1 /* @generated by `generate-fortify-tests.lua "string"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/resource.h> 8 #include <sys/time.h> 9 #include <sys/wait.h> 10 #include <dirent.h> 11 #include <errno.h> 12 #include <fcntl.h> 13 #include <limits.h> 14 #include <poll.h> 15 #include <signal.h> 16 #include <stdio.h> 17 #include <stdlib.h> 18 #include <string.h> 19 #include <strings.h> 20 #include <sysexits.h> 21 #include <unistd.h> 22 #include <atf-c.h> 23 24 static FILE * __unused 25 new_fp(size_t __len) 26 { 27 static char fpbuf[LINE_MAX]; 28 FILE *fp; 29 30 ATF_REQUIRE(__len <= sizeof(fpbuf)); 31 32 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 33 fpbuf[sizeof(fpbuf) - 1] = '\0'; 34 35 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 36 ATF_REQUIRE(fp != NULL); 37 38 return (fp); 39 } 40 41 /* 42 * Create a new symlink to use for readlink(2) style tests, we'll just use a 43 * random target name to have something interesting to look at. 44 */ 45 static const char * __unused 46 new_symlink(size_t __len) 47 { 48 static const char linkname[] = "link"; 49 char target[MAXNAMLEN]; 50 int error; 51 52 ATF_REQUIRE(__len <= sizeof(target)); 53 54 arc4random_buf(target, sizeof(target)); 55 56 error = unlink(linkname); 57 ATF_REQUIRE(error == 0 || errno == ENOENT); 58 59 error = symlink(target, linkname); 60 ATF_REQUIRE(error == 0); 61 62 return (linkname); 63 } 64 65 /* 66 * Constructs a tmpfile that we can use for testing read(2) and friends. 67 */ 68 static int __unused 69 new_tmpfile(void) 70 { 71 char buf[1024]; 72 ssize_t rv; 73 size_t written; 74 int fd; 75 76 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 77 ATF_REQUIRE(fd >= 0); 78 79 written = 0; 80 while (written < TMPFILE_SIZE) { 81 rv = write(fd, buf, sizeof(buf)); 82 ATF_REQUIRE(rv > 0); 83 84 written += rv; 85 } 86 87 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 88 return (fd); 89 } 90 91 static void 92 disable_coredumps(void) 93 { 94 struct rlimit rl = { 0 }; 95 96 if (setrlimit(RLIMIT_CORE, &rl) == -1) 97 _exit(EX_OSERR); 98 } 99 100 /* 101 * Replaces stdin with a file that we can actually read from, for tests where 102 * we want a FILE * or fd that we can get data from. 103 */ 104 static void __unused 105 replace_stdin(void) 106 { 107 int fd; 108 109 fd = new_tmpfile(); 110 111 (void)dup2(fd, STDIN_FILENO); 112 if (fd != STDIN_FILENO) 113 close(fd); 114 } 115 116 ATF_TC_WITHOUT_HEAD(memcpy_before_end); 117 ATF_TC_BODY(memcpy_before_end, tc) 118 { 119 #define BUF &__stack.__buf 120 struct { 121 uint8_t padding_l; 122 unsigned char __buf[42]; 123 uint8_t padding_r; 124 } __stack; 125 const size_t __bufsz __unused = sizeof(__stack.__buf); 126 const size_t __len = 42 - 1; 127 const size_t __idx __unused = __len - 1; 128 char src[__len + 10]; 129 130 memcpy(__stack.__buf, src, __len); 131 #undef BUF 132 133 } 134 135 ATF_TC_WITHOUT_HEAD(memcpy_end); 136 ATF_TC_BODY(memcpy_end, tc) 137 { 138 #define BUF &__stack.__buf 139 struct { 140 uint8_t padding_l; 141 unsigned char __buf[42]; 142 uint8_t padding_r; 143 } __stack; 144 const size_t __bufsz __unused = sizeof(__stack.__buf); 145 const size_t __len = 42; 146 const size_t __idx __unused = __len - 1; 147 char src[__len + 10]; 148 149 memcpy(__stack.__buf, src, __len); 150 #undef BUF 151 152 } 153 154 ATF_TC_WITHOUT_HEAD(memcpy_heap_before_end); 155 ATF_TC_BODY(memcpy_heap_before_end, tc) 156 { 157 #define BUF __stack.__buf 158 struct { 159 uint8_t padding_l; 160 unsigned char * __buf; 161 uint8_t padding_r; 162 } __stack; 163 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 164 const size_t __len = 42 - 1; 165 const size_t __idx __unused = __len - 1; 166 char src[__len + 10]; 167 168 __stack.__buf = malloc(__bufsz); 169 170 memcpy(__stack.__buf, src, __len); 171 #undef BUF 172 173 } 174 175 ATF_TC_WITHOUT_HEAD(memcpy_heap_end); 176 ATF_TC_BODY(memcpy_heap_end, tc) 177 { 178 #define BUF __stack.__buf 179 struct { 180 uint8_t padding_l; 181 unsigned char * __buf; 182 uint8_t padding_r; 183 } __stack; 184 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 185 const size_t __len = 42; 186 const size_t __idx __unused = __len - 1; 187 char src[__len + 10]; 188 189 __stack.__buf = malloc(__bufsz); 190 191 memcpy(__stack.__buf, src, __len); 192 #undef BUF 193 194 } 195 196 ATF_TC_WITHOUT_HEAD(memcpy_heap_after_end); 197 ATF_TC_BODY(memcpy_heap_after_end, tc) 198 { 199 #define BUF __stack.__buf 200 struct { 201 uint8_t padding_l; 202 unsigned char * __buf; 203 uint8_t padding_r; 204 } __stack; 205 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 206 const size_t __len = 42 + 1; 207 const size_t __idx __unused = __len - 1; 208 pid_t __child; 209 int __status; 210 char src[__len + 10]; 211 212 __child = fork(); 213 ATF_REQUIRE(__child >= 0); 214 if (__child > 0) 215 goto monitor; 216 217 /* Child */ 218 disable_coredumps(); 219 __stack.__buf = malloc(__bufsz); 220 221 memcpy(__stack.__buf, src, __len); 222 _exit(EX_SOFTWARE); /* Should have aborted. */ 223 224 monitor: 225 while (waitpid(__child, &__status, 0) != __child) { 226 ATF_REQUIRE_EQ(EINTR, errno); 227 } 228 229 if (!WIFSIGNALED(__status)) { 230 switch (WEXITSTATUS(__status)) { 231 case EX_SOFTWARE: 232 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 233 break; 234 case EX_OSERR: 235 atf_tc_fail("setrlimit(2) failed"); 236 break; 237 default: 238 atf_tc_fail("child exited with status %d", 239 WEXITSTATUS(__status)); 240 } 241 } else { 242 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 243 } 244 #undef BUF 245 246 } 247 248 ATF_TC_WITHOUT_HEAD(mempcpy_before_end); 249 ATF_TC_BODY(mempcpy_before_end, tc) 250 { 251 #define BUF &__stack.__buf 252 struct { 253 uint8_t padding_l; 254 unsigned char __buf[42]; 255 uint8_t padding_r; 256 } __stack; 257 const size_t __bufsz __unused = sizeof(__stack.__buf); 258 const size_t __len = 42 - 1; 259 const size_t __idx __unused = __len - 1; 260 char src[__len + 10]; 261 262 mempcpy(__stack.