __len = 42 + 1; 895 const size_t __idx __unused = __len - 1; 896 pid_t __child; 897 int __status; 898 char src[__len]; 899 900 __child = fork(); 901 ATF_REQUIRE(__child >= 0); 902 if (__child > 0) 903 goto monitor; 904 905 /* Child */ 906 disable_coredumps(); 907 __stack.__buf = malloc(__bufsz); 908 memset(__stack.__buf, 0, __len); 909 memset(src, 'A', __len - 1); 910 src[__len - 1] = '\0'; 911 912 stpncpy(__stack.__buf, src, __len); 913 _exit(EX_SOFTWARE); /* Should have aborted. */ 914 915 monitor: 916 while (waitpid(__child, &__status, 0) != __child) { 917 ATF_REQUIRE_EQ(EINTR, errno); 918 } 919 920 if (!WIFSIGNALED(__status)) { 921 switch (WEXITSTATUS(__status)) { 922 case EX_SOFTWARE: 923 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 924 break; 925 case EX_OSERR: 926 atf_tc_fail("setrlimit(2) failed"); 927 break; 928 default: 929 atf_tc_fail("child exited with status %d", 930 WEXITSTATUS(__status)); 931 } 932 } else { 933 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 934 } 935 #undef BUF 936 937 } 938 939 ATF_TC_WITHOUT_HEAD(strcat_before_end); 940 ATF_TC_BODY(strcat_before_end, tc) 941 { 942 #define BUF &__stack.__buf 943 struct { 944 uint8_t padding_l; 945 unsigned char __buf[42]; 946 uint8_t padding_r; 947 } __stack; 948 const size_t __bufsz __unused = sizeof(__stack.__buf); 949 const size_t __len = 42 - 1; 950 const size_t __idx __unused = __len - 1; 951 char src[__len]; 952 953 memset(__stack.__buf, 0, __len); 954 memset(src, 'A', __len - 1); 955 src[__len - 1] = '\0'; 956 957 strcat(__stack.__buf, src); 958 #undef BUF 959 960 } 961 962 ATF_TC_WITHOUT_HEAD(strcat_end); 963 ATF_TC_BODY(strcat_end, tc) 964 { 965 #define BUF &__stack.__buf 966 struct { 967 uint8_t padding_l; 968 unsigned char __buf[42]; 969 uint8_t padding_r; 970 } __stack; 971 const size_t __bufsz __unused = sizeof(__stack.__buf); 972 const size_t __len = 42; 973 const size_t __idx __unused = __len - 1; 974 char src[__len]; 975 976 memset(__stack.__buf, 0, __len); 977 memset(src, 'A', __len - 1); 978 src[__len - 1] = '\0'; 979 980 strcat(__stack.__buf, src); 981 #undef BUF 982 983 } 984 985 ATF_TC_WITHOUT_HEAD(strcat_heap_before_end); 986 ATF_TC_BODY(strcat_heap_before_end, tc) 987 { 988 #define BUF __stack.__buf 989 struct { 990 uint8_t padding_l; 991 unsigned char * __buf; 992 uint8_t padding_r; 993 } __stack; 994 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 995 const size_t __len = 42 - 1; 996 const size_t __idx __unused = __len - 1; 997 char src[__len]; 998 999 __stack.__buf = malloc(__bufsz); 1000 memset(__stack.__buf, 0, __len); 1001 memset(src, 'A', __len - 1); 1002 src[__len - 1] = '\0'; 1003 1004 strcat(__stack.__buf, src); 1005 #undef BUF 1006 1007 } 1008 1009 ATF_TC_WITHOUT_HEAD(strcat_heap_end); 1010 ATF_TC_BODY(strcat_heap_end, tc) 1011 { 1012 #define BUF __stack.__buf 1013 struct { 1014 uint8_t padding_l; 1015 unsigned char * __buf; 1016 uint8_t padding_r; 1017 } __stack; 1018 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1019 const size_t __len = 42; 1020 const size_t __idx __unused = __len - 1; 1021 char src[__len]; 1022 1023 __stack.__buf = malloc(__bufsz); 1024 memset(__stack.__buf, 0, __len); 1025 memset(src, 'A', __len - 1); 1026 src[__len - 1] = '\0'; 1027 1028 strcat(__stack.