1 /* @generated by `generate-fortify-tests.lua "string"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/random.h> 8 #include <sys/resource.h> 9 #include <sys/select.h> 10 #include <sys/socket.h> 11 #include <sys/time.h> 12 #include <sys/uio.h> 13 #include <sys/wait.h> 14 #include <dirent.h> 15 #include <errno.h> 16 #include <fcntl.h> 17 #include <limits.h> 18 #include <poll.h> 19 #include <signal.h> 20 #include <stdio.h> 21 #include <stdlib.h> 22 #include <string.h> 23 #include <strings.h> 24 #include <sysexits.h> 25 #include <unistd.h> 26 #include <wchar.h> 27 #include <atf-c.h> 28 29 static FILE * __unused 30 new_fp(size_t __len) 31 { 32 static char fpbuf[LINE_MAX]; 33 FILE *fp; 34 35 ATF_REQUIRE(__len <= sizeof(fpbuf)); 36 37 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 38 fpbuf[sizeof(fpbuf) - 1] = '\0'; 39 40 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 41 ATF_REQUIRE(fp != NULL); 42 43 return (fp); 44 } 45 46 /* 47 * Create a new symlink to use for readlink(2) style tests, we'll just use a 48 * random target name to have something interesting to look at. 49 */ 50 static const char * __unused 51 new_symlink(size_t __len) 52 { 53 static const char linkname[] = "link"; 54 char target[MAXNAMLEN]; 55 int error; 56 57 ATF_REQUIRE(__len <= sizeof(target)); 58 59 arc4random_buf(target, sizeof(target)); 60 61 error = unlink(linkname); 62 ATF_REQUIRE(error == 0 || errno == ENOENT); 63 64 error = symlink(target, linkname); 65 ATF_REQUIRE(error == 0); 66 67 return (linkname); 68 } 69 70 /* 71 * For our purposes, first descriptor will be the reader; we'll send both 72 * raw data and a control message over it so that the result can be used for 73 * any of our recv*() tests. 74 */ 75 static void __unused 76 new_socket(int sock[2]) 77 { 78 unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 }; 79 static char sockbuf[256]; 80 ssize_t rv; 81 size_t total = 0; 82 struct msghdr hdr = { 0 }; 83 struct cmsghdr *cmsg; 84 int error, fd; 85 86 error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock); 87 ATF_REQUIRE(error == 0); 88 89 while (total != sizeof(sockbuf)) { 90 rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0); 91 92 ATF_REQUIRE_MSG(rv > 0, 93 "expected bytes sent, got %zd with %zu left (size %zu, total %zu)", 94 rv, sizeof(sockbuf) - total, sizeof(sockbuf), total); 95 ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf), 96 "%zd exceeds total %zu", rv, sizeof(sockbuf)); 97 total += rv; 98 } 99 100 hdr.msg_control = ctrl; 101 hdr.msg_controllen = sizeof(ctrl); 102 103 cmsg = CMSG_FIRSTHDR(&hdr); 104 cmsg->cmsg_level = SOL_SOCKET; 105 cmsg->cmsg_type = SCM_RIGHTS; 106 cmsg->cmsg_len = CMSG_LEN(sizeof(fd)); 107 fd = STDIN_FILENO; 108 memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd)); 109 110 error = sendmsg(sock[1], &hdr, 0); 111 ATF_REQUIRE(error != -1); 112 } 113 114 /* 115 * Constructs a tmpfile that we can use for testing read(2) and friends. 116 */ 117 static int __unused 118 new_tmpfile(void) 119 { 120 char buf[1024]; 121 ssize_t rv; 122 size_t written; 123 int fd; 124 125 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 126 ATF_REQUIRE(fd >= 0); 127 128 written = 0; 129 while (written < TMPFILE_SIZE) { 130 rv = write(fd, buf, sizeof(buf)); 131 ATF_REQUIRE(rv > 0); 132 133 written += rv; 134 } 135 136 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 137 return (fd); 138 } 139 140 static void 141 disable_coredumps(void) 142 { 143 struct rlimit rl = { 0 }; 144 145 if (setrlimit(RLIMIT_CORE, &rl) == -1) 146 _exit(EX_OSERR); 147 } 148 149 /* 150 * Replaces stdin with a file that we can actually read from, for tests where 151 * we want a FILE * or fd that we can get data from. 152 */ 153 static void __unused 154 replace_stdin(void) 155 { 156 int fd; 157 158 fd = new_tmpfile(); 159 160 (void)dup2(fd, STDIN_FILENO); 161 if (fd != STDIN_FILENO) 162 close(fd); 163 } 164 165 ATF_TC_WITHOUT_HEAD(memcpy_before_end); 166 ATF_TC_BODY(memcpy_before_end, tc) 167 { 168 #define BUF &__stack.__buf 169 struct { 170 uint8_t padding_l; 171 unsigned char __buf[42]; 172 uint8_t padding_r; 173 } __stack; 174 const size_t __bufsz __unused = sizeof(__stack.__buf); 175 const size_t __len = 42 - 1; 176 const size_t __idx __unused = __len - 1; 177 char src[__len + 10]; 178 179 memcpy(__stack.__buf, src, __len); 180 #undef BUF 181 182 } 183 184 ATF_TC_WITHOUT_HEAD(memcpy_end); 185 ATF_TC_BODY(memcpy_end, tc) 186 { 187 #define BUF &__stack.__buf 188 struct { 189 uint8_t padding_l; 190 unsigned char __buf[42]; 191 uint8_t padding_r; 192 } __stack; 193 const size_t __bufsz __unused = sizeof(__stack.