1 /* @generated by `generate-fortify-tests.lua "string"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/random.h> 8 #include <sys/resource.h> 9 #include <sys/select.h> 10 #include <sys/socket.h> 11 #include <sys/time.h> 12 #include <sys/uio.h> 13 #include <sys/wait.h> 14 #include <dirent.h> 15 #include <errno.h> 16 #include <fcntl.h> 17 #include <limits.h> 18 #include <poll.h> 19 #include <signal.h> 20 #include <stdio.h> 21 #include <stdlib.h> 22 #include <string.h> 23 #include <strings.h> 24 #include <sysexits.h> 25 #include <unistd.h> 26 #include <wchar.h> 27 #include <atf-c.h> 28 29 static FILE * __unused 30 new_fp(size_t __len) 31 { 32 static char fpbuf[LINE_MAX]; 33 FILE *fp; 34 35 ATF_REQUIRE(__len <= sizeof(fpbuf)); 36 37 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 38 fpbuf[sizeof(fpbuf) - 1] = '\0'; 39 40 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 41 ATF_REQUIRE(fp != NULL); 42 43 return (fp); 44 } 45 46 /* 47 * Create a new symlink to use for readlink(2) style tests, we'll just use a 48 * random target name to have something interesting to look at. 49 */ 50 static const char * __unused 51 new_symlink(size_t __len) 52 { 53 static const char linkname[] = "link"; 54 char target[MAXNAMLEN]; 55 int error; 56 57 ATF_REQUIRE(__len <= sizeof(target)); 58 59 arc4random_buf(target, sizeof(target)); 60 61 error = unlink(linkname); 62 ATF_REQUIRE(error == 0 || errno == ENOENT); 63 64 error = symlink(target, linkname); 65 ATF_REQUIRE(error == 0); 66 67 return (linkname); 68 } 69 70 /* 71 * For our purposes, first descriptor will be the reader; we'll send both 72 * raw data and a control message over it so that the result can be used for 73 * any of our recv*() tests. 74 */ 75 static void __unused 76 new_socket(int sock[2]) 77 { 78 unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 }; 79 static char sockbuf[256]; 80 ssize_t rv; 81 size_t total = 0; 82 struct msghdr hdr = { 0 }; 83 struct cmsghdr *cmsg; 84 int error, fd; 85 86 error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock); 87 ATF_REQUIRE(error == 0); 88 89 while (total != sizeof(sockbuf)) { 90 rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0); 91 92 ATF_REQUIRE_MSG(rv > 0, 93 "expected bytes sent, got %zd with %zu left (size %zu, total %zu)", 94 rv, sizeof(sockbuf) - total, sizeof(sockbuf), total); 95 ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf), 96 "%zd exceeds total %zu", rv, sizeof(sockbuf)); 97 total += rv; 98 } 99 100 hdr.msg_control = ctrl; 101 hdr.msg_controllen = sizeof(ctrl); 102 103 cmsg = CMSG_FIRSTHDR(&hdr); 104 cmsg->cmsg_level = SOL_SOCKET; 105 cmsg->cmsg_type = SCM_RIGHTS; 106 cmsg->cmsg_len = CMSG_LEN(sizeof(fd)); 107 fd = STDIN_FILENO; 108 memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd)); 109 110 error = sendmsg(sock[1], &hdr, 0); 111 ATF_REQUIRE(error != -1); 112 } 113 114 /* 115 * Constructs a tmpfile that we can use for testing read(2) and friends. 116 */ 117 static int __unused 118 new_tmpfile(void) 119 { 120 char buf[1024]; 121 ssize_t rv; 122 size_t written; 123 int fd; 124 125 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 126 ATF_REQUIRE(fd >= 0); 127 128 written = 0; 129 while (written < TMPFILE_SIZE) { 130 rv = write(fd, buf, sizeof(buf)); 131 ATF_REQUIRE(rv > 0); 132 133 written += rv; 134 } 135 136 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 137 return (fd); 138 } 139 140 static void 141 disable_coredumps(void) 142 { 143 struct rlimit rl = { 0 }; 144 145 if (setrlimit(RLIMIT_CORE, &rl) == -1) 146 _exit(EX_OSERR); 147 } 148 149 /* 150 * Replaces stdin with a file that we can actually read from, for tests where 151 * we want a FILE * or fd that we can get data from. 152 */ 153 static void __unused 154 replace_stdin(void) 155 { 156 int fd; 157 158 fd = new_tmpfile(); 159 160 (void)dup2(fd, STDIN_FILENO); 161 if (fd != STDIN_FILENO) 162 close(fd); 163 } 164 165 ATF_TC_WITHOUT_HEAD(memcpy_before_end); 166 ATF_TC_BODY(memcpy_before_end, tc) 167 { 168 #define BUF &__stack.__buf 169 struct { 170 uint8_t padding_l; 171 unsigned char __buf[42]; 172 uint8_t padding_r; 173 } __stack; 174 const size_t __bufsz __unused = sizeof(__stack.__buf); 175 const size_t __len = 42 - 1; 176 const size_t __idx __unused = __len - 1; 177 char src[__len + 10]; 178 179 memcpy(__stack.__buf, src, __len); 180 #undef BUF 181 182 } 183 184 ATF_TC_WITHOUT_HEAD(memcpy_end); 185 ATF_TC_BODY(memcpy_end, tc) 186 { 187 #define BUF &__stack.__buf 188 struct { 189 uint8_t padding_l; 190 unsigned char __buf[42]; 191 uint8_t padding_r; 192 } __stack; 193 const size_t __bufsz __unused = sizeof(__stack.__buf); 194 const size_t __len = 42; 195 const size_t __idx __unused = __len - 1; 196 char src[__len + 10]; 197 198 memcpy(__stack.__buf, src, __len); 199 #undef BUF 200 201 } 202 203 ATF_TC_WITHOUT_HEAD(memcpy_heap_before_end); 204 ATF_TC_BODY(memcpy_heap_before_end, tc) 205 { 206 #define BUF __stack.__buf 207 struct { 208 uint8_t padding_l; 209 unsigned char * __buf; 210 uint8_t padding_r; 211 } __stack; 212 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 213 const size_t __len = 42 - 1; 214 const size_t __idx __unused = __len - 1; 215 char src[__len + 10]; 216 217 __stack.__buf = malloc(__bufsz); 218 219 memcpy(__stack.__buf, src, __len); 220 #undef BUF 221 222 } 223 224 ATF_TC_WITHOUT_HEAD(memcpy_heap_end); 225 ATF_TC_BODY(memcpy_heap_end, tc) 226 { 227 #define BUF __stack.__buf 228 struct { 229 uint8_t padding_l; 230 unsigned char * __buf; 231 uint8_t padding_r; 232 } __stack; 233 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 234 const size_t __len = 42; 235 const size_t __idx __unused = __len - 1; 236 char src[__len + 10]; 237 238 __stack.__buf = malloc(__bufsz); 239 240 memcpy(__stack.__buf, src, __len); 241 #undef BUF 242 243 } 244 245 ATF_TC_WITHOUT_HEAD(memcpy_heap_after_end); 246 ATF_TC_BODY(memcpy_heap_after_end, tc) 247 { 248 #define BUF __stack.