__buf, src); 1029 #undef BUF 1030 1031 } 1032 1033 ATF_TC_WITHOUT_HEAD(strcat_heap_after_end); 1034 ATF_TC_BODY(strcat_heap_after_end, tc) 1035 { 1036 #define BUF __stack.__buf 1037 struct { 1038 uint8_t padding_l; 1039 unsigned char * __buf; 1040 uint8_t padding_r; 1041 } __stack; 1042 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1043 const size_t __len = 42 + 1; 1044 const size_t __idx __unused = __len - 1; 1045 pid_t __child; 1046 int __status; 1047 char src[__len]; 1048 1049 __child = fork(); 1050 ATF_REQUIRE(__child >= 0); 1051 if (__child > 0) 1052 goto monitor; 1053 1054 /* Child */ 1055 disable_coredumps(); 1056 __stack.__buf = malloc(__bufsz); 1057 memset(__stack.__buf, 0, __len); 1058 memset(src, 'A', __len - 1); 1059 src[__len - 1] = '\0'; 1060 1061 strcat(__stack.__buf, src); 1062 _exit(EX_SOFTWARE); /* Should have aborted. */ 1063 1064 monitor: 1065 while (waitpid(__child, &__status, 0) != __child) { 1066 ATF_REQUIRE_EQ(EINTR, errno); 1067 } 1068 1069 if (!WIFSIGNALED(__status)) { 1070 switch (WEXITSTATUS(__status)) { 1071 case EX_SOFTWARE: 1072 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1073 break; 1074 case EX_OSERR: 1075 atf_tc_fail("setrlimit(2) failed"); 1076 break; 1077 default: 1078 atf_tc_fail("child exited with status %d", 1079 WEXITSTATUS(__status)); 1080 } 1081 } else { 1082 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1083 } 1084 #undef BUF 1085 1086 } 1087 1088 ATF_TC_WITHOUT_HEAD(strlcat_before_end); 1089 ATF_TC_BODY(strlcat_before_end, tc) 1090 { 1091 #define BUF &__stack.__buf 1092 struct { 1093 uint8_t padding_l; 1094 unsigned char __buf[42]; 1095 uint8_t padding_r; 1096 } __stack; 1097 const size_t __bufsz __unused = sizeof(__stack.__buf); 1098 const size_t __len = 42 - 1; 1099 const size_t __idx __unused = __len - 1; 1100 char src[__len]; 1101 1102 memset(__stack.__buf, 0, __len); 1103 memset(src, 'A', __len - 1); 1104 src[__len - 1] = '\0'; 1105 1106 strlcat(__stack.__buf, src, __len); 1107 #undef BUF 1108 1109 } 1110 1111 ATF_TC_WITHOUT_HEAD(strlcat_end); 1112 ATF_TC_BODY(strlcat_end, tc) 1113 { 1114 #define BUF &__stack.__buf 1115 struct { 1116 uint8_t padding_l; 1117 unsigned char __buf[42]; 1118 uint8_t padding_r; 1119 } __stack; 1120 const size_t __bufsz __unused = sizeof(__stack.__buf); 1121 const size_t __len = 42; 1122 const size_t __idx __unused = __len - 1; 1123 char src[__len]; 1124 1125 memset(__stack.__buf, 0, __len); 1126 memset(src, 'A', __len - 1); 1127 src[__len - 1] = '\0'; 1128 1129 strlcat(__stack.__buf, src, __len); 1130 #undef BUF 1131 1132 } 1133 1134 ATF_TC_WITHOUT_HEAD(strlcat_heap_before_end); 1135 ATF_TC_BODY(strlcat_heap_before_end, tc) 1136 { 1137 #define BUF __stack.__buf 1138 struct { 1139 uint8_t padding_l; 1140 unsigned char * __buf; 1141 uint8_t padding_r; 1142 } __stack; 1143 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1144 const size_t __len = 42 - 1; 1145 const size_t __idx __unused = __len - 1; 1146 char src[__len]; 1147 1148 __stack.__buf = malloc(__bufsz); 1149 memset(__stack.__buf, 0, __len); 1150 memset(src, 'A', __len - 1); 1151 src[__len - 1] = '\0'; 1152 1153 strlcat(__stack.__buf, src, __len); 1154 #undef BUF 1155 1156 } 1157 1158 ATF_TC_WITHOUT_HEAD(strlcat_heap_end); 1159 ATF_TC_BODY(strlcat_heap_end, tc) 1160 { 1161 #define BUF __stack.