__buf, src, __len); 263 #undef BUF 264 265 } 266 267 ATF_TC_WITHOUT_HEAD(mempcpy_end); 268 ATF_TC_BODY(mempcpy_end, tc) 269 { 270 #define BUF &__stack.__buf 271 struct { 272 uint8_t padding_l; 273 unsigned char __buf[42]; 274 uint8_t padding_r; 275 } __stack; 276 const size_t __bufsz __unused = sizeof(__stack.__buf); 277 const size_t __len = 42; 278 const size_t __idx __unused = __len - 1; 279 char src[__len + 10]; 280 281 mempcpy(__stack.__buf, src, __len); 282 #undef BUF 283 284 } 285 286 ATF_TC_WITHOUT_HEAD(mempcpy_heap_before_end); 287 ATF_TC_BODY(mempcpy_heap_before_end, tc) 288 { 289 #define BUF __stack.__buf 290 struct { 291 uint8_t padding_l; 292 unsigned char * __buf; 293 uint8_t padding_r; 294 } __stack; 295 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 296 const size_t __len = 42 - 1; 297 const size_t __idx __unused = __len - 1; 298 char src[__len + 10]; 299 300 __stack.__buf = malloc(__bufsz); 301 302 mempcpy(__stack.__buf, src, __len); 303 #undef BUF 304 305 } 306 307 ATF_TC_WITHOUT_HEAD(mempcpy_heap_end); 308 ATF_TC_BODY(mempcpy_heap_end, tc) 309 { 310 #define BUF __stack.__buf 311 struct { 312 uint8_t padding_l; 313 unsigned char * __buf; 314 uint8_t padding_r; 315 } __stack; 316 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 317 const size_t __len = 42; 318 const size_t __idx __unused = __len - 1; 319 char src[__len + 10]; 320 321 __stack.__buf = malloc(__bufsz); 322 323 mempcpy(__stack.__buf, src, __len); 324 #undef BUF 325 326 } 327 328 ATF_TC_WITHOUT_HEAD(mempcpy_heap_after_end); 329 ATF_TC_BODY(mempcpy_heap_after_end, tc) 330 { 331 #define BUF __stack.__buf 332 struct { 333 uint8_t padding_l; 334 unsigned char * __buf; 335 uint8_t padding_r; 336 } __stack; 337 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 338 const size_t __len = 42 + 1; 339 const size_t __idx __unused = __len - 1; 340 pid_t __child; 341 int __status; 342 char src[__len + 10]; 343 344 __child = fork(); 345 ATF_REQUIRE(__child >= 0); 346 if (__child > 0) 347 goto monitor; 348 349 /* Child */ 350 disable_coredumps(); 351 __stack.__buf = malloc(__bufsz); 352 353 mempcpy(__stack.__buf, src, __len); 354 _exit(EX_SOFTWARE); /* Should have aborted. */ 355 356 monitor: 357 while (waitpid(__child, &__status, 0) != __child) { 358 ATF_REQUIRE_EQ(EINTR, errno); 359 } 360 361 if (!WIFSIGNALED(__status)) { 362 switch (WEXITSTATUS(__status)) { 363 case EX_SOFTWARE: 364 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 365 break; 366 case EX_OSERR: 367 atf_tc_fail("setrlimit(2) failed"); 368 break; 369 default: 370 atf_tc_fail("child exited with status %d", 371 WEXITSTATUS(__status)); 372 } 373 } else { 374 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 375 } 376 #undef BUF 377 378 } 379 380 ATF_TC_WITHOUT_HEAD(memmove_before_end); 381 ATF_TC_BODY(memmove_before_end, tc) 382 { 383 #define BUF &__stack.__buf 384 struct { 385 uint8_t padding_l; 386 unsigned char __buf[42]; 387 uint8_t padding_r; 388 } __stack; 389 const size_t __bufsz __unused = sizeof(__stack.__buf); 390 const size_t __len = 42 - 1; 391 const size_t __idx __unused = __len - 1; 392 char src[__len + 10]; 393 394 memmove(__stack.__buf, src, __len); 395 #undef BUF 396 397 } 398 399 ATF_TC_WITHOUT_HEAD(memmove_end); 400 ATF_TC_BODY(memmove_end, tc) 401 { 402 #define BUF &__stack.__buf 403 struct { 404 uint8_t padding_l; 405 unsigned char __buf[42]; 406 uint8_t padding_r; 407 } __stack; 408 const size_t __bufsz __unused = sizeof(__stack.__buf); 409 const size_t __len = 42; 410 const size_t __idx __unused = __len - 1; 411 char src[__len + 10]; 412 413 memmove(__stack.__buf, src, __len); 414 #undef BUF 415 416 } 417 418 ATF_TC_WITHOUT_HEAD(memmove_heap_before_end); 419 ATF_TC_BODY(memmove_heap_before_end, tc) 420 { 421 #define BUF __stack.__buf 422 struct { 423 uint8_t padding_l; 424 unsigned char * __buf; 425 uint8_t padding_r; 426 } __stack; 427 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 428 const size_t __len = 42 - 1; 429 const size_t __idx __unused = __len - 1; 430 char src[__len + 10]; 431 432 __stack.__buf = malloc(__bufsz); 433 434 memmove(__stack.__buf, src, __len); 435 #undef BUF 436 437 } 438 439 ATF_TC_WITHOUT_HEAD(memmove_heap_end); 440 ATF_TC_BODY(memmove_heap_end, tc) 441 { 442 #define BUF __stack.__buf 443 struct { 444 uint8_t padding_l; 445 unsigned char * __buf; 446 uint8_t padding_r; 447 } __stack; 448 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 449 const size_t __len = 42; 450 const size_t __idx __unused = __len - 1; 451 char src[__len + 10]; 452 453 __stack.__buf = malloc(__bufsz); 454 455 memmove(__stack.__buf, src, __len); 456 #undef BUF 457 458 } 459 460 ATF_TC_WITHOUT_HEAD(memmove_heap_after_end); 461 ATF_TC_BODY(memmove_heap_after_end, tc) 462 { 463 #define BUF __stack.__buf 464 struct { 465 uint8_t padding_l; 466 unsigned char * __buf; 467 uint8_t padding_r; 468 } __stack; 469 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 470 const size_t __len = 42 + 1; 471 const size_t __idx __unused = __len - 1; 472 pid_t __child; 473 int __status; 474 char src[__len + 10]; 475 476 __child = fork(); 477 ATF_REQUIRE(__child >= 0); 478 if (__child > 0) 479 goto monitor; 480 481 /* Child */ 482 disable_coredumps(); 483 __stack.__buf = malloc(__bufsz); 484 485 memmove(__stack.__buf, src, __len); 486 _exit(EX_SOFTWARE); /* Should have aborted. */ 487 488 monitor: 489 while (waitpid(__child, &__status, 0) != __child) { 490 ATF_REQUIRE_EQ(EINTR, errno); 491 } 492 493 if (!WIFSIGNALED(__status)) { 494 switch (WEXITSTATUS(__status)) { 495 case EX_SOFTWARE: 496 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 497 break; 498 case EX_OSERR: 499 atf_tc_fail("setrlimit(2) failed"); 500 break; 501 default: 502 atf_tc_fail("child exited with status %d", 503 WEXITSTATUS(__status)); 504 } 505 } else { 506 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 507 } 508 #undef BUF 509 510 } 511 512 ATF_TC_WITHOUT_HEAD(memset_before_end); 513 ATF_TC_BODY(memset_before_end, tc) 514 { 515 #define BUF &__stack.