__buf 249 struct { 250 uint8_t padding_l; 251 unsigned char * __buf; 252 uint8_t padding_r; 253 } __stack; 254 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 255 const size_t __len = 42 + 1; 256 const size_t __idx __unused = __len - 1; 257 pid_t __child; 258 int __status; 259 char src[__len + 10]; 260 261 __child = fork(); 262 ATF_REQUIRE(__child >= 0); 263 if (__child > 0) 264 goto monitor; 265 266 /* Child */ 267 disable_coredumps(); 268 __stack.__buf = malloc(__bufsz); 269 270 memcpy(__stack.__buf, src, __len); 271 _exit(EX_SOFTWARE); /* Should have aborted. */ 272 273 monitor: 274 while (waitpid(__child, &__status, 0) != __child) { 275 ATF_REQUIRE_EQ(EINTR, errno); 276 } 277 278 if (!WIFSIGNALED(__status)) { 279 switch (WEXITSTATUS(__status)) { 280 case EX_SOFTWARE: 281 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 282 break; 283 case EX_OSERR: 284 atf_tc_fail("setrlimit(2) failed"); 285 break; 286 default: 287 atf_tc_fail("child exited with status %d", 288 WEXITSTATUS(__status)); 289 } 290 } else { 291 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 292 } 293 #undef BUF 294 295 } 296 297 ATF_TC_WITHOUT_HEAD(mempcpy_before_end); 298 ATF_TC_BODY(mempcpy_before_end, tc) 299 { 300 #define BUF &__stack.__buf 301 struct { 302 uint8_t padding_l; 303 unsigned char __buf[42]; 304 uint8_t padding_r; 305 } __stack; 306 const size_t __bufsz __unused = sizeof(__stack.__buf); 307 const size_t __len = 42 - 1; 308 const size_t __idx __unused = __len - 1; 309 char src[__len + 10]; 310 311 mempcpy(__stack.__buf, src, __len); 312 #undef BUF 313 314 } 315 316 ATF_TC_WITHOUT_HEAD(mempcpy_end); 317 ATF_TC_BODY(mempcpy_end, tc) 318 { 319 #define BUF &__stack.__buf 320 struct { 321 uint8_t padding_l; 322 unsigned char __buf[42]; 323 uint8_t padding_r; 324 } __stack; 325 const size_t __bufsz __unused = sizeof(__stack.__buf); 326 const size_t __len = 42; 327 const size_t __idx __unused = __len - 1; 328 char src[__len + 10]; 329 330 mempcpy(__stack.__buf, src, __len); 331 #undef BUF 332 333 } 334 335 ATF_TC_WITHOUT_HEAD(mempcpy_heap_before_end); 336 ATF_TC_BODY(mempcpy_heap_before_end, tc) 337 { 338 #define BUF __stack.__buf 339 struct { 340 uint8_t padding_l; 341 unsigned char * __buf; 342 uint8_t padding_r; 343 } __stack; 344 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 345 const size_t __len = 42 - 1; 346 const size_t __idx __unused = __len - 1; 347 char src[__len + 10]; 348 349 __stack.__buf = malloc(__bufsz); 350 351 mempcpy(__stack.__buf, src, __len); 352 #undef BUF 353 354 } 355 356 ATF_TC_WITHOUT_HEAD(mempcpy_heap_end); 357 ATF_TC_BODY(mempcpy_heap_end, tc) 358 { 359 #define BUF __stack.__buf 360 struct { 361 uint8_t padding_l; 362 unsigned char * __buf; 363 uint8_t padding_r; 364 } __stack; 365 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 366 const size_t __len = 42; 367 const size_t __idx __unused = __len - 1; 368 char src[__len + 10]; 369 370 __stack.__buf = malloc(__bufsz); 371 372 mempcpy(__stack.__buf, src, __len); 373 #undef BUF 374 375 } 376 377 ATF_TC_WITHOUT_HEAD(mempcpy_heap_after_end); 378 ATF_TC_BODY(mempcpy_heap_after_end, tc) 379 { 380 #define BUF __stack.__buf 381 struct { 382 uint8_t padding_l; 383 unsigned char * __buf; 384 uint8_t padding_r; 385 } __stack; 386 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 387 const size_t __len = 42 + 1; 388 const size_t __idx __unused = __len - 1; 389 pid_t __child; 390 int __status; 391 char src[__len + 10]; 392 393 __child = fork(); 394 ATF_REQUIRE(__child >= 0); 395 if (__child > 0) 396 goto monitor; 397 398 /* Child */ 399 disable_coredumps(); 400 __stack.__buf = malloc(__bufsz); 401 402 mempcpy(__stack.__buf, src, __len); 403 _exit(EX_SOFTWARE); /* Should have aborted. */ 404 405 monitor: 406 while (waitpid(__child, &__status, 0) != __child) { 407 ATF_REQUIRE_EQ(EINTR, errno); 408 } 409 410 if (!WIFSIGNALED(__status)) { 411 switch (WEXITSTATUS(__status)) { 412 case EX_SOFTWARE: 413 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 414 break; 415 case EX_OSERR: 416 atf_tc_fail("setrlimit(2) failed"); 417 break; 418 default: 419 atf_tc_fail("child exited with status %d", 420 WEXITSTATUS(__status)); 421 } 422 } else { 423 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 424 } 425 #undef BUF 426 427 } 428 429 ATF_TC_WITHOUT_HEAD(memmove_before_end); 430 ATF_TC_BODY(memmove_before_end, tc) 431 { 432 #define BUF &__stack.__buf 433 struct { 434 uint8_t padding_l; 435 unsigned char __buf[42]; 436 uint8_t padding_r; 437 } __stack; 438 const size_t __bufsz __unused = sizeof(__stack.__buf); 439 const size_t __len = 42 - 1; 440 const size_t __idx __unused = __len - 1; 441 char src[__len + 10]; 442 443 memmove(__stack.__buf, src, __len); 444 #undef BUF 445 446 } 447 448 ATF_TC_WITHOUT_HEAD(memmove_end); 449 ATF_TC_BODY(memmove_end, tc) 450 { 451 #define BUF &__stack.__buf 452 struct { 453 uint8_t padding_l; 454 unsigned char __buf[42]; 455 uint8_t padding_r; 456 } __stack; 457 const size_t __bufsz __unused = sizeof(__stack.__buf); 458 const size_t __len = 42; 459 const size_t __idx __unused = __len - 1; 460 char src[__len + 10]; 461 462 memmove(__stack.__buf, src, __len); 463 #undef BUF 464 465 } 466 467 ATF_TC_WITHOUT_HEAD(memmove_heap_before_end); 468 ATF_TC_BODY(memmove_heap_before_end, tc) 469 { 470 #define BUF __stack.__buf 471 struct { 472 uint8_t padding_l; 473 unsigned char * __buf; 474 uint8_t padding_r; 475 } __stack; 476 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 477 const size_t __len = 42 - 1; 478 const size_t __idx __unused = __len - 1; 479 char src[__len + 10]; 480 481 __stack.__buf = malloc(__bufsz); 482 483 memmove(__stack.__buf, src, __len); 484 #undef BUF 485 486 } 487 488 ATF_TC_WITHOUT_HEAD(memmove_heap_end); 489 ATF_TC_BODY(memmove_heap_end, tc) 490 { 491 #define BUF __stack.__buf 492 struct { 493 uint8_t padding_l; 494 unsigned char * __buf; 495 uint8_t padding_r; 496 } __stack; 497 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 498 const size_t __len = 42; 499 const size_t __idx __unused = __len - 1; 500 char src[__len + 10]; 501 502 __stack.__buf = malloc(__bufsz); 503 504 memmove(__stack.__buf, src, __len); 505 #undef BUF 506 507 } 508 509 ATF_TC_WITHOUT_HEAD(memmove_heap_after_end); 510 ATF_TC_BODY(memmove_heap_after_end, tc) 511 { 512 #define BUF __stack.