__buf 1162 struct { 1163 uint8_t padding_l; 1164 unsigned char * __buf; 1165 uint8_t padding_r; 1166 } __stack; 1167 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1168 const size_t __len = 42; 1169 const size_t __idx __unused = __len - 1; 1170 char src[__len]; 1171 1172 __stack.__buf = malloc(__bufsz); 1173 memset(__stack.__buf, 0, __len); 1174 memset(src, 'A', __len - 1); 1175 src[__len - 1] = '\0'; 1176 1177 strlcat(__stack.__buf, src, __len); 1178 #undef BUF 1179 1180 } 1181 1182 ATF_TC_WITHOUT_HEAD(strlcat_heap_after_end); 1183 ATF_TC_BODY(strlcat_heap_after_end, tc) 1184 { 1185 #define BUF __stack.__buf 1186 struct { 1187 uint8_t padding_l; 1188 unsigned char * __buf; 1189 uint8_t padding_r; 1190 } __stack; 1191 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1192 const size_t __len = 42 + 1; 1193 const size_t __idx __unused = __len - 1; 1194 pid_t __child; 1195 int __status; 1196 char src[__len]; 1197 1198 __child = fork(); 1199 ATF_REQUIRE(__child >= 0); 1200 if (__child > 0) 1201 goto monitor; 1202 1203 /* Child */ 1204 disable_coredumps(); 1205 __stack.__buf = malloc(__bufsz); 1206 memset(__stack.__buf, 0, __len); 1207 memset(src, 'A', __len - 1); 1208 src[__len - 1] = '\0'; 1209 1210 strlcat(__stack.__buf, src, __len); 1211 _exit(EX_SOFTWARE); /* Should have aborted. */ 1212 1213 monitor: 1214 while (waitpid(__child, &__status, 0) != __child) { 1215 ATF_REQUIRE_EQ(EINTR, errno); 1216 } 1217 1218 if (!WIFSIGNALED(__status)) { 1219 switch (WEXITSTATUS(__status)) { 1220 case EX_SOFTWARE: 1221 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1222 break; 1223 case EX_OSERR: 1224 atf_tc_fail("setrlimit(2) failed"); 1225 break; 1226 default: 1227 atf_tc_fail("child exited with status %d", 1228 WEXITSTATUS(__status)); 1229 } 1230 } else { 1231 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1232 } 1233 #undef BUF 1234 1235 } 1236 1237 ATF_TC_WITHOUT_HEAD(strncat_before_end); 1238 ATF_TC_BODY(strncat_before_end, tc) 1239 { 1240 #define BUF &__stack.__buf 1241 struct { 1242 uint8_t padding_l; 1243 unsigned char __buf[42]; 1244 uint8_t padding_r; 1245 } __stack; 1246 const size_t __bufsz __unused = sizeof(__stack.__buf); 1247 const size_t __len = 42 - 1; 1248 const size_t __idx __unused = __len - 1; 1249 char src[__len]; 1250 1251 memset(__stack.__buf, 0, __len); 1252 memset(src, 'A', __len - 1); 1253 src[__len - 1] = '\0'; 1254 1255 strncat(__stack.__buf, src, __len); 1256 #undef BUF 1257 1258 } 1259 1260 ATF_TC_WITHOUT_HEAD(strncat_end); 1261 ATF_TC_BODY(strncat_end, tc) 1262 { 1263 #define BUF &__stack.__buf 1264 struct { 1265 uint8_t padding_l; 1266 unsigned char __buf[42]; 1267 uint8_t padding_r; 1268 } __stack; 1269 const size_t __bufsz __unused = sizeof(__stack.__buf); 1270 const size_t __len = 42; 1271 const size_t __idx __unused = __len - 1; 1272 char src[__len]; 1273 1274 memset(__stack.__buf, 0, __len); 1275 memset(src, 'A', __len - 1); 1276 src[__len - 1] = '\0'; 1277 1278 strncat(__stack.__buf, src, __len); 1279 #undef BUF 1280 1281 } 1282 1283 ATF_TC_WITHOUT_HEAD(strncat_heap_before_end); 1284 ATF_TC_BODY(strncat_heap_before_end, tc) 1285 { 1286 #define BUF __stack.