__buf 516 struct { 517 uint8_t padding_l; 518 unsigned char __buf[42]; 519 uint8_t padding_r; 520 } __stack; 521 const size_t __bufsz __unused = sizeof(__stack.__buf); 522 const size_t __len = 42 - 1; 523 const size_t __idx __unused = __len - 1; 524 525 memset(__stack.__buf, 0, __len); 526 #undef BUF 527 528 } 529 530 ATF_TC_WITHOUT_HEAD(memset_end); 531 ATF_TC_BODY(memset_end, tc) 532 { 533 #define BUF &__stack.__buf 534 struct { 535 uint8_t padding_l; 536 unsigned char __buf[42]; 537 uint8_t padding_r; 538 } __stack; 539 const size_t __bufsz __unused = sizeof(__stack.__buf); 540 const size_t __len = 42; 541 const size_t __idx __unused = __len - 1; 542 543 memset(__stack.__buf, 0, __len); 544 #undef BUF 545 546 } 547 548 ATF_TC_WITHOUT_HEAD(memset_heap_before_end); 549 ATF_TC_BODY(memset_heap_before_end, tc) 550 { 551 #define BUF __stack.__buf 552 struct { 553 uint8_t padding_l; 554 unsigned char * __buf; 555 uint8_t padding_r; 556 } __stack; 557 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 558 const size_t __len = 42 - 1; 559 const size_t __idx __unused = __len - 1; 560 561 __stack.__buf = malloc(__bufsz); 562 563 memset(__stack.__buf, 0, __len); 564 #undef BUF 565 566 } 567 568 ATF_TC_WITHOUT_HEAD(memset_heap_end); 569 ATF_TC_BODY(memset_heap_end, tc) 570 { 571 #define BUF __stack.__buf 572 struct { 573 uint8_t padding_l; 574 unsigned char * __buf; 575 uint8_t padding_r; 576 } __stack; 577 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 578 const size_t __len = 42; 579 const size_t __idx __unused = __len - 1; 580 581 __stack.__buf = malloc(__bufsz); 582 583 memset(__stack.__buf, 0, __len); 584 #undef BUF 585 586 } 587 588 ATF_TC_WITHOUT_HEAD(memset_heap_after_end); 589 ATF_TC_BODY(memset_heap_after_end, tc) 590 { 591 #define BUF __stack.__buf 592 struct { 593 uint8_t padding_l; 594 unsigned char * __buf; 595 uint8_t padding_r; 596 } __stack; 597 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 598 const size_t __len = 42 + 1; 599 const size_t __idx __unused = __len - 1; 600 pid_t __child; 601 int __status; 602 603 __child = fork(); 604 ATF_REQUIRE(__child >= 0); 605 if (__child > 0) 606 goto monitor; 607 608 /* Child */ 609 disable_coredumps(); 610 __stack.__buf = malloc(__bufsz); 611 612 memset(__stack.__buf, 0, __len); 613 _exit(EX_SOFTWARE); /* Should have aborted. */ 614 615 monitor: 616 while (waitpid(__child, &__status, 0) != __child) { 617 ATF_REQUIRE_EQ(EINTR, errno); 618 } 619 620 if (!WIFSIGNALED(__status)) { 621 switch (WEXITSTATUS(__status)) { 622 case EX_SOFTWARE: 623 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 624 break; 625 case EX_OSERR: 626 atf_tc_fail("setrlimit(2) failed"); 627 break; 628 default: 629 atf_tc_fail("child exited with status %d", 630 WEXITSTATUS(__status)); 631 } 632 } else { 633 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 634 } 635 #undef BUF 636 637 } 638 639 ATF_TC_WITHOUT_HEAD(stpcpy_before_end); 640 ATF_TC_BODY(stpcpy_before_end, tc) 641 { 642 #define BUF &__stack.__buf 643 struct { 644 uint8_t padding_l; 645 unsigned char __buf[42]; 646 uint8_t padding_r; 647 } __stack; 648 const size_t __bufsz __unused = sizeof(__stack.__buf); 649 const size_t __len = 42 - 1; 650 const size_t __idx __unused = __len - 1; 651 char src[__len]; 652 653 memset(__stack.__buf, 0, __len); 654 memset(src, 'A', __len - 1); 655 src[__len - 1] = '\0'; 656 657 stpcpy(__stack.__buf, src); 658 #undef BUF 659 660 } 661 662 ATF_TC_WITHOUT_HEAD(stpcpy_end); 663 ATF_TC_BODY(stpcpy_end, tc) 664 { 665 #define BUF &__stack.__buf 666 struct { 667 uint8_t padding_l; 668 unsigned char __buf[42]; 669 uint8_t padding_r; 670 } __stack; 671 const size_t __bufsz __unused = sizeof(__stack.__buf); 672 const size_t __len = 42; 673 const size_t __idx __unused = __len - 1; 674 char src[__len]; 675 676 memset(__stack.__buf, 0, __len); 677 memset(src, 'A', __len - 1); 678 src[__len - 1] = '\0'; 679 680 stpcpy(__stack.__buf, src); 681 #undef BUF 682 683 } 684 685 ATF_TC_WITHOUT_HEAD(stpcpy_heap_before_end); 686 ATF_TC_BODY(stpcpy_heap_before_end, tc) 687 { 688 #define BUF __stack.__buf 689 struct { 690 uint8_t padding_l; 691 unsigned char * __buf; 692 uint8_t padding_r; 693 } __stack; 694 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 695 const size_t __len = 42 - 1; 696 const size_t __idx __unused = __len - 1; 697 char src[__len]; 698 699 __stack.__buf = malloc(__bufsz); 700 memset(__stack.__buf, 0, __len); 701 memset(src, 'A', __len - 1); 702 src[__len - 1] = '\0'; 703 704 stpcpy(__stack.__buf, src); 705 #undef BUF 706 707 } 708 709 ATF_TC_WITHOUT_HEAD(stpcpy_heap_end); 710 ATF_TC_BODY(stpcpy_heap_end, tc) 711 { 712 #define BUF __stack.__buf 713 struct { 714 uint8_t padding_l; 715 unsigned char * __buf; 716 uint8_t padding_r; 717 } __stack; 718 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 719 const size_t __len = 42; 720 const size_t __idx __unused = __len - 1; 721 char src[__len]; 722 723 __stack.__buf = malloc(__bufsz); 724 memset(__stack.__buf, 0, __len); 725 memset(src, 'A', __len - 1); 726 src[__len - 1] = '\0'; 727 728 stpcpy(__stack.__buf, src); 729 #undef BUF 730 731 } 732 733 ATF_TC_WITHOUT_HEAD(stpcpy_heap_after_end); 734 ATF_TC_BODY(stpcpy_heap_after_end, tc) 735 { 736 #define BUF __stack.__buf 737 struct { 738 uint8_t padding_l; 739 unsigned char * __buf; 740 uint8_t padding_r; 741 } __stack; 742 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 743 const size_t __len = 42 + 1; 744 const size_t __idx __unused = __len - 1; 745 pid_t __child; 746 int __status; 747 char src[__len]; 748 749 __child = fork(); 750 ATF_REQUIRE(__child >= 0); 751 if (__child > 0) 752 goto monitor; 753 754 /* Child */ 755 disable_coredumps(); 756 __stack.__buf = malloc(__bufsz); 757 memset(__stack.