__buf 513 struct { 514 uint8_t padding_l; 515 unsigned char * __buf; 516 uint8_t padding_r; 517 } __stack; 518 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 519 const size_t __len = 42 + 1; 520 const size_t __idx __unused = __len - 1; 521 pid_t __child; 522 int __status; 523 char src[__len + 10]; 524 525 __child = fork(); 526 ATF_REQUIRE(__child >= 0); 527 if (__child > 0) 528 goto monitor; 529 530 /* Child */ 531 disable_coredumps(); 532 __stack.__buf = malloc(__bufsz); 533 534 memmove(__stack.__buf, src, __len); 535 _exit(EX_SOFTWARE); /* Should have aborted. */ 536 537 monitor: 538 while (waitpid(__child, &__status, 0) != __child) { 539 ATF_REQUIRE_EQ(EINTR, errno); 540 } 541 542 if (!WIFSIGNALED(__status)) { 543 switch (WEXITSTATUS(__status)) { 544 case EX_SOFTWARE: 545 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 546 break; 547 case EX_OSERR: 548 atf_tc_fail("setrlimit(2) failed"); 549 break; 550 default: 551 atf_tc_fail("child exited with status %d", 552 WEXITSTATUS(__status)); 553 } 554 } else { 555 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 556 } 557 #undef BUF 558 559 } 560 561 ATF_TC_WITHOUT_HEAD(memset_before_end); 562 ATF_TC_BODY(memset_before_end, tc) 563 { 564 #define BUF &__stack.__buf 565 struct { 566 uint8_t padding_l; 567 unsigned char __buf[42]; 568 uint8_t padding_r; 569 } __stack; 570 const size_t __bufsz __unused = sizeof(__stack.__buf); 571 const size_t __len = 42 - 1; 572 const size_t __idx __unused = __len - 1; 573 574 memset(__stack.__buf, 0, __len); 575 #undef BUF 576 577 } 578 579 ATF_TC_WITHOUT_HEAD(memset_end); 580 ATF_TC_BODY(memset_end, tc) 581 { 582 #define BUF &__stack.__buf 583 struct { 584 uint8_t padding_l; 585 unsigned char __buf[42]; 586 uint8_t padding_r; 587 } __stack; 588 const size_t __bufsz __unused = sizeof(__stack.__buf); 589 const size_t __len = 42; 590 const size_t __idx __unused = __len - 1; 591 592 memset(__stack.__buf, 0, __len); 593 #undef BUF 594 595 } 596 597 ATF_TC_WITHOUT_HEAD(memset_heap_before_end); 598 ATF_TC_BODY(memset_heap_before_end, tc) 599 { 600 #define BUF __stack.__buf 601 struct { 602 uint8_t padding_l; 603 unsigned char * __buf; 604 uint8_t padding_r; 605 } __stack; 606 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 607 const size_t __len = 42 - 1; 608 const size_t __idx __unused = __len - 1; 609 610 __stack.__buf = malloc(__bufsz); 611 612 memset(__stack.__buf, 0, __len); 613 #undef BUF 614 615 } 616 617 ATF_TC_WITHOUT_HEAD(memset_heap_end); 618 ATF_TC_BODY(memset_heap_end, tc) 619 { 620 #define BUF __stack.__buf 621 struct { 622 uint8_t padding_l; 623 unsigned char * __buf; 624 uint8_t padding_r; 625 } __stack; 626 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 627 const size_t __len = 42; 628 const size_t __idx __unused = __len - 1; 629 630 __stack.__buf = malloc(__bufsz); 631 632 memset(__stack.__buf, 0, __len); 633 #undef BUF 634 635 } 636 637 ATF_TC_WITHOUT_HEAD(memset_heap_after_end); 638 ATF_TC_BODY(memset_heap_after_end, tc) 639 { 640 #define BUF __stack.__buf 641 struct { 642 uint8_t padding_l; 643 unsigned char * __buf; 644 uint8_t padding_r; 645 } __stack; 646 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 647 const size_t __len = 42 + 1; 648 const size_t __idx __unused = __len - 1; 649 pid_t __child; 650 int __status; 651 652 __child = fork(); 653 ATF_REQUIRE(__child >= 0); 654 if (__child > 0) 655 goto monitor; 656 657 /* Child */ 658 disable_coredumps(); 659 __stack.__buf = malloc(__bufsz); 660 661 memset(__stack.__buf, 0, __len); 662 _exit(EX_SOFTWARE); /* Should have aborted. */ 663 664 monitor: 665 while (waitpid(__child, &__status, 0) != __child) { 666 ATF_REQUIRE_EQ(EINTR, errno); 667 } 668 669 if (!WIFSIGNALED(__status)) { 670 switch (WEXITSTATUS(__status)) { 671 case EX_SOFTWARE: 672 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 673 break; 674 case EX_OSERR: 675 atf_tc_fail("setrlimit(2) failed"); 676 break; 677 default: 678 atf_tc_fail("child exited with status %d", 679 WEXITSTATUS(__status)); 680 } 681 } else { 682 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 683 } 684 #undef BUF 685 686 } 687 688 ATF_TC_WITHOUT_HEAD(stpcpy_before_end); 689 ATF_TC_BODY(stpcpy_before_end, tc) 690 { 691 #define BUF &__stack.__buf 692 struct { 693 uint8_t padding_l; 694 unsigned char __buf[42]; 695 uint8_t padding_r; 696 } __stack; 697 const size_t __bufsz __unused = sizeof(__stack.__buf); 698 const size_t __len = 42 - 1; 699 const size_t __idx __unused = __len - 1; 700 char src[__len]; 701 702 memset(__stack.__buf, 0, __len); 703 memset(src, 'A', __len - 1); 704 src[__len - 1] = '\0'; 705 706 stpcpy(__stack.__buf, src); 707 #undef BUF 708 709 } 710 711 ATF_TC_WITHOUT_HEAD(stpcpy_end); 712 ATF_TC_BODY(stpcpy_end, tc) 713 { 714 #define BUF &__stack.__buf 715 struct { 716 uint8_t padding_l; 717 unsigned char __buf[42]; 718 uint8_t padding_r; 719 } __stack; 720 const size_t __bufsz __unused = sizeof(__stack.__buf); 721 const size_t __len = 42; 722 const size_t __idx __unused = __len - 1; 723 char src[__len]; 724 725 memset(__stack.__buf, 0, __len); 726 memset(src, 'A', __len - 1); 727 src[__len - 1] = '\0'; 728 729 stpcpy(__stack.__buf, src); 730 #undef BUF 731 732 } 733 734 ATF_TC_WITHOUT_HEAD(stpcpy_heap_before_end); 735 ATF_TC_BODY(stpcpy_heap_before_end, tc) 736 { 737 #define BUF __stack.__buf 738 struct { 739 uint8_t padding_l; 740 unsigned char * __buf; 741 uint8_t padding_r; 742 } __stack; 743 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 744 const size_t __len = 42 - 1; 745 const size_t __idx __unused = __len - 1; 746 char src[__len]; 747 748 __stack.__buf = malloc(__bufsz); 749 memset(__stack.__buf, 0, __len); 750 memset(src, 'A', __len - 1); 751 src[__len - 1] = '\0'; 752 753 stpcpy(__stack.__buf, src); 754 #undef BUF 755 756 } 757 758 ATF_TC_WITHOUT_HEAD(stpcpy_heap_end); 759 ATF_TC_BODY(stpcpy_heap_end, tc) 760 { 761 #define BUF __stack.__buf 762 struct { 763 uint8_t padding_l; 764 unsigned char * __buf; 765 uint8_t padding_r; 766 } __stack; 767 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 768 const size_t __len = 42; 769 const size_t __idx __unused = __len - 1; 770 char src[__len]; 771 772 __stack.