__buf 1287 struct { 1288 uint8_t padding_l; 1289 unsigned char * __buf; 1290 uint8_t padding_r; 1291 } __stack; 1292 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1293 const size_t __len = 42 - 1; 1294 const size_t __idx __unused = __len - 1; 1295 char src[__len]; 1296 1297 __stack.__buf = malloc(__bufsz); 1298 memset(__stack.__buf, 0, __len); 1299 memset(src, 'A', __len - 1); 1300 src[__len - 1] = '\0'; 1301 1302 strncat(__stack.__buf, src, __len); 1303 #undef BUF 1304 1305 } 1306 1307 ATF_TC_WITHOUT_HEAD(strncat_heap_end); 1308 ATF_TC_BODY(strncat_heap_end, tc) 1309 { 1310 #define BUF __stack.__buf 1311 struct { 1312 uint8_t padding_l; 1313 unsigned char * __buf; 1314 uint8_t padding_r; 1315 } __stack; 1316 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1317 const size_t __len = 42; 1318 const size_t __idx __unused = __len - 1; 1319 char src[__len]; 1320 1321 __stack.__buf = malloc(__bufsz); 1322 memset(__stack.__buf, 0, __len); 1323 memset(src, 'A', __len - 1); 1324 src[__len - 1] = '\0'; 1325 1326 strncat(__stack.__buf, src, __len); 1327 #undef BUF 1328 1329 } 1330 1331 ATF_TC_WITHOUT_HEAD(strncat_heap_after_end); 1332 ATF_TC_BODY(strncat_heap_after_end, tc) 1333 { 1334 #define BUF __stack.__buf 1335 struct { 1336 uint8_t padding_l; 1337 unsigned char * __buf; 1338 uint8_t padding_r; 1339 } __stack; 1340 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1341 const size_t __len = 42 + 1; 1342 const size_t __idx __unused = __len - 1; 1343 pid_t __child; 1344 int __status; 1345 char src[__len]; 1346 1347 __child = fork(); 1348 ATF_REQUIRE(__child >= 0); 1349 if (__child > 0) 1350 goto monitor; 1351 1352 /* Child */ 1353 disable_coredumps(); 1354 __stack.__buf = malloc(__bufsz); 1355 memset(__stack.__buf, 0, __len); 1356 memset(src, 'A', __len - 1); 1357 src[__len - 1] = '\0'; 1358 1359 strncat(__stack.__buf, src, __len); 1360 _exit(EX_SOFTWARE); /* Should have aborted. */ 1361 1362 monitor: 1363 while (waitpid(__child, &__status, 0) != __child) { 1364 ATF_REQUIRE_EQ(EINTR, errno); 1365 } 1366 1367 if (!WIFSIGNALED(__status)) { 1368 switch (WEXITSTATUS(__status)) { 1369 case EX_SOFTWARE: 1370 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1371 break; 1372 case EX_OSERR: 1373 atf_tc_fail("setrlimit(2) failed"); 1374 break; 1375 default: 1376 atf_tc_fail("child exited with status %d", 1377 WEXITSTATUS(__status)); 1378 } 1379 } else { 1380 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1381 } 1382 #undef BUF 1383 1384 } 1385 1386 ATF_TC_WITHOUT_HEAD(strcpy_before_end); 1387 ATF_TC_BODY(strcpy_before_end, tc) 1388 { 1389 #define BUF &__stack.__buf 1390 struct { 1391 uint8_t padding_l; 1392 unsigned char __buf[42]; 1393 uint8_t padding_r; 1394 } __stack; 1395 const size_t __bufsz __unused = sizeof(__stack.__buf); 1396 const size_t __len = 42 - 1; 1397 const size_t __idx __unused = __len - 1; 1398 char src[__len]; 1399 1400 memset(__stack.__buf, 0, __len); 1401 memset(src, 'A', __len - 1); 1402 src[__len - 1] = '\0'; 1403 1404 strcpy(__stack.__buf, src); 1405 #undef BUF 1406 1407 } 1408 1409 ATF_TC_WITHOUT_HEAD(strcpy_end); 1410 ATF_TC_BODY(strcpy_end, tc) 1411 { 1412 #define BUF &__stack.__buf 1413 struct { 1414 uint8_t padding_l; 1415 unsigned char __buf[42]; 1416 uint8_t padding_r; 1417 } __stack; 1418 const size_t __bufsz __unused = sizeof(__stack.