__buf, 0, __len); 758 memset(src, 'A', __len - 1); 759 src[__len - 1] = '\0'; 760 761 stpcpy(__stack.__buf, src); 762 _exit(EX_SOFTWARE); /* Should have aborted. */ 763 764 monitor: 765 while (waitpid(__child, &__status, 0) != __child) { 766 ATF_REQUIRE_EQ(EINTR, errno); 767 } 768 769 if (!WIFSIGNALED(__status)) { 770 switch (WEXITSTATUS(__status)) { 771 case EX_SOFTWARE: 772 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 773 break; 774 case EX_OSERR: 775 atf_tc_fail("setrlimit(2) failed"); 776 break; 777 default: 778 atf_tc_fail("child exited with status %d", 779 WEXITSTATUS(__status)); 780 } 781 } else { 782 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 783 } 784 #undef BUF 785 786 } 787 788 ATF_TC_WITHOUT_HEAD(stpncpy_before_end); 789 ATF_TC_BODY(stpncpy_before_end, tc) 790 { 791 #define BUF &__stack.__buf 792 struct { 793 uint8_t padding_l; 794 unsigned char __buf[42]; 795 uint8_t padding_r; 796 } __stack; 797 const size_t __bufsz __unused = sizeof(__stack.__buf); 798 const size_t __len = 42 - 1; 799 const size_t __idx __unused = __len - 1; 800 char src[__len]; 801 802 memset(__stack.__buf, 0, __len); 803 memset(src, 'A', __len - 1); 804 src[__len - 1] = '\0'; 805 806 stpncpy(__stack.__buf, src, __len); 807 #undef BUF 808 809 } 810 811 ATF_TC_WITHOUT_HEAD(stpncpy_end); 812 ATF_TC_BODY(stpncpy_end, tc) 813 { 814 #define BUF &__stack.__buf 815 struct { 816 uint8_t padding_l; 817 unsigned char __buf[42]; 818 uint8_t padding_r; 819 } __stack; 820 const size_t __bufsz __unused = sizeof(__stack.__buf); 821 const size_t __len = 42; 822 const size_t __idx __unused = __len - 1; 823 char src[__len]; 824 825 memset(__stack.__buf, 0, __len); 826 memset(src, 'A', __len - 1); 827 src[__len - 1] = '\0'; 828 829 stpncpy(__stack.__buf, src, __len); 830 #undef BUF 831 832 } 833 834 ATF_TC_WITHOUT_HEAD(stpncpy_heap_before_end); 835 ATF_TC_BODY(stpncpy_heap_before_end, tc) 836 { 837 #define BUF __stack.__buf 838 struct { 839 uint8_t padding_l; 840 unsigned char * __buf; 841 uint8_t padding_r; 842 } __stack; 843 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 844 const size_t __len = 42 - 1; 845 const size_t __idx __unused = __len - 1; 846 char src[__len]; 847 848 __stack.__buf = malloc(__bufsz); 849 memset(__stack.__buf, 0, __len); 850 memset(src, 'A', __len - 1); 851 src[__len - 1] = '\0'; 852 853 stpncpy(__stack.__buf, src, __len); 854 #undef BUF 855 856 } 857 858 ATF_TC_WITHOUT_HEAD(stpncpy_heap_end); 859 ATF_TC_BODY(stpncpy_heap_end, tc) 860 { 861 #define BUF __stack.__buf 862 struct { 863 uint8_t padding_l; 864 unsigned char * __buf; 865 uint8_t padding_r; 866 } __stack; 867 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 868 const size_t __len = 42; 869 const size_t __idx __unused = __len - 1; 870 char src[__len]; 871 872 __stack.__buf = malloc(__bufsz); 873 memset(__stack.__buf, 0, __len); 874 memset(src, 'A', __len - 1); 875 src[__len - 1] = '\0'; 876 877 stpncpy(__stack.__buf, src, __len); 878 #undef BUF 879 880 } 881 882 ATF_TC_WITHOUT_HEAD(stpncpy_heap_after_end); 883 ATF_TC_BODY(stpncpy_heap_after_end, tc) 884 { 885 #define BUF __stack.__buf 886 struct { 887 uint8_t padding_l; 888 unsigned char * __buf; 889 uint8_t padding_r; 890 } __stack; 891 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 892 const size_t __len = 42 + 1; 893 const size_t __idx __unused = __len - 1; 894 pid_t __child; 895 int __status; 896 char src[__len]; 897 898 __child = fork(); 899 ATF_REQUIRE(__child >= 0); 900 if (__child > 0) 901 goto monitor; 902 903 /* Child */ 904 disable_coredumps(); 905 __stack.__buf = malloc(__bufsz); 906 memset(__stack.__buf, 0, __len); 907 memset(src, 'A', __len - 1); 908 src[__len - 1] = '\0'; 909 910 stpncpy(__stack.__buf, src, __len); 911 _exit(EX_SOFTWARE); /* Should have aborted. */ 912 913 monitor: 914 while (waitpid(__child, &__status, 0) != __child) { 915 ATF_REQUIRE_EQ(EINTR, errno); 916 } 917 918 if (!WIFSIGNALED(__status)) { 919 switch (WEXITSTATUS(__status)) { 920 case EX_SOFTWARE: 921 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 922 break; 923 case EX_OSERR: 924 atf_tc_fail("setrlimit(2) failed"); 925 break; 926 default: 927 atf_tc_fail("child exited with status %d", 928 WEXITSTATUS(__status)); 929 } 930 } else { 931 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 932 } 933 #undef BUF 934 935 } 936 937 ATF_TC_WITHOUT_HEAD(strcat_before_end); 938 ATF_TC_BODY(strcat_before_end, tc) 939 { 940 #define BUF &__stack.__buf 941 struct { 942 uint8_t padding_l; 943 unsigned char __buf[42]; 944 uint8_t padding_r; 945 } __stack; 946 const size_t __bufsz __unused = sizeof(__stack.__buf); 947 const size_t __len = 42 - 1; 948 const size_t __idx __unused = __len - 1; 949 char src[__len]; 950 951 memset(__stack.__buf, 0, __len); 952 memset(src, 'A', __len - 1); 953 src[__len - 1] = '\0'; 954 955 strcat(__stack.__buf, src); 956 #undef BUF 957 958 } 959 960 ATF_TC_WITHOUT_HEAD(strcat_end); 961 ATF_TC_BODY(strcat_end, tc) 962 { 963 #define BUF &__stack.__buf 964 struct { 965 uint8_t padding_l; 966 unsigned char __buf[42]; 967 uint8_t padding_r; 968 } __stack; 969 const size_t __bufsz __unused = sizeof(__stack.__buf); 970 const size_t __len = 42; 971 const size_t __idx __unused = __len - 1; 972 char src[__len]; 973 974 memset(__stack.__buf, 0, __len); 975 memset(src, 'A', __len - 1); 976 src[__len - 1] = '\0'; 977 978 strcat(__stack.__buf, src); 979 #undef BUF 980 981 } 982 983 ATF_TC_WITHOUT_HEAD(strcat_heap_before_end); 984 ATF_TC_BODY(strcat_heap_before_end, tc) 985 { 986 #define BUF __stack.__buf 987 struct { 988 uint8_t padding_l; 989 unsigned char * __buf; 990 uint8_t padding_r; 991 } __stack; 992 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 993 const size_t __len = 42 - 1; 994 const size_t __idx __unused = __len - 1; 995 char src[__len]; 996 997 __stack.__buf = malloc(__bufsz); 998 memset(__stack.