__buf = malloc(__bufsz); 773 memset(__stack.__buf, 0, __len); 774 memset(src, 'A', __len - 1); 775 src[__len - 1] = '\0'; 776 777 stpcpy(__stack.__buf, src); 778 #undef BUF 779 780 } 781 782 ATF_TC_WITHOUT_HEAD(stpcpy_heap_after_end); 783 ATF_TC_BODY(stpcpy_heap_after_end, tc) 784 { 785 #define BUF __stack.__buf 786 struct { 787 uint8_t padding_l; 788 unsigned char * __buf; 789 uint8_t padding_r; 790 } __stack; 791 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 792 const size_t __len = 42 + 1; 793 const size_t __idx __unused = __len - 1; 794 pid_t __child; 795 int __status; 796 char src[__len]; 797 798 __child = fork(); 799 ATF_REQUIRE(__child >= 0); 800 if (__child > 0) 801 goto monitor; 802 803 /* Child */ 804 disable_coredumps(); 805 __stack.__buf = malloc(__bufsz); 806 memset(__stack.__buf, 0, __len); 807 memset(src, 'A', __len - 1); 808 src[__len - 1] = '\0'; 809 810 stpcpy(__stack.__buf, src); 811 _exit(EX_SOFTWARE); /* Should have aborted. */ 812 813 monitor: 814 while (waitpid(__child, &__status, 0) != __child) { 815 ATF_REQUIRE_EQ(EINTR, errno); 816 } 817 818 if (!WIFSIGNALED(__status)) { 819 switch (WEXITSTATUS(__status)) { 820 case EX_SOFTWARE: 821 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 822 break; 823 case EX_OSERR: 824 atf_tc_fail("setrlimit(2) failed"); 825 break; 826 default: 827 atf_tc_fail("child exited with status %d", 828 WEXITSTATUS(__status)); 829 } 830 } else { 831 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 832 } 833 #undef BUF 834 835 } 836 837 ATF_TC_WITHOUT_HEAD(stpncpy_before_end); 838 ATF_TC_BODY(stpncpy_before_end, tc) 839 { 840 #define BUF &__stack.__buf 841 struct { 842 uint8_t padding_l; 843 unsigned char __buf[42]; 844 uint8_t padding_r; 845 } __stack; 846 const size_t __bufsz __unused = sizeof(__stack.__buf); 847 const size_t __len = 42 - 1; 848 const size_t __idx __unused = __len - 1; 849 char src[__len]; 850 851 memset(__stack.__buf, 0, __len); 852 memset(src, 'A', __len - 1); 853 src[__len - 1] = '\0'; 854 855 stpncpy(__stack.__buf, src, __len); 856 #undef BUF 857 858 } 859 860 ATF_TC_WITHOUT_HEAD(stpncpy_end); 861 ATF_TC_BODY(stpncpy_end, tc) 862 { 863 #define BUF &__stack.__buf 864 struct { 865 uint8_t padding_l; 866 unsigned char __buf[42]; 867 uint8_t padding_r; 868 } __stack; 869 const size_t __bufsz __unused = sizeof(__stack.__buf); 870 const size_t __len = 42; 871 const size_t __idx __unused = __len - 1; 872 char src[__len]; 873 874 memset(__stack.__buf, 0, __len); 875 memset(src, 'A', __len - 1); 876 src[__len - 1] = '\0'; 877 878 stpncpy(__stack.__buf, src, __len); 879 #undef BUF 880 881 } 882 883 ATF_TC_WITHOUT_HEAD(stpncpy_heap_before_end); 884 ATF_TC_BODY(stpncpy_heap_before_end, tc) 885 { 886 #define BUF __stack.__buf 887 struct { 888 uint8_t padding_l; 889 unsigned char * __buf; 890 uint8_t padding_r; 891 } __stack; 892 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 893 const size_t __len = 42 - 1; 894 const size_t __idx __unused = __len - 1; 895 char src[__len]; 896 897 __stack.__buf = malloc(__bufsz); 898 memset(__stack.__buf, 0, __len); 899 memset(src, 'A', __len - 1); 900 src[__len - 1] = '\0'; 901 902 stpncpy(__stack.__buf, src, __len); 903 #undef BUF 904 905 } 906 907 ATF_TC_WITHOUT_HEAD(stpncpy_heap_end); 908 ATF_TC_BODY(stpncpy_heap_end, tc) 909 { 910 #define BUF __stack.__buf 911 struct { 912 uint8_t padding_l; 913 unsigned char * __buf; 914 uint8_t padding_r; 915 } __stack; 916 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 917 const size_t __len = 42; 918 const size_t __idx __unused = __len - 1; 919 char src[__len]; 920 921 __stack.__buf = malloc(__bufsz); 922 memset(__stack.__buf, 0, __len); 923 memset(src, 'A', __len - 1); 924 src[__len - 1] = '\0'; 925 926 stpncpy(__stack.__buf, src, __len); 927 #undef BUF 928 929 } 930 931 ATF_TC_WITHOUT_HEAD(stpncpy_heap_after_end); 932 ATF_TC_BODY(stpncpy_heap_after_end, tc) 933 { 934 #define BUF __stack.__buf 935 struct { 936 uint8_t padding_l; 937 unsigned char * __buf; 938 uint8_t padding_r; 939 } __stack; 940 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 941 const size_t __len = 42 + 1; 942 const size_t __idx __unused = __len - 1; 943 pid_t __child; 944 int __status; 945 char src[__len]; 946 947 __child = fork(); 948 ATF_REQUIRE(__child >= 0); 949 if (__child > 0) 950 goto monitor; 951 952 /* Child */ 953 disable_coredumps(); 954 __stack.__buf = malloc(__bufsz); 955 memset(__stack.__buf, 0, __len); 956 memset(src, 'A', __len - 1); 957 src[__len - 1] = '\0'; 958 959 stpncpy(__stack.__buf, src, __len); 960 _exit(EX_SOFTWARE); /* Should have aborted. */ 961 962 monitor: 963 while (waitpid(__child, &__status, 0) != __child) { 964 ATF_REQUIRE_EQ(EINTR, errno); 965 } 966 967 if (!WIFSIGNALED(__status)) { 968 switch (WEXITSTATUS(__status)) { 969 case EX_SOFTWARE: 970 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 971 break; 972 case EX_OSERR: 973 atf_tc_fail("setrlimit(2) failed"); 974 break; 975 default: 976 atf_tc_fail("child exited with status %d", 977 WEXITSTATUS(__status)); 978 } 979 } else { 980 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 981 } 982 #undef BUF 983 984 } 985 986 ATF_TC_WITHOUT_HEAD(strcat_before_end); 987 ATF_TC_BODY(strcat_before_end, tc) 988 { 989 #define BUF &__stack.__buf 990 struct { 991 uint8_t padding_l; 992 unsigned char __buf[42]; 993 uint8_t padding_r; 994 } __stack; 995 const size_t __bufsz __unused = sizeof(__stack.__buf); 996 const size_t __len = 42 - 1; 997 const size_t __idx __unused = __len - 1; 998 char src[__len]; 999 1000 memset(__stack.__buf, 0, __len); 1001 memset(src, 'A', __len - 1); 1002 src[__len - 1] = '\0'; 1003 1004 strcat(__stack.__buf, src); 1005 #undef BUF 1006 1007 } 1008 1009 ATF_TC_WITHOUT_HEAD(strcat_end); 1010 ATF_TC_BODY(strcat_end, tc) 1011 { 1012 #define BUF &__stack.__buf 1013 struct { 1014 uint8_t padding_l; 1015 unsigned char __buf[42]; 1016 uint8_t padding_r; 1017 } __stack; 1018 const size_t __bufsz __unused = sizeof(__stack.