__buf); 1419 const size_t __len = 42; 1420 const size_t __idx __unused = __len - 1; 1421 char src[__len]; 1422 1423 memset(__stack.__buf, 0, __len); 1424 memset(src, 'A', __len - 1); 1425 src[__len - 1] = '\0'; 1426 1427 strcpy(__stack.__buf, src); 1428 #undef BUF 1429 1430 } 1431 1432 ATF_TC_WITHOUT_HEAD(strcpy_heap_before_end); 1433 ATF_TC_BODY(strcpy_heap_before_end, tc) 1434 { 1435 #define BUF __stack.__buf 1436 struct { 1437 uint8_t padding_l; 1438 unsigned char * __buf; 1439 uint8_t padding_r; 1440 } __stack; 1441 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1442 const size_t __len = 42 - 1; 1443 const size_t __idx __unused = __len - 1; 1444 char src[__len]; 1445 1446 __stack.__buf = malloc(__bufsz); 1447 memset(__stack.__buf, 0, __len); 1448 memset(src, 'A', __len - 1); 1449 src[__len - 1] = '\0'; 1450 1451 strcpy(__stack.__buf, src); 1452 #undef BUF 1453 1454 } 1455 1456 ATF_TC_WITHOUT_HEAD(strcpy_heap_end); 1457 ATF_TC_BODY(strcpy_heap_end, tc) 1458 { 1459 #define BUF __stack.__buf 1460 struct { 1461 uint8_t padding_l; 1462 unsigned char * __buf; 1463 uint8_t padding_r; 1464 } __stack; 1465 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1466 const size_t __len = 42; 1467 const size_t __idx __unused = __len - 1; 1468 char src[__len]; 1469 1470 __stack.__buf = malloc(__bufsz); 1471 memset(__stack.__buf, 0, __len); 1472 memset(src, 'A', __len - 1); 1473 src[__len - 1] = '\0'; 1474 1475 strcpy(__stack.__buf, src); 1476 #undef BUF 1477 1478 } 1479 1480 ATF_TC_WITHOUT_HEAD(strcpy_heap_after_end); 1481 ATF_TC_BODY(strcpy_heap_after_end, tc) 1482 { 1483 #define BUF __stack.__buf 1484 struct { 1485 uint8_t padding_l; 1486 unsigned char * __buf; 1487 uint8_t padding_r; 1488 } __stack; 1489 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1490 const size_t __len = 42 + 1; 1491 const size_t __idx __unused = __len - 1; 1492 pid_t __child; 1493 int __status; 1494 char src[__len]; 1495 1496 __child = fork(); 1497 ATF_REQUIRE(__child >= 0); 1498 if (__child > 0) 1499 goto monitor; 1500 1501 /* Child */ 1502 disable_coredumps(); 1503 __stack.__buf = malloc(__bufsz); 1504 memset(__stack.__buf, 0, __len); 1505 memset(src, 'A', __len - 1); 1506 src[__len - 1] = '\0'; 1507 1508 strcpy(__stack.__buf, src); 1509 _exit(EX_SOFTWARE); /* Should have aborted. */ 1510 1511 monitor: 1512 while (waitpid(__child, &__status, 0) != __child) { 1513 ATF_REQUIRE_EQ(EINTR, errno); 1514 } 1515 1516 if (!WIFSIGNALED(__status)) { 1517 switch (WEXITSTATUS(__status)) { 1518 case EX_SOFTWARE: 1519 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1520 break; 1521 case EX_OSERR: 1522 atf_tc_fail("setrlimit(2) failed"); 1523 break; 1524 default: 1525 atf_tc_fail("child exited with status %d", 1526 WEXITSTATUS(__status)); 1527 } 1528 } else { 1529 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1530 } 1531 #undef BUF 1532 1533 } 1534 1535 ATF_TC_WITHOUT_HEAD(strlcpy_before_end); 1536 ATF_TC_BODY(strlcpy_before_end, tc) 1537 { 1538 #define BUF &__stack.__buf 1539 struct { 1540 uint8_t padding_l; 1541 unsigned char __buf[42]; 1542 uint8_t padding_r; 1543 } __stack; 1544 const size_t __bufsz __unused = sizeof(__stack.__buf); 1545 const size_t __len = 42 - 1; 1546 const size_t __idx __unused = __len - 1; 1547 char src[__len]; 1548 1549 memset(__stack.