__buf, 0, __len); 999 memset(src, 'A', __len - 1); 1000 src[__len - 1] = '\0'; 1001 1002 strcat(__stack.__buf, src); 1003 #undef BUF 1004 1005 } 1006 1007 ATF_TC_WITHOUT_HEAD(strcat_heap_end); 1008 ATF_TC_BODY(strcat_heap_end, tc) 1009 { 1010 #define BUF __stack.__buf 1011 struct { 1012 uint8_t padding_l; 1013 unsigned char * __buf; 1014 uint8_t padding_r; 1015 } __stack; 1016 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1017 const size_t __len = 42; 1018 const size_t __idx __unused = __len - 1; 1019 char src[__len]; 1020 1021 __stack.__buf = malloc(__bufsz); 1022 memset(__stack.__buf, 0, __len); 1023 memset(src, 'A', __len - 1); 1024 src[__len - 1] = '\0'; 1025 1026 strcat(__stack.__buf, src); 1027 #undef BUF 1028 1029 } 1030 1031 ATF_TC_WITHOUT_HEAD(strcat_heap_after_end); 1032 ATF_TC_BODY(strcat_heap_after_end, tc) 1033 { 1034 #define BUF __stack.__buf 1035 struct { 1036 uint8_t padding_l; 1037 unsigned char * __buf; 1038 uint8_t padding_r; 1039 } __stack; 1040 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1041 const size_t __len = 42 + 1; 1042 const size_t __idx __unused = __len - 1; 1043 pid_t __child; 1044 int __status; 1045 char src[__len]; 1046 1047 __child = fork(); 1048 ATF_REQUIRE(__child >= 0); 1049 if (__child > 0) 1050 goto monitor; 1051 1052 /* Child */ 1053 disable_coredumps(); 1054 __stack.__buf = malloc(__bufsz); 1055 memset(__stack.__buf, 0, __len); 1056 memset(src, 'A', __len - 1); 1057 src[__len - 1] = '\0'; 1058 1059 strcat(__stack.__buf, src); 1060 _exit(EX_SOFTWARE); /* Should have aborted. */ 1061 1062 monitor: 1063 while (waitpid(__child, &__status, 0) != __child) { 1064 ATF_REQUIRE_EQ(EINTR, errno); 1065 } 1066 1067 if (!WIFSIGNALED(__status)) { 1068 switch (WEXITSTATUS(__status)) { 1069 case EX_SOFTWARE: 1070 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1071 break; 1072 case EX_OSERR: 1073 atf_tc_fail("setrlimit(2) failed"); 1074 break; 1075 default: 1076 atf_tc_fail("child exited with status %d", 1077 WEXITSTATUS(__status)); 1078 } 1079 } else { 1080 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1081 } 1082 #undef BUF 1083 1084 } 1085 1086 ATF_TC_WITHOUT_HEAD(strlcat_before_end); 1087 ATF_TC_BODY(strlcat_before_end, tc) 1088 { 1089 #define BUF &__stack.__buf 1090 struct { 1091 uint8_t padding_l; 1092 unsigned char __buf[42]; 1093 uint8_t padding_r; 1094 } __stack; 1095 const size_t __bufsz __unused = sizeof(__stack.__buf); 1096 const size_t __len = 42 - 1; 1097 const size_t __idx __unused = __len - 1; 1098 char src[__len]; 1099 1100 memset(__stack.__buf, 0, __len); 1101 memset(src, 'A', __len - 1); 1102 src[__len - 1] = '\0'; 1103 1104 strlcat(__stack.__buf, src, __len); 1105 #undef BUF 1106 1107 } 1108 1109 ATF_TC_WITHOUT_HEAD(strlcat_end); 1110 ATF_TC_BODY(strlcat_end, tc) 1111 { 1112 #define BUF &__stack.__buf 1113 struct { 1114 uint8_t padding_l; 1115 unsigned char __buf[42]; 1116 uint8_t padding_r; 1117 } __stack; 1118 const size_t __bufsz __unused = sizeof(__stack.__buf); 1119 const size_t __len = 42; 1120 const size_t __idx __unused = __len - 1; 1121 char src[__len]; 1122 1123 memset(__stack.__buf, 0, __len); 1124 memset(src, 'A', __len - 1); 1125 src[__len - 1] = '\0'; 1126 1127 strlcat(__stack.__buf, src, __len); 1128 #undef BUF 1129 1130 } 1131 1132 ATF_TC_WITHOUT_HEAD(strlcat_heap_before_end); 1133 ATF_TC_BODY(strlcat_heap_before_end, tc) 1134 { 1135 #define BUF __stack.__buf 1136 struct { 1137 uint8_t padding_l; 1138 unsigned char * __buf; 1139 uint8_t padding_r; 1140 } __stack; 1141 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1142 const size_t __len = 42 - 1; 1143 const size_t __idx __unused = __len - 1; 1144 char src[__len]; 1145 1146 __stack.__buf = malloc(__bufsz); 1147 memset(__stack.__buf, 0, __len); 1148 memset(src, 'A', __len - 1); 1149 src[__len - 1] = '\0'; 1150 1151 strlcat(__stack.__buf, src, __len); 1152 #undef BUF 1153 1154 } 1155 1156 ATF_TC_WITHOUT_HEAD(strlcat_heap_end); 1157 ATF_TC_BODY(strlcat_heap_end, tc) 1158 { 1159 #define BUF __stack.__buf 1160 struct { 1161 uint8_t padding_l; 1162 unsigned char * __buf; 1163 uint8_t padding_r; 1164 } __stack; 1165 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1166 const size_t __len = 42; 1167 const size_t __idx __unused = __len - 1; 1168 char src[__len]; 1169 1170 __stack.__buf = malloc(__bufsz); 1171 memset(__stack.__buf, 0, __len); 1172 memset(src, 'A', __len - 1); 1173 src[__len - 1] = '\0'; 1174 1175 strlcat(__stack.__buf, src, __len); 1176 #undef BUF 1177 1178 } 1179 1180 ATF_TC_WITHOUT_HEAD(strlcat_heap_after_end); 1181 ATF_TC_BODY(strlcat_heap_after_end, tc) 1182 { 1183 #define BUF __stack.__buf 1184 struct { 1185 uint8_t padding_l; 1186 unsigned char * __buf; 1187 uint8_t padding_r; 1188 } __stack; 1189 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1190 const size_t __len = 42 + 1; 1191 const size_t __idx __unused = __len - 1; 1192 pid_t __child; 1193 int __status; 1194 char src[__len]; 1195 1196 __child = fork(); 1197 ATF_REQUIRE(__child >= 0); 1198 if (__child > 0) 1199 goto monitor; 1200 1201 /* Child */ 1202 disable_coredumps(); 1203 __stack.__buf = malloc(__bufsz); 1204 memset(__stack.__buf, 0, __len); 1205 memset(src, 'A', __len - 1); 1206 src[__len - 1] = '\0'; 1207 1208 strlcat(__stack.__buf, src, __len); 1209 _exit(EX_SOFTWARE); /* Should have aborted. */ 1210 1211 monitor: 1212 while (waitpid(__child, &__status, 0) != __child) { 1213 ATF_REQUIRE_EQ(EINTR, errno); 1214 } 1215 1216 if (!WIFSIGNALED(__status)) { 1217 switch (WEXITSTATUS(__status)) { 1218 case EX_SOFTWARE: 1219 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1220 break; 1221 case EX_OSERR: 1222 atf_tc_fail("setrlimit(2) failed"); 1223 break; 1224 default: 1225 atf_tc_fail("child exited with status %d", 1226 WEXITSTATUS(__status)); 1227 } 1228 } else { 1229 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1230 } 1231 #undef BUF 1232 1233 } 1234 1235 ATF_TC_WITHOUT_HEAD(strncat_before_end); 1236 ATF_TC_BODY(strncat_before_end, tc) 1237 { 1238 #define BUF &__stack.