__buf); 1019 const size_t __len = 42; 1020 const size_t __idx __unused = __len - 1; 1021 char src[__len]; 1022 1023 memset(__stack.__buf, 0, __len); 1024 memset(src, 'A', __len - 1); 1025 src[__len - 1] = '\0'; 1026 1027 strcat(__stack.__buf, src); 1028 #undef BUF 1029 1030 } 1031 1032 ATF_TC_WITHOUT_HEAD(strcat_heap_before_end); 1033 ATF_TC_BODY(strcat_heap_before_end, tc) 1034 { 1035 #define BUF __stack.__buf 1036 struct { 1037 uint8_t padding_l; 1038 unsigned char * __buf; 1039 uint8_t padding_r; 1040 } __stack; 1041 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1042 const size_t __len = 42 - 1; 1043 const size_t __idx __unused = __len - 1; 1044 char src[__len]; 1045 1046 __stack.__buf = malloc(__bufsz); 1047 memset(__stack.__buf, 0, __len); 1048 memset(src, 'A', __len - 1); 1049 src[__len - 1] = '\0'; 1050 1051 strcat(__stack.__buf, src); 1052 #undef BUF 1053 1054 } 1055 1056 ATF_TC_WITHOUT_HEAD(strcat_heap_end); 1057 ATF_TC_BODY(strcat_heap_end, tc) 1058 { 1059 #define BUF __stack.__buf 1060 struct { 1061 uint8_t padding_l; 1062 unsigned char * __buf; 1063 uint8_t padding_r; 1064 } __stack; 1065 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1066 const size_t __len = 42; 1067 const size_t __idx __unused = __len - 1; 1068 char src[__len]; 1069 1070 __stack.__buf = malloc(__bufsz); 1071 memset(__stack.__buf, 0, __len); 1072 memset(src, 'A', __len - 1); 1073 src[__len - 1] = '\0'; 1074 1075 strcat(__stack.__buf, src); 1076 #undef BUF 1077 1078 } 1079 1080 ATF_TC_WITHOUT_HEAD(strcat_heap_after_end); 1081 ATF_TC_BODY(strcat_heap_after_end, tc) 1082 { 1083 #define BUF __stack.__buf 1084 struct { 1085 uint8_t padding_l; 1086 unsigned char * __buf; 1087 uint8_t padding_r; 1088 } __stack; 1089 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1090 const size_t __len = 42 + 1; 1091 const size_t __idx __unused = __len - 1; 1092 pid_t __child; 1093 int __status; 1094 char src[__len]; 1095 1096 __child = fork(); 1097 ATF_REQUIRE(__child >= 0); 1098 if (__child > 0) 1099 goto monitor; 1100 1101 /* Child */ 1102 disable_coredumps(); 1103 __stack.__buf = malloc(__bufsz); 1104 memset(__stack.__buf, 0, __len); 1105 memset(src, 'A', __len - 1); 1106 src[__len - 1] = '\0'; 1107 1108 strcat(__stack.__buf, src); 1109 _exit(EX_SOFTWARE); /* Should have aborted. */ 1110 1111 monitor: 1112 while (waitpid(__child, &__status, 0) != __child) { 1113 ATF_REQUIRE_EQ(EINTR, errno); 1114 } 1115 1116 if (!WIFSIGNALED(__status)) { 1117 switch (WEXITSTATUS(__status)) { 1118 case EX_SOFTWARE: 1119 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1120 break; 1121 case EX_OSERR: 1122 atf_tc_fail("setrlimit(2) failed"); 1123 break; 1124 default: 1125 atf_tc_fail("child exited with status %d", 1126 WEXITSTATUS(__status)); 1127 } 1128 } else { 1129 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1130 } 1131 #undef BUF 1132 1133 } 1134 1135 ATF_TC_WITHOUT_HEAD(strlcat_before_end); 1136 ATF_TC_BODY(strlcat_before_end, tc) 1137 { 1138 #define BUF &__stack.__buf 1139 struct { 1140 uint8_t padding_l; 1141 unsigned char __buf[42]; 1142 uint8_t padding_r; 1143 } __stack; 1144 const size_t __bufsz __unused = sizeof(__stack.__buf); 1145 const size_t __len = 42 - 1; 1146 const size_t __idx __unused = __len - 1; 1147 char src[__len]; 1148 1149 memset(__stack.__buf, 0, __len); 1150 memset(src, 'A', __len - 1); 1151 src[__len - 1] = '\0'; 1152 1153 strlcat(__stack.__buf, src, __len); 1154 #undef BUF 1155 1156 } 1157 1158 ATF_TC_WITHOUT_HEAD(strlcat_end); 1159 ATF_TC_BODY(strlcat_end, tc) 1160 { 1161 #define BUF &__stack.__buf 1162 struct { 1163 uint8_t padding_l; 1164 unsigned char __buf[42]; 1165 uint8_t padding_r; 1166 } __stack; 1167 const size_t __bufsz __unused = sizeof(__stack.__buf); 1168 const size_t __len = 42; 1169 const size_t __idx __unused = __len - 1; 1170 char src[__len]; 1171 1172 memset(__stack.__buf, 0, __len); 1173 memset(src, 'A', __len - 1); 1174 src[__len - 1] = '\0'; 1175 1176 strlcat(__stack.__buf, src, __len); 1177 #undef BUF 1178 1179 } 1180 1181 ATF_TC_WITHOUT_HEAD(strlcat_heap_before_end); 1182 ATF_TC_BODY(strlcat_heap_before_end, tc) 1183 { 1184 #define BUF __stack.__buf 1185 struct { 1186 uint8_t padding_l; 1187 unsigned char * __buf; 1188 uint8_t padding_r; 1189 } __stack; 1190 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1191 const size_t __len = 42 - 1; 1192 const size_t __idx __unused = __len - 1; 1193 char src[__len]; 1194 1195 __stack.__buf = malloc(__bufsz); 1196 memset(__stack.__buf, 0, __len); 1197 memset(src, 'A', __len - 1); 1198 src[__len - 1] = '\0'; 1199 1200 strlcat(__stack.__buf, src, __len); 1201 #undef BUF 1202 1203 } 1204 1205 ATF_TC_WITHOUT_HEAD(strlcat_heap_end); 1206 ATF_TC_BODY(strlcat_heap_end, tc) 1207 { 1208 #define BUF __stack.__buf 1209 struct { 1210 uint8_t padding_l; 1211 unsigned char * __buf; 1212 uint8_t padding_r; 1213 } __stack; 1214 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1215 const size_t __len = 42; 1216 const size_t __idx __unused = __len - 1; 1217 char src[__len]; 1218 1219 __stack.__buf = malloc(__bufsz); 1220 memset(__stack.__buf, 0, __len); 1221 memset(src, 'A', __len - 1); 1222 src[__len - 1] = '\0'; 1223 1224 strlcat(__stack.__buf, src, __len); 1225 #undef BUF 1226 1227 } 1228 1229 ATF_TC_WITHOUT_HEAD(strlcat_heap_after_end); 1230 ATF_TC_BODY(strlcat_heap_after_end, tc) 1231 { 1232 #define BUF __stack.__buf 1233 struct { 1234 uint8_t padding_l; 1235 unsigned char * __buf; 1236 uint8_t padding_r; 1237 } __stack; 1238 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1239 const size_t __len = 42 + 1; 1240 const size_t __idx __unused = __len - 1; 1241 pid_t __child; 1242 int __status; 1243 char src[__len]; 1244 1245 __child = fork(); 1246 ATF_REQUIRE(__child >= 0); 1247 if (__child > 0) 1248 goto monitor; 1249 1250 /* Child */ 1251 disable_coredumps(); 1252 __stack.__buf = malloc(__bufsz); 1253 memset(__stack.__buf, 0, __len); 1254 memset(src, 'A', __len - 1); 1255 src[__len - 1] = '\0'; 1256 1257 strlcat(__stack.