__buf, 0, __len); 1550 memset(src, 'A', __len - 1); 1551 src[__len - 1] = '\0'; 1552 1553 strlcpy(__stack.__buf, src, __len); 1554 #undef BUF 1555 1556 } 1557 1558 ATF_TC_WITHOUT_HEAD(strlcpy_end); 1559 ATF_TC_BODY(strlcpy_end, tc) 1560 { 1561 #define BUF &__stack.__buf 1562 struct { 1563 uint8_t padding_l; 1564 unsigned char __buf[42]; 1565 uint8_t padding_r; 1566 } __stack; 1567 const size_t __bufsz __unused = sizeof(__stack.__buf); 1568 const size_t __len = 42; 1569 const size_t __idx __unused = __len - 1; 1570 char src[__len]; 1571 1572 memset(__stack.__buf, 0, __len); 1573 memset(src, 'A', __len - 1); 1574 src[__len - 1] = '\0'; 1575 1576 strlcpy(__stack.__buf, src, __len); 1577 #undef BUF 1578 1579 } 1580 1581 ATF_TC_WITHOUT_HEAD(strlcpy_heap_before_end); 1582 ATF_TC_BODY(strlcpy_heap_before_end, tc) 1583 { 1584 #define BUF __stack.__buf 1585 struct { 1586 uint8_t padding_l; 1587 unsigned char * __buf; 1588 uint8_t padding_r; 1589 } __stack; 1590 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1591 const size_t __len = 42 - 1; 1592 const size_t __idx __unused = __len - 1; 1593 char src[__len]; 1594 1595 __stack.__buf = malloc(__bufsz); 1596 memset(__stack.__buf, 0, __len); 1597 memset(src, 'A', __len - 1); 1598 src[__len - 1] = '\0'; 1599 1600 strlcpy(__stack.__buf, src, __len); 1601 #undef BUF 1602 1603 } 1604 1605 ATF_TC_WITHOUT_HEAD(strlcpy_heap_end); 1606 ATF_TC_BODY(strlcpy_heap_end, tc) 1607 { 1608 #define BUF __stack.__buf 1609 struct { 1610 uint8_t padding_l; 1611 unsigned char * __buf; 1612 uint8_t padding_r; 1613 } __stack; 1614 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1615 const size_t __len = 42; 1616 const size_t __idx __unused = __len - 1; 1617 char src[__len]; 1618 1619 __stack.__buf = malloc(__bufsz); 1620 memset(__stack.__buf, 0, __len); 1621 memset(src, 'A', __len - 1); 1622 src[__len - 1] = '\0'; 1623 1624 strlcpy(__stack.__buf, src, __len); 1625 #undef BUF 1626 1627 } 1628 1629 ATF_TC_WITHOUT_HEAD(strlcpy_heap_after_end); 1630 ATF_TC_BODY(strlcpy_heap_after_end, tc) 1631 { 1632 #define BUF __stack.__buf 1633 struct { 1634 uint8_t padding_l; 1635 unsigned char * __buf; 1636 uint8_t padding_r; 1637 } __stack; 1638 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1639 const size_t __len = 42 + 1; 1640 const size_t __idx __unused = __len - 1; 1641 pid_t __child; 1642 int __status; 1643 char src[__len]; 1644 1645 __child = fork(); 1646 ATF_REQUIRE(__child >= 0); 1647 if (__child > 0) 1648 goto monitor; 1649 1650 /* Child */ 1651 disable_coredumps(); 1652 __stack.__buf = malloc(__bufsz); 1653 memset(__stack.__buf, 0, __len); 1654 memset(src, 'A', __len - 1); 1655 src[__len - 1] = '\0'; 1656 1657 strlcpy(__stack.__buf, src, __len); 1658 _exit(EX_SOFTWARE); /* Should have aborted. */ 1659 1660 monitor: 1661 while (waitpid(__child, &__status, 0) != __child) { 1662 ATF_REQUIRE_EQ(EINTR, errno); 1663 } 1664 1665 if (!WIFSIGNALED(__status)) { 1666 switch (WEXITSTATUS(__status)) { 1667 case EX_SOFTWARE: 1668 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1669 break; 1670 case EX_OSERR: 1671 atf_tc_fail("setrlimit(2) failed"); 1672 break; 1673 default: 1674 atf_tc_fail("child exited with status %d", 1675 WEXITSTATUS(__status)); 1676 } 1677 } else { 1678 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1679 } 1680 #undef BUF 1681 1682 } 1683 1684 ATF_TC_WITHOUT_HEAD(strncpy_before_end); 1685 ATF_TC_BODY(strncpy_before_end, tc) 1686 { 1687 #define BUF &__stack.