__buf 1239 struct { 1240 uint8_t padding_l; 1241 unsigned char __buf[42]; 1242 uint8_t padding_r; 1243 } __stack; 1244 const size_t __bufsz __unused = sizeof(__stack.__buf); 1245 const size_t __len = 42 - 1; 1246 const size_t __idx __unused = __len - 1; 1247 char src[__len]; 1248 1249 memset(__stack.__buf, 0, __len); 1250 memset(src, 'A', __len - 1); 1251 src[__len - 1] = '\0'; 1252 1253 strncat(__stack.__buf, src, __len); 1254 #undef BUF 1255 1256 } 1257 1258 ATF_TC_WITHOUT_HEAD(strncat_end); 1259 ATF_TC_BODY(strncat_end, tc) 1260 { 1261 #define BUF &__stack.__buf 1262 struct { 1263 uint8_t padding_l; 1264 unsigned char __buf[42]; 1265 uint8_t padding_r; 1266 } __stack; 1267 const size_t __bufsz __unused = sizeof(__stack.__buf); 1268 const size_t __len = 42; 1269 const size_t __idx __unused = __len - 1; 1270 char src[__len]; 1271 1272 memset(__stack.__buf, 0, __len); 1273 memset(src, 'A', __len - 1); 1274 src[__len - 1] = '\0'; 1275 1276 strncat(__stack.__buf, src, __len); 1277 #undef BUF 1278 1279 } 1280 1281 ATF_TC_WITHOUT_HEAD(strncat_heap_before_end); 1282 ATF_TC_BODY(strncat_heap_before_end, tc) 1283 { 1284 #define BUF __stack.__buf 1285 struct { 1286 uint8_t padding_l; 1287 unsigned char * __buf; 1288 uint8_t padding_r; 1289 } __stack; 1290 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1291 const size_t __len = 42 - 1; 1292 const size_t __idx __unused = __len - 1; 1293 char src[__len]; 1294 1295 __stack.__buf = malloc(__bufsz); 1296 memset(__stack.__buf, 0, __len); 1297 memset(src, 'A', __len - 1); 1298 src[__len - 1] = '\0'; 1299 1300 strncat(__stack.__buf, src, __len); 1301 #undef BUF 1302 1303 } 1304 1305 ATF_TC_WITHOUT_HEAD(strncat_heap_end); 1306 ATF_TC_BODY(strncat_heap_end, tc) 1307 { 1308 #define BUF __stack.__buf 1309 struct { 1310 uint8_t padding_l; 1311 unsigned char * __buf; 1312 uint8_t padding_r; 1313 } __stack; 1314 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1315 const size_t __len = 42; 1316 const size_t __idx __unused = __len - 1; 1317 char src[__len]; 1318 1319 __stack.__buf = malloc(__bufsz); 1320 memset(__stack.__buf, 0, __len); 1321 memset(src, 'A', __len - 1); 1322 src[__len - 1] = '\0'; 1323 1324 strncat(__stack.__buf, src, __len); 1325 #undef BUF 1326 1327 } 1328 1329 ATF_TC_WITHOUT_HEAD(strncat_heap_after_end); 1330 ATF_TC_BODY(strncat_heap_after_end, tc) 1331 { 1332 #define BUF __stack.__buf 1333 struct { 1334 uint8_t padding_l; 1335 unsigned char * __buf; 1336 uint8_t padding_r; 1337 } __stack; 1338 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1339 const size_t __len = 42 + 1; 1340 const size_t __idx __unused = __len - 1; 1341 pid_t __child; 1342 int __status; 1343 char src[__len]; 1344 1345 __child = fork(); 1346 ATF_REQUIRE(__child >= 0); 1347 if (__child > 0) 1348 goto monitor; 1349 1350 /* Child */ 1351 disable_coredumps(); 1352 __stack.__buf = malloc(__bufsz); 1353 memset(__stack.__buf, 0, __len); 1354 memset(src, 'A', __len - 1); 1355 src[__len - 1] = '\0'; 1356 1357 strncat(__stack.__buf, src, __len); 1358 _exit(EX_SOFTWARE); /* Should have aborted. */ 1359 1360 monitor: 1361 while (waitpid(__child, &__status, 0) != __child) { 1362 ATF_REQUIRE_EQ(EINTR, errno); 1363 } 1364 1365 if (!WIFSIGNALED(__status)) { 1366 switch (WEXITSTATUS(__status)) { 1367 case EX_SOFTWARE: 1368 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1369 break; 1370 case EX_OSERR: 1371 atf_tc_fail("setrlimit(2) failed"); 1372 break; 1373 default: 1374 atf_tc_fail("child exited with status %d", 1375 WEXITSTATUS(__status)); 1376 } 1377 } else { 1378 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1379 } 1380 #undef BUF 1381 1382 } 1383 1384 ATF_TC_WITHOUT_HEAD(strcpy_before_end); 1385 ATF_TC_BODY(strcpy_before_end, tc) 1386 { 1387 #define BUF &__stack.__buf 1388 struct { 1389 uint8_t padding_l; 1390 unsigned char __buf[42]; 1391 uint8_t padding_r; 1392 } __stack; 1393 const size_t __bufsz __unused = sizeof(__stack.__buf); 1394 const size_t __len = 42 - 1; 1395 const size_t __idx __unused = __len - 1; 1396 char src[__len]; 1397 1398 memset(__stack.__buf, 0, __len); 1399 memset(src, 'A', __len - 1); 1400 src[__len - 1] = '\0'; 1401 1402 strcpy(__stack.__buf, src); 1403 #undef BUF 1404 1405 } 1406 1407 ATF_TC_WITHOUT_HEAD(strcpy_end); 1408 ATF_TC_BODY(strcpy_end, tc) 1409 { 1410 #define BUF &__stack.__buf 1411 struct { 1412 uint8_t padding_l; 1413 unsigned char __buf[42]; 1414 uint8_t padding_r; 1415 } __stack; 1416 const size_t __bufsz __unused = sizeof(__stack.__buf); 1417 const size_t __len = 42; 1418 const size_t __idx __unused = __len - 1; 1419 char src[__len]; 1420 1421 memset(__stack.__buf, 0, __len); 1422 memset(src, 'A', __len - 1); 1423 src[__len - 1] = '\0'; 1424 1425 strcpy(__stack.__buf, src); 1426 #undef BUF 1427 1428 } 1429 1430 ATF_TC_WITHOUT_HEAD(strcpy_heap_before_end); 1431 ATF_TC_BODY(strcpy_heap_before_end, tc) 1432 { 1433 #define BUF __stack.__buf 1434 struct { 1435 uint8_t padding_l; 1436 unsigned char * __buf; 1437 uint8_t padding_r; 1438 } __stack; 1439 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1440 const size_t __len = 42 - 1; 1441 const size_t __idx __unused = __len - 1; 1442 char src[__len]; 1443 1444 __stack.__buf = malloc(__bufsz); 1445 memset(__stack.__buf, 0, __len); 1446 memset(src, 'A', __len - 1); 1447 src[__len - 1] = '\0'; 1448 1449 strcpy(__stack.__buf, src); 1450 #undef BUF 1451 1452 } 1453 1454 ATF_TC_WITHOUT_HEAD(strcpy_heap_end); 1455 ATF_TC_BODY(strcpy_heap_end, tc) 1456 { 1457 #define BUF __stack.__buf 1458 struct { 1459 uint8_t padding_l; 1460 unsigned char * __buf; 1461 uint8_t padding_r; 1462 } __stack; 1463 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1464 const size_t __len = 42; 1465 const size_t __idx __unused = __len - 1; 1466 char src[__len]; 1467 1468 __stack.