__buf, src, __len); 1258 _exit(EX_SOFTWARE); /* Should have aborted. */ 1259 1260 monitor: 1261 while (waitpid(__child, &__status, 0) != __child) { 1262 ATF_REQUIRE_EQ(EINTR, errno); 1263 } 1264 1265 if (!WIFSIGNALED(__status)) { 1266 switch (WEXITSTATUS(__status)) { 1267 case EX_SOFTWARE: 1268 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1269 break; 1270 case EX_OSERR: 1271 atf_tc_fail("setrlimit(2) failed"); 1272 break; 1273 default: 1274 atf_tc_fail("child exited with status %d", 1275 WEXITSTATUS(__status)); 1276 } 1277 } else { 1278 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1279 } 1280 #undef BUF 1281 1282 } 1283 1284 ATF_TC_WITHOUT_HEAD(strncat_before_end); 1285 ATF_TC_BODY(strncat_before_end, tc) 1286 { 1287 #define BUF &__stack.__buf 1288 struct { 1289 uint8_t padding_l; 1290 unsigned char __buf[42]; 1291 uint8_t padding_r; 1292 } __stack; 1293 const size_t __bufsz __unused = sizeof(__stack.__buf); 1294 const size_t __len = 42 - 1; 1295 const size_t __idx __unused = __len - 1; 1296 char src[__len]; 1297 1298 memset(__stack.__buf, 0, __len); 1299 memset(src, 'A', __len - 1); 1300 src[__len - 1] = '\0'; 1301 1302 strncat(__stack.__buf, src, __len); 1303 #undef BUF 1304 1305 } 1306 1307 ATF_TC_WITHOUT_HEAD(strncat_end); 1308 ATF_TC_BODY(strncat_end, tc) 1309 { 1310 #define BUF &__stack.__buf 1311 struct { 1312 uint8_t padding_l; 1313 unsigned char __buf[42]; 1314 uint8_t padding_r; 1315 } __stack; 1316 const size_t __bufsz __unused = sizeof(__stack.__buf); 1317 const size_t __len = 42; 1318 const size_t __idx __unused = __len - 1; 1319 char src[__len]; 1320 1321 memset(__stack.__buf, 0, __len); 1322 memset(src, 'A', __len - 1); 1323 src[__len - 1] = '\0'; 1324 1325 strncat(__stack.__buf, src, __len); 1326 #undef BUF 1327 1328 } 1329 1330 ATF_TC_WITHOUT_HEAD(strncat_heap_before_end); 1331 ATF_TC_BODY(strncat_heap_before_end, tc) 1332 { 1333 #define BUF __stack.__buf 1334 struct { 1335 uint8_t padding_l; 1336 unsigned char * __buf; 1337 uint8_t padding_r; 1338 } __stack; 1339 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1340 const size_t __len = 42 - 1; 1341 const size_t __idx __unused = __len - 1; 1342 char src[__len]; 1343 1344 __stack.__buf = malloc(__bufsz); 1345 memset(__stack.__buf, 0, __len); 1346 memset(src, 'A', __len - 1); 1347 src[__len - 1] = '\0'; 1348 1349 strncat(__stack.__buf, src, __len); 1350 #undef BUF 1351 1352 } 1353 1354 ATF_TC_WITHOUT_HEAD(strncat_heap_end); 1355 ATF_TC_BODY(strncat_heap_end, tc) 1356 { 1357 #define BUF __stack.__buf 1358 struct { 1359 uint8_t padding_l; 1360 unsigned char * __buf; 1361 uint8_t padding_r; 1362 } __stack; 1363 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1364 const size_t __len = 42; 1365 const size_t __idx __unused = __len - 1; 1366 char src[__len]; 1367 1368 __stack.__buf = malloc(__bufsz); 1369 memset(__stack.__buf, 0, __len); 1370 memset(src, 'A', __len - 1); 1371 src[__len - 1] = '\0'; 1372 1373 strncat(__stack.__buf, src, __len); 1374 #undef BUF 1375 1376 } 1377 1378 ATF_TC_WITHOUT_HEAD(strncat_heap_after_end); 1379 ATF_TC_BODY(strncat_heap_after_end, tc) 1380 { 1381 #define BUF __stack.__buf 1382 struct { 1383 uint8_t padding_l; 1384 unsigned char * __buf; 1385 uint8_t padding_r; 1386 } __stack; 1387 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1388 const size_t __len = 42 + 1; 1389 const size_t __idx __unused = __len - 1; 1390 pid_t __child; 1391 int __status; 1392 char src[__len]; 1393 1394 __child = fork(); 1395 ATF_REQUIRE(__child >= 0); 1396 if (__child > 0) 1397 goto monitor; 1398 1399 /* Child */ 1400 disable_coredumps(); 1401 __stack.__buf = malloc(__bufsz); 1402 memset(__stack.__buf, 0, __len); 1403 memset(src, 'A', __len - 1); 1404 src[__len - 1] = '\0'; 1405 1406 strncat(__stack.__buf, src, __len); 1407 _exit(EX_SOFTWARE); /* Should have aborted. */ 1408 1409 monitor: 1410 while (waitpid(__child, &__status, 0) != __child) { 1411 ATF_REQUIRE_EQ(EINTR, errno); 1412 } 1413 1414 if (!WIFSIGNALED(__status)) { 1415 switch (WEXITSTATUS(__status)) { 1416 case EX_SOFTWARE: 1417 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1418 break; 1419 case EX_OSERR: 1420 atf_tc_fail("setrlimit(2) failed"); 1421 break; 1422 default: 1423 atf_tc_fail("child exited with status %d", 1424 WEXITSTATUS(__status)); 1425 } 1426 } else { 1427 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1428 } 1429 #undef BUF 1430 1431 } 1432 1433 ATF_TC_WITHOUT_HEAD(strcpy_before_end); 1434 ATF_TC_BODY(strcpy_before_end, tc) 1435 { 1436 #define BUF &__stack.__buf 1437 struct { 1438 uint8_t padding_l; 1439 unsigned char __buf[42]; 1440 uint8_t padding_r; 1441 } __stack; 1442 const size_t __bufsz __unused = sizeof(__stack.__buf); 1443 const size_t __len = 42 - 1; 1444 const size_t __idx __unused = __len - 1; 1445 char src[__len]; 1446 1447 memset(__stack.__buf, 0, __len); 1448 memset(src, 'A', __len - 1); 1449 src[__len - 1] = '\0'; 1450 1451 strcpy(__stack.__buf, src); 1452 #undef BUF 1453 1454 } 1455 1456 ATF_TC_WITHOUT_HEAD(strcpy_end); 1457 ATF_TC_BODY(strcpy_end, tc) 1458 { 1459 #define BUF &__stack.__buf 1460 struct { 1461 uint8_t padding_l; 1462 unsigned char __buf[42]; 1463 uint8_t padding_r; 1464 } __stack; 1465 const size_t __bufsz __unused = sizeof(__stack.__buf); 1466 const size_t __len = 42; 1467 const size_t __idx __unused = __len - 1; 1468 char src[__len]; 1469 1470 memset(__stack.__buf, 0, __len); 1471 memset(src, 'A', __len - 1); 1472 src[__len - 1] = '\0'; 1473 1474 strcpy(__stack.__buf, src); 1475 #undef BUF 1476 1477 } 1478 1479 ATF_TC_WITHOUT_HEAD(strcpy_heap_before_end); 1480 ATF_TC_BODY(strcpy_heap_before_end, tc) 1481 { 1482 #define BUF __stack.__buf 1483 struct { 1484 uint8_t padding_l; 1485 unsigned char * __buf; 1486 uint8_t padding_r; 1487 } __stack; 1488 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1489 const size_t __len = 42 - 1; 1490 const size_t __idx __unused = __len - 1; 1491 char src[__len]; 1492 1493 __stack.__buf = malloc(__bufsz); 1494 memset(__stack.__buf, 0, __len); 1495 memset(src, 'A', __len - 1); 1496 src[__len - 1] = '\0'; 1497 1498 strcpy(__stack.