__buf 1688 struct { 1689 uint8_t padding_l; 1690 unsigned char __buf[42]; 1691 uint8_t padding_r; 1692 } __stack; 1693 const size_t __bufsz __unused = sizeof(__stack.__buf); 1694 const size_t __len = 42 - 1; 1695 const size_t __idx __unused = __len - 1; 1696 char src[__len]; 1697 1698 memset(__stack.__buf, 0, __len); 1699 memset(src, 'A', __len - 1); 1700 src[__len - 1] = '\0'; 1701 1702 strncpy(__stack.__buf, src, __len); 1703 #undef BUF 1704 1705 } 1706 1707 ATF_TC_WITHOUT_HEAD(strncpy_end); 1708 ATF_TC_BODY(strncpy_end, tc) 1709 { 1710 #define BUF &__stack.__buf 1711 struct { 1712 uint8_t padding_l; 1713 unsigned char __buf[42]; 1714 uint8_t padding_r; 1715 } __stack; 1716 const size_t __bufsz __unused = sizeof(__stack.__buf); 1717 const size_t __len = 42; 1718 const size_t __idx __unused = __len - 1; 1719 char src[__len]; 1720 1721 memset(__stack.__buf, 0, __len); 1722 memset(src, 'A', __len - 1); 1723 src[__len - 1] = '\0'; 1724 1725 strncpy(__stack.__buf, src, __len); 1726 #undef BUF 1727 1728 } 1729 1730 ATF_TC_WITHOUT_HEAD(strncpy_heap_before_end); 1731 ATF_TC_BODY(strncpy_heap_before_end, tc) 1732 { 1733 #define BUF __stack.__buf 1734 struct { 1735 uint8_t padding_l; 1736 unsigned char * __buf; 1737 uint8_t padding_r; 1738 } __stack; 1739 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1740 const size_t __len = 42 - 1; 1741 const size_t __idx __unused = __len - 1; 1742 char src[__len]; 1743 1744 __stack.__buf = malloc(__bufsz); 1745 memset(__stack.__buf, 0, __len); 1746 memset(src, 'A', __len - 1); 1747 src[__len - 1] = '\0'; 1748 1749 strncpy(__stack.__buf, src, __len); 1750 #undef BUF 1751 1752 } 1753 1754 ATF_TC_WITHOUT_HEAD(strncpy_heap_end); 1755 ATF_TC_BODY(strncpy_heap_end, tc) 1756 { 1757 #define BUF __stack.__buf 1758 struct { 1759 uint8_t padding_l; 1760 unsigned char * __buf; 1761 uint8_t padding_r; 1762 } __stack; 1763 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1764 const size_t __len = 42; 1765 const size_t __idx __unused = __len - 1; 1766 char src[__len]; 1767 1768 __stack.__buf = malloc(__bufsz); 1769 memset(__stack.__buf, 0, __len); 1770 memset(src, 'A', __len - 1); 1771 src[__len - 1] = '\0'; 1772 1773 strncpy(__stack.__buf, src, __len); 1774 #undef BUF 1775 1776 } 1777 1778 ATF_TC_WITHOUT_HEAD(strncpy_heap_after_end); 1779 ATF_TC_BODY(strncpy_heap_after_end, tc) 1780 { 1781 #define BUF __stack.__buf 1782 struct { 1783 uint8_t padding_l; 1784 unsigned char * __buf; 1785 uint8_t padding_r; 1786 } __stack; 1787 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1788 const size_t __len = 42 + 1; 1789 const size_t __idx __unused = __len - 1; 1790 pid_t __child; 1791 int __status; 1792 char src[__len]; 1793 1794 __child = fork(); 1795 ATF_REQUIRE(__child >= 0); 1796 if (__child > 0) 1797 goto monitor; 1798 1799 /* Child */ 1800 disable_coredumps(); 1801 __stack.__buf = malloc(__bufsz); 1802 memset(__stack.__buf, 0, __len); 1803 memset(src, 'A', __len - 1); 1804 src[__len - 1] = '\0'; 1805 1806 strncpy(__stack.