__buf = malloc(__bufsz); 1469 memset(__stack.__buf, 0, __len); 1470 memset(src, 'A', __len - 1); 1471 src[__len - 1] = '\0'; 1472 1473 strcpy(__stack.__buf, src); 1474 #undef BUF 1475 1476 } 1477 1478 ATF_TC_WITHOUT_HEAD(strcpy_heap_after_end); 1479 ATF_TC_BODY(strcpy_heap_after_end, tc) 1480 { 1481 #define BUF __stack.__buf 1482 struct { 1483 uint8_t padding_l; 1484 unsigned char * __buf; 1485 uint8_t padding_r; 1486 } __stack; 1487 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1488 const size_t __len = 42 + 1; 1489 const size_t __idx __unused = __len - 1; 1490 pid_t __child; 1491 int __status; 1492 char src[__len]; 1493 1494 __child = fork(); 1495 ATF_REQUIRE(__child >= 0); 1496 if (__child > 0) 1497 goto monitor; 1498 1499 /* Child */ 1500 disable_coredumps(); 1501 __stack.__buf = malloc(__bufsz); 1502 memset(__stack.__buf, 0, __len); 1503 memset(src, 'A', __len - 1); 1504 src[__len - 1] = '\0'; 1505 1506 strcpy(__stack.__buf, src); 1507 _exit(EX_SOFTWARE); /* Should have aborted. */ 1508 1509 monitor: 1510 while (waitpid(__child, &__status, 0) != __child) { 1511 ATF_REQUIRE_EQ(EINTR, errno); 1512 } 1513 1514 if (!WIFSIGNALED(__status)) { 1515 switch (WEXITSTATUS(__status)) { 1516 case EX_SOFTWARE: 1517 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1518 break; 1519 case EX_OSERR: 1520 atf_tc_fail("setrlimit(2) failed"); 1521 break; 1522 default: 1523 atf_tc_fail("child exited with status %d", 1524 WEXITSTATUS(__status)); 1525 } 1526 } else { 1527 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1528 } 1529 #undef BUF 1530 1531 } 1532 1533 ATF_TC_WITHOUT_HEAD(strlcpy_before_end); 1534 ATF_TC_BODY(strlcpy_before_end, tc) 1535 { 1536 #define BUF &__stack.__buf 1537 struct { 1538 uint8_t padding_l; 1539 unsigned char __buf[42]; 1540 uint8_t padding_r; 1541 } __stack; 1542 const size_t __bufsz __unused = sizeof(__stack.__buf); 1543 const size_t __len = 42 - 1; 1544 const size_t __idx __unused = __len - 1; 1545 char src[__len]; 1546 1547 memset(__stack.__buf, 0, __len); 1548 memset(src, 'A', __len - 1); 1549 src[__len - 1] = '\0'; 1550 1551 strlcpy(__stack.__buf, src, __len); 1552 #undef BUF 1553 1554 } 1555 1556 ATF_TC_WITHOUT_HEAD(strlcpy_end); 1557 ATF_TC_BODY(strlcpy_end, tc) 1558 { 1559 #define BUF &__stack.__buf 1560 struct { 1561 uint8_t padding_l; 1562 unsigned char __buf[42]; 1563 uint8_t padding_r; 1564 } __stack; 1565 const size_t __bufsz __unused = sizeof(__stack.__buf); 1566 const size_t __len = 42; 1567 const size_t __idx __unused = __len - 1; 1568 char src[__len]; 1569 1570 memset(__stack.__buf, 0, __len); 1571 memset(src, 'A', __len - 1); 1572 src[__len - 1] = '\0'; 1573 1574 strlcpy(__stack.__buf, src, __len); 1575 #undef BUF 1576 1577 } 1578 1579 ATF_TC_WITHOUT_HEAD(strlcpy_heap_before_end); 1580 ATF_TC_BODY(strlcpy_heap_before_end, tc) 1581 { 1582 #define BUF __stack.__buf 1583 struct { 1584 uint8_t padding_l; 1585 unsigned char * __buf; 1586 uint8_t padding_r; 1587 } __stack; 1588 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1589 const size_t __len = 42 - 1; 1590 const size_t __idx __unused = __len - 1; 1591 char src[__len]; 1592 1593 __stack.__buf = malloc(__bufsz); 1594 memset(__stack.__buf, 0, __len); 1595 memset(src, 'A', __len - 1); 1596 src[__len - 1] = '\0'; 1597 1598 strlcpy(__stack.__buf, src, __len); 1599 #undef BUF 1600 1601 } 1602 1603 ATF_TC_WITHOUT_HEAD(strlcpy_heap_end); 1604 ATF_TC_BODY(strlcpy_heap_end, tc) 1605 { 1606 #define BUF __stack.__buf 1607 struct { 1608 uint8_t padding_l; 1609 unsigned char * __buf; 1610 uint8_t padding_r; 1611 } __stack; 1612 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1613 const size_t __len = 42; 1614 const size_t __idx __unused = __len - 1; 1615 char src[__len]; 1616 1617 __stack.__buf = malloc(__bufsz); 1618 memset(__stack.__buf, 0, __len); 1619 memset(src, 'A', __len - 1); 1620 src[__len - 1] = '\0'; 1621 1622 strlcpy(__stack.__buf, src, __len); 1623 #undef BUF 1624 1625 } 1626 1627 ATF_TC_WITHOUT_HEAD(strlcpy_heap_after_end); 1628 ATF_TC_BODY(strlcpy_heap_after_end, tc) 1629 { 1630 #define BUF __stack.__buf 1631 struct { 1632 uint8_t padding_l; 1633 unsigned char * __buf; 1634 uint8_t padding_r; 1635 } __stack; 1636 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1637 const size_t __len = 42 + 1; 1638 const size_t __idx __unused = __len - 1; 1639 pid_t __child; 1640 int __status; 1641 char src[__len]; 1642 1643 __child = fork(); 1644 ATF_REQUIRE(__child >= 0); 1645 if (__child > 0) 1646 goto monitor; 1647 1648 /* Child */ 1649 disable_coredumps(); 1650 __stack.__buf = malloc(__bufsz); 1651 memset(__stack.__buf, 0, __len); 1652 memset(src, 'A', __len - 1); 1653 src[__len - 1] = '\0'; 1654 1655 strlcpy(__stack.__buf, src, __len); 1656 _exit(EX_SOFTWARE); /* Should have aborted. */ 1657 1658 monitor: 1659 while (waitpid(__child, &__status, 0) != __child) { 1660 ATF_REQUIRE_EQ(EINTR, errno); 1661 } 1662 1663 if (!WIFSIGNALED(__status)) { 1664 switch (WEXITSTATUS(__status)) { 1665 case EX_SOFTWARE: 1666 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1667 break; 1668 case EX_OSERR: 1669 atf_tc_fail("setrlimit(2) failed"); 1670 break; 1671 default: 1672 atf_tc_fail("child exited with status %d", 1673 WEXITSTATUS(__status)); 1674 } 1675 } else { 1676 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1677 } 1678 #undef BUF 1679 1680 } 1681 1682 ATF_TC_WITHOUT_HEAD(strncpy_before_end); 1683 ATF_TC_BODY(strncpy_before_end, tc) 1684 { 1685 #define BUF &__stack.__buf 1686 struct { 1687 uint8_t padding_l; 1688 unsigned char __buf[42]; 1689 uint8_t padding_r; 1690 } __stack; 1691 const size_t __bufsz __unused = sizeof(__stack.__buf); 1692 const size_t __len = 42 - 1; 1693 const size_t __idx __unused = __len - 1; 1694 char src[__len]; 1695 1696 memset(__stack.__buf, 0, __len); 1697 memset(src, 'A', __len - 1); 1698 src[__len - 1] = '\0'; 1699 1700 strncpy(__stack.