__buf, src); 1499 #undef BUF 1500 1501 } 1502 1503 ATF_TC_WITHOUT_HEAD(strcpy_heap_end); 1504 ATF_TC_BODY(strcpy_heap_end, tc) 1505 { 1506 #define BUF __stack.__buf 1507 struct { 1508 uint8_t padding_l; 1509 unsigned char * __buf; 1510 uint8_t padding_r; 1511 } __stack; 1512 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1513 const size_t __len = 42; 1514 const size_t __idx __unused = __len - 1; 1515 char src[__len]; 1516 1517 __stack.__buf = malloc(__bufsz); 1518 memset(__stack.__buf, 0, __len); 1519 memset(src, 'A', __len - 1); 1520 src[__len - 1] = '\0'; 1521 1522 strcpy(__stack.__buf, src); 1523 #undef BUF 1524 1525 } 1526 1527 ATF_TC_WITHOUT_HEAD(strcpy_heap_after_end); 1528 ATF_TC_BODY(strcpy_heap_after_end, tc) 1529 { 1530 #define BUF __stack.__buf 1531 struct { 1532 uint8_t padding_l; 1533 unsigned char * __buf; 1534 uint8_t padding_r; 1535 } __stack; 1536 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1537 const size_t __len = 42 + 1; 1538 const size_t __idx __unused = __len - 1; 1539 pid_t __child; 1540 int __status; 1541 char src[__len]; 1542 1543 __child = fork(); 1544 ATF_REQUIRE(__child >= 0); 1545 if (__child > 0) 1546 goto monitor; 1547 1548 /* Child */ 1549 disable_coredumps(); 1550 __stack.__buf = malloc(__bufsz); 1551 memset(__stack.__buf, 0, __len); 1552 memset(src, 'A', __len - 1); 1553 src[__len - 1] = '\0'; 1554 1555 strcpy(__stack.__buf, src); 1556 _exit(EX_SOFTWARE); /* Should have aborted. */ 1557 1558 monitor: 1559 while (waitpid(__child, &__status, 0) != __child) { 1560 ATF_REQUIRE_EQ(EINTR, errno); 1561 } 1562 1563 if (!WIFSIGNALED(__status)) { 1564 switch (WEXITSTATUS(__status)) { 1565 case EX_SOFTWARE: 1566 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1567 break; 1568 case EX_OSERR: 1569 atf_tc_fail("setrlimit(2) failed"); 1570 break; 1571 default: 1572 atf_tc_fail("child exited with status %d", 1573 WEXITSTATUS(__status)); 1574 } 1575 } else { 1576 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1577 } 1578 #undef BUF 1579 1580 } 1581 1582 ATF_TC_WITHOUT_HEAD(strlcpy_before_end); 1583 ATF_TC_BODY(strlcpy_before_end, tc) 1584 { 1585 #define BUF &__stack.__buf 1586 struct { 1587 uint8_t padding_l; 1588 unsigned char __buf[42]; 1589 uint8_t padding_r; 1590 } __stack; 1591 const size_t __bufsz __unused = sizeof(__stack.__buf); 1592 const size_t __len = 42 - 1; 1593 const size_t __idx __unused = __len - 1; 1594 char src[__len]; 1595 1596 memset(__stack.__buf, 0, __len); 1597 memset(src, 'A', __len - 1); 1598 src[__len - 1] = '\0'; 1599 1600 strlcpy(__stack.__buf, src, __len); 1601 #undef BUF 1602 1603 } 1604 1605 ATF_TC_WITHOUT_HEAD(strlcpy_end); 1606 ATF_TC_BODY(strlcpy_end, tc) 1607 { 1608 #define BUF &__stack.__buf 1609 struct { 1610 uint8_t padding_l; 1611 unsigned char __buf[42]; 1612 uint8_t padding_r; 1613 } __stack; 1614 const size_t __bufsz __unused = sizeof(__stack.__buf); 1615 const size_t __len = 42; 1616 const size_t __idx __unused = __len - 1; 1617 char src[__len]; 1618 1619 memset(__stack.__buf, 0, __len); 1620 memset(src, 'A', __len - 1); 1621 src[__len - 1] = '\0'; 1622 1623 strlcpy(__stack.__buf, src, __len); 1624 #undef BUF 1625 1626 } 1627 1628 ATF_TC_WITHOUT_HEAD(strlcpy_heap_before_end); 1629 ATF_TC_BODY(strlcpy_heap_before_end, tc) 1630 { 1631 #define BUF __stack.__buf 1632 struct { 1633 uint8_t padding_l; 1634 unsigned char * __buf; 1635 uint8_t padding_r; 1636 } __stack; 1637 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1638 const size_t __len = 42 - 1; 1639 const size_t __idx __unused = __len - 1; 1640 char src[__len]; 1641 1642 __stack.__buf = malloc(__bufsz); 1643 memset(__stack.__buf, 0, __len); 1644 memset(src, 'A', __len - 1); 1645 src[__len - 1] = '\0'; 1646 1647 strlcpy(__stack.__buf, src, __len); 1648 #undef BUF 1649 1650 } 1651 1652 ATF_TC_WITHOUT_HEAD(strlcpy_heap_end); 1653 ATF_TC_BODY(strlcpy_heap_end, tc) 1654 { 1655 #define BUF __stack.__buf 1656 struct { 1657 uint8_t padding_l; 1658 unsigned char * __buf; 1659 uint8_t padding_r; 1660 } __stack; 1661 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1662 const size_t __len = 42; 1663 const size_t __idx __unused = __len - 1; 1664 char src[__len]; 1665 1666 __stack.__buf = malloc(__bufsz); 1667 memset(__stack.__buf, 0, __len); 1668 memset(src, 'A', __len - 1); 1669 src[__len - 1] = '\0'; 1670 1671 strlcpy(__stack.__buf, src, __len); 1672 #undef BUF 1673 1674 } 1675 1676 ATF_TC_WITHOUT_HEAD(strlcpy_heap_after_end); 1677 ATF_TC_BODY(strlcpy_heap_after_end, tc) 1678 { 1679 #define BUF __stack.__buf 1680 struct { 1681 uint8_t padding_l; 1682 unsigned char * __buf; 1683 uint8_t padding_r; 1684 } __stack; 1685 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1686 const size_t __len = 42 + 1; 1687 const size_t __idx __unused = __len - 1; 1688 pid_t __child; 1689 int __status; 1690 char src[__len]; 1691 1692 __child = fork(); 1693 ATF_REQUIRE(__child >= 0); 1694 if (__child > 0) 1695 goto monitor; 1696 1697 /* Child */ 1698 disable_coredumps(); 1699 __stack.__buf = malloc(__bufsz); 1700 memset(__stack.__buf, 0, __len); 1701 memset(src, 'A', __len - 1); 1702 src[__len - 1] = '\0'; 1703 1704 strlcpy(__stack.__buf, src, __len); 1705 _exit(EX_SOFTWARE); /* Should have aborted. */ 1706 1707 monitor: 1708 while (waitpid(__child, &__status, 0) != __child) { 1709 ATF_REQUIRE_EQ(EINTR, errno); 1710 } 1711 1712 if (!WIFSIGNALED(__status)) { 1713 switch (WEXITSTATUS(__status)) { 1714 case EX_SOFTWARE: 1715 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1716 break; 1717 case EX_OSERR: 1718 atf_tc_fail("setrlimit(2) failed"); 1719 break; 1720 default: 1721 atf_tc_fail("child exited with status %d", 1722 WEXITSTATUS(__status)); 1723 } 1724 } else { 1725 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1726 } 1727 #undef BUF 1728 1729 } 1730 1731 ATF_TC_WITHOUT_HEAD(strncpy_before_end); 1732 ATF_TC_BODY(strncpy_before_end, tc) 1733 { 1734 #define BUF &__stack.__buf 1735 struct { 1736 uint8_t padding_l; 1737 unsigned char __buf[42]; 1738 uint8_t padding_r; 1739 } __stack; 1740 const size_t __bufsz __unused = sizeof(__stack.__buf); 1741 const size_t __len = 42 - 1; 1742 const size_t __idx __unused = __len - 1; 1743 char src[__len]; 1744 1745 memset(__stack.