__buf, src, __len); 1807 _exit(EX_SOFTWARE); /* Should have aborted. */ 1808 1809 monitor: 1810 while (waitpid(__child, &__status, 0) != __child) { 1811 ATF_REQUIRE_EQ(EINTR, errno); 1812 } 1813 1814 if (!WIFSIGNALED(__status)) { 1815 switch (WEXITSTATUS(__status)) { 1816 case EX_SOFTWARE: 1817 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1818 break; 1819 case EX_OSERR: 1820 atf_tc_fail("setrlimit(2) failed"); 1821 break; 1822 default: 1823 atf_tc_fail("child exited with status %d", 1824 WEXITSTATUS(__status)); 1825 } 1826 } else { 1827 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1828 } 1829 #undef BUF 1830 1831 } 1832 1833 ATF_TP_ADD_TCS(tp) 1834 { 1835 ATF_TP_ADD_TC(tp, memcpy_before_end); 1836 ATF_TP_ADD_TC(tp, memcpy_end); 1837 ATF_TP_ADD_TC(tp, memcpy_heap_before_end); 1838 ATF_TP_ADD_TC(tp, memcpy_heap_end); 1839 ATF_TP_ADD_TC(tp, memcpy_heap_after_end); 1840 ATF_TP_ADD_TC(tp, mempcpy_before_end); 1841 ATF_TP_ADD_TC(tp, mempcpy_end); 1842 ATF_TP_ADD_TC(tp, mempcpy_heap_before_end); 1843 ATF_TP_ADD_TC(tp, mempcpy_heap_end); 1844 ATF_TP_ADD_TC(tp, mempcpy_heap_after_end); 1845 ATF_TP_ADD_TC(tp, memmove_before_end); 1846 ATF_TP_ADD_TC(tp, memmove_end); 1847 ATF_TP_ADD_TC(tp, memmove_heap_before_end); 1848 ATF_TP_ADD_TC(tp, memmove_heap_end); 1849 ATF_TP_ADD_TC(tp, memmove_heap_after_end); 1850 ATF_TP_ADD_TC(tp, memset_before_end); 1851 ATF_TP_ADD_TC(tp, memset_end); 1852 ATF_TP_ADD_TC(tp, memset_heap_before_end); 1853 ATF_TP_ADD_TC(tp, memset_heap_end); 1854 ATF_TP_ADD_TC(tp, memset_heap_after_end); 1855 ATF_TP_ADD_TC(tp, stpcpy_before_end); 1856 ATF_TP_ADD_TC(tp, stpcpy_end); 1857 ATF_TP_ADD_TC(tp, stpcpy_heap_before_end); 1858 ATF_TP_ADD_TC(tp, stpcpy_heap_end); 1859 ATF_TP_ADD_TC(tp, stpcpy_heap_after_end); 1860 ATF_TP_ADD_TC(tp, stpncpy_before_end); 1861 ATF_TP_ADD_TC(tp, stpncpy_end); 1862 ATF_TP_ADD_TC(tp, stpncpy_heap_before_end); 1863 ATF_TP_ADD_TC(tp, stpncpy_heap_end); 1864 ATF_TP_ADD_TC(tp, stpncpy_heap_after_end); 1865 ATF_TP_ADD_TC(tp, strcat_before_end); 1866 ATF_TP_ADD_TC(tp, strcat_end); 1867 ATF_TP_ADD_TC(tp, strcat_heap_before_end); 1868 ATF_TP_ADD_TC(tp, strcat_heap_end); 1869 ATF_TP_ADD_TC(tp, strcat_heap_after_end); 1870 ATF_TP_ADD_TC(tp, strlcat_before_end); 1871 ATF_TP_ADD_TC(tp, strlcat_end); 1872 ATF_TP_ADD_TC(tp, strlcat_heap_before_end); 1873 ATF_TP_ADD_TC(tp, strlcat_heap_end); 1874 ATF_TP_ADD_TC(tp, strlcat_heap_after_end); 1875 ATF_TP_ADD_TC(tp, strncat_before_end); 1876 ATF_TP_ADD_TC(tp, strncat_end); 1877 ATF_TP_ADD_TC(tp, strncat_heap_before_end); 1878 ATF_TP_ADD_TC(tp, strncat_heap_end); 1879 ATF_TP_ADD_TC(tp, strncat_heap_after_end); 1880 ATF_TP_ADD_TC(tp, strcpy_before_end); 1881 ATF_TP_ADD_TC(tp, strcpy_end); 1882 ATF_TP_ADD_TC(tp, strcpy_heap_before_end); 1883 ATF_TP_ADD_TC(tp, strcpy_heap_end); 1884 ATF_TP_ADD_TC(tp, strcpy_heap_after_end); 1885 ATF_TP_ADD_TC(tp, strlcpy_before_end); 1886 ATF_TP_ADD_TC(tp, strlcpy_end); 1887 ATF_TP_ADD_TC(tp, strlcpy_heap_before_end); 1888 ATF_TP_ADD_TC(tp, strlcpy_heap_end); 1889 ATF_TP_ADD_TC(tp, strlcpy_heap_after_end); 1890 ATF_TP_ADD_TC(tp, strncpy_before_end); 1891 ATF_TP_ADD_TC(tp, strncpy_end); 1892 ATF_TP_ADD_TC(tp, strncpy_heap_before_end); 1893 ATF_TP_ADD_TC(tp, strncpy_heap_end); 1894 ATF_TP_ADD_TC(tp, strncpy_heap_after_end); 1895 return (atf_no_error()); 1896 } 1897