__buf, src, __len); 1701 #undef BUF 1702 1703 } 1704 1705 ATF_TC_WITHOUT_HEAD(strncpy_end); 1706 ATF_TC_BODY(strncpy_end, tc) 1707 { 1708 #define BUF &__stack.__buf 1709 struct { 1710 uint8_t padding_l; 1711 unsigned char __buf[42]; 1712 uint8_t padding_r; 1713 } __stack; 1714 const size_t __bufsz __unused = sizeof(__stack.__buf); 1715 const size_t __len = 42; 1716 const size_t __idx __unused = __len - 1; 1717 char src[__len]; 1718 1719 memset(__stack.__buf, 0, __len); 1720 memset(src, 'A', __len - 1); 1721 src[__len - 1] = '\0'; 1722 1723 strncpy(__stack.__buf, src, __len); 1724 #undef BUF 1725 1726 } 1727 1728 ATF_TC_WITHOUT_HEAD(strncpy_heap_before_end); 1729 ATF_TC_BODY(strncpy_heap_before_end, tc) 1730 { 1731 #define BUF __stack.__buf 1732 struct { 1733 uint8_t padding_l; 1734 unsigned char * __buf; 1735 uint8_t padding_r; 1736 } __stack; 1737 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1738 const size_t __len = 42 - 1; 1739 const size_t __idx __unused = __len - 1; 1740 char src[__len]; 1741 1742 __stack.__buf = malloc(__bufsz); 1743 memset(__stack.__buf, 0, __len); 1744 memset(src, 'A', __len - 1); 1745 src[__len - 1] = '\0'; 1746 1747 strncpy(__stack.__buf, src, __len); 1748 #undef BUF 1749 1750 } 1751 1752 ATF_TC_WITHOUT_HEAD(strncpy_heap_end); 1753 ATF_TC_BODY(strncpy_heap_end, tc) 1754 { 1755 #define BUF __stack.__buf 1756 struct { 1757 uint8_t padding_l; 1758 unsigned char * __buf; 1759 uint8_t padding_r; 1760 } __stack; 1761 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1762 const size_t __len = 42; 1763 const size_t __idx __unused = __len - 1; 1764 char src[__len]; 1765 1766 __stack.__buf = malloc(__bufsz); 1767 memset(__stack.__buf, 0, __len); 1768 memset(src, 'A', __len - 1); 1769 src[__len - 1] = '\0'; 1770 1771 strncpy(__stack.__buf, src, __len); 1772 #undef BUF 1773 1774 } 1775 1776 ATF_TC_WITHOUT_HEAD(strncpy_heap_after_end); 1777 ATF_TC_BODY(strncpy_heap_after_end, tc) 1778 { 1779 #define BUF __stack.__buf 1780 struct { 1781 uint8_t padding_l; 1782 unsigned char * __buf; 1783 uint8_t padding_r; 1784 } __stack; 1785 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1786 const size_t __len = 42 + 1; 1787 const size_t __idx __unused = __len - 1; 1788 pid_t __child; 1789 int __status; 1790 char src[__len]; 1791 1792 __child = fork(); 1793 ATF_REQUIRE(__child >= 0); 1794 if (__child > 0) 1795 goto monitor; 1796 1797 /* Child */ 1798 disable_coredumps(); 1799 __stack.__buf = malloc(__bufsz); 1800 memset(__stack.__buf, 0, __len); 1801 memset(src, 'A', __len - 1); 1802 src[__len - 1] = '\0'; 1803 1804 strncpy(__stack.__buf, src, __len); 1805 _exit(EX_SOFTWARE); /* Should have aborted. */ 1806 1807 monitor: 1808 while (waitpid(__child, &__status, 0) != __child) { 1809 ATF_REQUIRE_EQ(EINTR, errno); 1810 } 1811 1812 if (!WIFSIGNALED(__status)) { 1813 switch (WEXITSTATUS(__status)) { 1814 case EX_SOFTWARE: 1815 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1816 break; 1817 case EX_OSERR: 1818 atf_tc_fail("setrlimit(2) failed"); 1819 break; 1820 default: 1821 atf_tc_fail("child exited with status %d", 1822 WEXITSTATUS(__status)); 1823 } 1824 } else { 1825 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1826 } 1827 #undef BUF 1828 1829 } 1830 1831 ATF_TP_ADD_TCS(tp) 1832 { 1833 ATF_TP_ADD_TC(tp, memcpy_before_end); 1834 ATF_TP_ADD_TC(tp, memcpy_end); 1835 ATF_TP_ADD_TC(tp, memcpy_heap_before_end); 1836 ATF_TP_ADD_TC(tp, memcpy_heap_end); 1837 ATF_TP_ADD_TC(tp, memcpy_heap_after_end); 1838 ATF_TP_ADD_TC(tp, mempcpy_before_end); 1839 ATF_TP_ADD_TC(tp, mempcpy_end); 1840 ATF_TP_ADD_TC(tp, mempcpy_heap_before_end); 1841 ATF_TP_ADD_TC(tp, mempcpy_heap_end); 1842 ATF_TP_ADD_TC(tp, mempcpy_heap_after_end); 1843 ATF_TP_ADD_TC(tp, memmove_before_end); 1844 ATF_TP_ADD_TC(tp, memmove_end); 1845 ATF_TP_ADD_TC(tp, memmove_heap_before_end); 1846 ATF_TP_ADD_TC(tp, memmove_heap_end); 1847 ATF_TP_ADD_TC(tp, memmove_heap_after_end); 1848 ATF_TP_ADD_TC(tp, memset_before_end); 1849 ATF_TP_ADD_TC(tp, memset_end); 1850 ATF_TP_ADD_TC(tp, memset_heap_before_end); 1851 ATF_TP_ADD_TC(tp, memset_heap_end); 1852 ATF_TP_ADD_TC(tp, memset_heap_after_end); 1853 ATF_TP_ADD_TC(tp, stpcpy_before_end); 1854 ATF_TP_ADD_TC(tp, stpcpy_end); 1855 ATF_TP_ADD_TC(tp, stpcpy_heap_before_end); 1856 ATF_TP_ADD_TC(tp, stpcpy_heap_end); 1857 ATF_TP_ADD_TC(tp, stpcpy_heap_after_end); 1858 ATF_TP_ADD_TC(tp, stpncpy_before_end); 1859 ATF_TP_ADD_TC(tp, stpncpy_end); 1860 ATF_TP_ADD_TC(tp, stpncpy_heap_before_end); 1861 ATF_TP_ADD_TC(tp, stpncpy_heap_end); 1862 ATF_TP_ADD_TC(tp, stpncpy_heap_after_end); 1863 ATF_TP_ADD_TC(tp, strcat_before_end); 1864 ATF_TP_ADD_TC(tp, strcat_end); 1865 ATF_TP_ADD_TC(tp, strcat_heap_before_end); 1866 ATF_TP_ADD_TC(tp, strcat_heap_end); 1867 ATF_TP_ADD_TC(tp, strcat_heap_after_end); 1868 ATF_TP_ADD_TC(tp, strlcat_before_end); 1869 ATF_TP_ADD_TC(tp, strlcat_end); 1870 ATF_TP_ADD_TC(tp, strlcat_heap_before_end); 1871 ATF_TP_ADD_TC(tp, strlcat_heap_end); 1872 ATF_TP_ADD_TC(tp, strlcat_heap_after_end); 1873 ATF_TP_ADD_TC(tp, strncat_before_end); 1874 ATF_TP_ADD_TC(tp, strncat_end); 1875 ATF_TP_ADD_TC(tp, strncat_heap_before_end); 1876 ATF_TP_ADD_TC(tp, strncat_heap_end); 1877 ATF_TP_ADD_TC(tp, strncat_heap_after_end); 1878 ATF_TP_ADD_TC(tp, strcpy_before_end); 1879 ATF_TP_ADD_TC(tp, strcpy_end); 1880 ATF_TP_ADD_TC(tp, strcpy_heap_before_end); 1881 ATF_TP_ADD_TC(tp, strcpy_heap_end); 1882 ATF_TP_ADD_TC(tp, strcpy_heap_after_end); 1883 ATF_TP_ADD_TC(tp, strlcpy_before_end); 1884 ATF_TP_ADD_TC(tp, strlcpy_end); 1885 ATF_TP_ADD_TC(tp, strlcpy_heap_before_end); 1886 ATF_TP_ADD_TC(tp, strlcpy_heap_end); 1887 ATF_TP_ADD_TC(tp, strlcpy_heap_after_end); 1888 ATF_TP_ADD_TC(tp, strncpy_before_end); 1889 ATF_TP_ADD_TC(tp, strncpy_end); 1890 ATF_TP_ADD_TC(tp, strncpy_heap_before_end); 1891 ATF_TP_ADD_TC(tp, strncpy_heap_end); 1892 ATF_TP_ADD_TC(tp, strncpy_heap_after_end); 1893 return (atf_no_error()); 1894 } 1895