__buf, 0, __len); 1746 memset(src, 'A', __len - 1); 1747 src[__len - 1] = '\0'; 1748 1749 strncpy(__stack.__buf, src, __len); 1750 #undef BUF 1751 1752 } 1753 1754 ATF_TC_WITHOUT_HEAD(strncpy_end); 1755 ATF_TC_BODY(strncpy_end, tc) 1756 { 1757 #define BUF &__stack.__buf 1758 struct { 1759 uint8_t padding_l; 1760 unsigned char __buf[42]; 1761 uint8_t padding_r; 1762 } __stack; 1763 const size_t __bufsz __unused = sizeof(__stack.__buf); 1764 const size_t __len = 42; 1765 const size_t __idx __unused = __len - 1; 1766 char src[__len]; 1767 1768 memset(__stack.__buf, 0, __len); 1769 memset(src, 'A', __len - 1); 1770 src[__len - 1] = '\0'; 1771 1772 strncpy(__stack.__buf, src, __len); 1773 #undef BUF 1774 1775 } 1776 1777 ATF_TC_WITHOUT_HEAD(strncpy_heap_before_end); 1778 ATF_TC_BODY(strncpy_heap_before_end, tc) 1779 { 1780 #define BUF __stack.__buf 1781 struct { 1782 uint8_t padding_l; 1783 unsigned char * __buf; 1784 uint8_t padding_r; 1785 } __stack; 1786 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1787 const size_t __len = 42 - 1; 1788 const size_t __idx __unused = __len - 1; 1789 char src[__len]; 1790 1791 __stack.__buf = malloc(__bufsz); 1792 memset(__stack.__buf, 0, __len); 1793 memset(src, 'A', __len - 1); 1794 src[__len - 1] = '\0'; 1795 1796 strncpy(__stack.__buf, src, __len); 1797 #undef BUF 1798 1799 } 1800 1801 ATF_TC_WITHOUT_HEAD(strncpy_heap_end); 1802 ATF_TC_BODY(strncpy_heap_end, tc) 1803 { 1804 #define BUF __stack.__buf 1805 struct { 1806 uint8_t padding_l; 1807 unsigned char * __buf; 1808 uint8_t padding_r; 1809 } __stack; 1810 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1811 const size_t __len = 42; 1812 const size_t __idx __unused = __len - 1; 1813 char src[__len]; 1814 1815 __stack.__buf = malloc(__bufsz); 1816 memset(__stack.__buf, 0, __len); 1817 memset(src, 'A', __len - 1); 1818 src[__len - 1] = '\0'; 1819 1820 strncpy(__stack.__buf, src, __len); 1821 #undef BUF 1822 1823 } 1824 1825 ATF_TC_WITHOUT_HEAD(strncpy_heap_after_end); 1826 ATF_TC_BODY(strncpy_heap_after_end, tc) 1827 { 1828 #define BUF __stack.__buf 1829 struct { 1830 uint8_t padding_l; 1831 unsigned char * __buf; 1832 uint8_t padding_r; 1833 } __stack; 1834 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1835 const size_t __len = 42 + 1; 1836 const size_t __idx __unused = __len - 1; 1837 pid_t __child; 1838 int __status; 1839 char src[__len]; 1840 1841 __child = fork(); 1842 ATF_REQUIRE(__child >= 0); 1843 if (__child > 0) 1844 goto monitor; 1845 1846 /* Child */ 1847 disable_coredumps(); 1848 __stack.__buf = malloc(__bufsz); 1849 memset(__stack.__buf, 0, __len); 1850 memset(src, 'A', __len - 1); 1851 src[__len - 1] = '\0'; 1852 1853 strncpy(__stack.__buf, src, __len); 1854 _exit(EX_SOFTWARE); /* Should have aborted. */ 1855 1856 monitor: 1857 while (waitpid(__child, &__status, 0) != __child) { 1858 ATF_REQUIRE_EQ(EINTR, errno); 1859 } 1860 1861 if (!WIFSIGNALED(__status)) { 1862 switch (WEXITSTATUS(__status)) { 1863 case EX_SOFTWARE: 1864 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1865 break; 1866 case EX_OSERR: 1867 atf_tc_fail("setrlimit(2) failed"); 1868 break; 1869 default: 1870 atf_tc_fail("child exited with status %d", 1871 WEXITSTATUS(__status)); 1872 } 1873 } else { 1874 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1875 } 1876 #undef BUF 1877 1878 } 1879 1880 ATF_TP_ADD_TCS(tp) 1881 { 1882 ATF_TP_ADD_TC(tp, memcpy_before_end); 1883 ATF_TP_ADD_TC(tp, memcpy_end); 1884 ATF_TP_ADD_TC(tp, memcpy_heap_before_end); 1885 ATF_TP_ADD_TC(tp, memcpy_heap_end); 1886 ATF_TP_ADD_TC(tp, memcpy_heap_after_end); 1887 ATF_TP_ADD_TC(tp, mempcpy_before_end); 1888 ATF_TP_ADD_TC(tp, mempcpy_end); 1889 ATF_TP_ADD_TC(tp, mempcpy_heap_before_end); 1890 ATF_TP_ADD_TC(tp, mempcpy_heap_end); 1891 ATF_TP_ADD_TC(tp, mempcpy_heap_after_end); 1892 ATF_TP_ADD_TC(tp, memmove_before_end); 1893 ATF_TP_ADD_TC(tp, memmove_end); 1894 ATF_TP_ADD_TC(tp, memmove_heap_before_end); 1895 ATF_TP_ADD_TC(tp, memmove_heap_end); 1896 ATF_TP_ADD_TC(tp, memmove_heap_after_end); 1897 ATF_TP_ADD_TC(tp, memset_before_end); 1898 ATF_TP_ADD_TC(tp, memset_end); 1899 ATF_TP_ADD_TC(tp, memset_heap_before_end); 1900 ATF_TP_ADD_TC(tp, memset_heap_end); 1901 ATF_TP_ADD_TC(tp, memset_heap_after_end); 1902 ATF_TP_ADD_TC(tp, stpcpy_before_end); 1903 ATF_TP_ADD_TC(tp, stpcpy_end); 1904 ATF_TP_ADD_TC(tp, stpcpy_heap_before_end); 1905 ATF_TP_ADD_TC(tp, stpcpy_heap_end); 1906 ATF_TP_ADD_TC(tp, stpcpy_heap_after_end); 1907 ATF_TP_ADD_TC(tp, stpncpy_before_end); 1908 ATF_TP_ADD_TC(tp, stpncpy_end); 1909 ATF_TP_ADD_TC(tp, stpncpy_heap_before_end); 1910 ATF_TP_ADD_TC(tp, stpncpy_heap_end); 1911 ATF_TP_ADD_TC(tp, stpncpy_heap_after_end); 1912 ATF_TP_ADD_TC(tp, strcat_before_end); 1913 ATF_TP_ADD_TC(tp, strcat_end); 1914 ATF_TP_ADD_TC(tp, strcat_heap_before_end); 1915 ATF_TP_ADD_TC(tp, strcat_heap_end); 1916 ATF_TP_ADD_TC(tp, strcat_heap_after_end); 1917 ATF_TP_ADD_TC(tp, strlcat_before_end); 1918 ATF_TP_ADD_TC(tp, strlcat_end); 1919 ATF_TP_ADD_TC(tp, strlcat_heap_before_end); 1920 ATF_TP_ADD_TC(tp, strlcat_heap_end); 1921 ATF_TP_ADD_TC(tp, strlcat_heap_after_end); 1922 ATF_TP_ADD_TC(tp, strncat_before_end); 1923 ATF_TP_ADD_TC(tp, strncat_end); 1924 ATF_TP_ADD_TC(tp, strncat_heap_before_end); 1925 ATF_TP_ADD_TC(tp, strncat_heap_end); 1926 ATF_TP_ADD_TC(tp, strncat_heap_after_end); 1927 ATF_TP_ADD_TC(tp, strcpy_before_end); 1928 ATF_TP_ADD_TC(tp, strcpy_end); 1929 ATF_TP_ADD_TC(tp, strcpy_heap_before_end); 1930 ATF_TP_ADD_TC(tp, strcpy_heap_end); 1931 ATF_TP_ADD_TC(tp, strcpy_heap_after_end); 1932 ATF_TP_ADD_TC(tp, strlcpy_before_end); 1933 ATF_TP_ADD_TC(tp, strlcpy_end); 1934 ATF_TP_ADD_TC(tp, strlcpy_heap_before_end); 1935 ATF_TP_ADD_TC(tp, strlcpy_heap_end); 1936 ATF_TP_ADD_TC(tp, strlcpy_heap_after_end); 1937 ATF_TP_ADD_TC(tp, strncpy_before_end); 1938 ATF_TP_ADD_TC(tp, strncpy_end); 1939 ATF_TP_ADD_TC(tp, strncpy_heap_before_end); 1940 ATF_TP_ADD_TC(tp, strncpy_heap_end); 1941 ATF_TP_ADD_TC(tp, strncpy_heap_after_end); 1942 return (atf_no_error()); 1943 } 1944