__buf); 194 const size_t __len = 42; 195 const size_t __idx __unused = __len - 1; 196 char src[__len + 10]; 197 198 memcpy(__stack.__buf, src, __len); 199 #undef BUF 200 201 } 202 203 ATF_TC_WITHOUT_HEAD(memcpy_heap_before_end); 204 ATF_TC_BODY(memcpy_heap_before_end, tc) 205 { 206 #define BUF __stack.__buf 207 struct { 208 uint8_t padding_l; 209 unsigned char * __buf; 210 uint8_t padding_r; 211 } __stack; 212 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 213 const size_t __len = 42 - 1; 214 const size_t __idx __unused = __len - 1; 215 char src[__len + 10]; 216 217 __stack.__buf = malloc(__bufsz); 218 219 memcpy(__stack.__buf, src, __len); 220 #undef BUF 221 222 } 223 224 ATF_TC_WITHOUT_HEAD(memcpy_heap_end); 225 ATF_TC_BODY(memcpy_heap_end, tc) 226 { 227 #define BUF __stack.__buf 228 struct { 229 uint8_t padding_l; 230 unsigned char * __buf; 231 uint8_t padding_r; 232 } __stack; 233 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 234 const size_t __len = 42; 235 const size_t __idx __unused = __len - 1; 236 char src[__len + 10]; 237 238 __stack.__buf = malloc(__bufsz); 239 240 memcpy(__stack.__buf, src, __len); 241 #undef BUF 242 243 } 244 245 ATF_TC_WITHOUT_HEAD(memcpy_heap_after_end); 246 ATF_TC_BODY(memcpy_heap_after_end, tc) 247 { 248 #define BUF __stack.__buf 249 struct { 250 uint8_t padding_l; 251 unsigned char * __buf; 252 uint8_t padding_r; 253 } __stack; 254 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 255 const size_t __len = 42 + 1; 256 const size_t __idx __unused = __len - 1; 257 pid_t __child; 258 int __status; 259 char src[__len + 10]; 260 261 __child = fork(); 262 ATF_REQUIRE(__child >= 0); 263 if (__child > 0) 264 goto monitor; 265 266 /* Child */ 267 disable_coredumps(); 268 __stack.__buf = malloc(__bufsz); 269 270 memcpy(__stack.__buf, src, __len); 271 _exit(EX_SOFTWARE); /* Should have aborted. */ 272 273 monitor: 274 while (waitpid(__child, &__status, 0) != __child) { 275 ATF_REQUIRE_EQ(EINTR, errno); 276 } 277 278 if (!WIFSIGNALED(__status)) { 279 switch (WEXITSTATUS(__status)) { 280 case EX_SOFTWARE: 281 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 282 break; 283 case EX_OSERR: 284 atf_tc_fail("setrlimit(2) failed"); 285 break; 286 default: 287 atf_tc_fail("child exited with status %d", 288 WEXITSTATUS(__status)); 289 } 290 } else { 291 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 292 } 293 #undef BUF 294 295 } 296 297 ATF_TC_WITHOUT_HEAD(mempcpy_before_end); 298 ATF_TC_BODY(mempcpy_before_end, tc) 299 { 300 #define BUF &__stack.__buf 301 struct { 302 uint8_t padding_l; 303 unsigned char __buf[42]; 304 uint8_t padding_r; 305 } __stack; 306 const size_t __bufsz __unused = sizeof(__stack.__buf); 307 const size_t __len = 42 - 1; 308 const size_t __idx __unused = __len - 1; 309 char src[__len + 10]; 310 311 mempcpy(__stack.__buf, src, __len); 312 #undef BUF 313 314 } 315 316 ATF_TC_WITHOUT_HEAD(mempcpy_end); 317 ATF_TC_BODY(mempcpy_end, tc) 318 { 319 #define BUF &__stack.__buf 320 struct { 321 uint8_t padding_l; 322 unsigned char __buf[42]; 323 uint8_t padding_r; 324 } __stack; 325 const size_t __bufsz __unused = sizeof(__stack.__buf); 326 const size_t __len = 42; 327 const size_t __idx __unused = __len - 1; 328 char src[__len + 10]; 329 330 mempcpy(__stack.__buf, src, __len); 331 #undef BUF 332 333 } 334 335 ATF_TC_WITHOUT_HEAD(mempcpy_heap_before_end); 336 ATF_TC_BODY(mempcpy_heap_before_end, tc) 337 { 338 #define BUF __stack.__buf 339 struct { 340 uint8_t padding_l; 341 unsigned char * __buf; 342 uint8_t padding_r; 343 } __stack; 344 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 345 const size_t __len = 42 - 1; 346 const size_t __idx __unused = __len - 1; 347 char src[__len + 10]; 348 349 __stack.__buf = malloc(__bufsz); 350 351 mempcpy(__stack.__buf, src, __len); 352 #undef BUF 353 354 } 355 356 ATF_TC_WITHOUT_HEAD(mempcpy_heap_end); 357 ATF_TC_BODY(mempcpy_heap_end, tc) 358 { 359 #define BUF __stack.__buf 360 struct { 361 uint8_t padding_l; 362 unsigned char * __buf; 363 uint8_t padding_r; 364 } __stack; 365 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 366 const size_t __len = 42; 367 const size_t __idx __unused = __len - 1; 368 char src[__len + 10]; 369 370 __stack.__buf = malloc(__bufsz); 371 372 mempcpy(__stack.__buf, src, __len); 373 #undef BUF 374 375 } 376 377 ATF_TC_WITHOUT_HEAD(mempcpy_heap_after_end); 378 ATF_TC_BODY(mempcpy_heap_after_end, tc) 379 { 380 #define BUF __stack.__buf 381 struct { 382 uint8_t padding_l; 383 unsigned char * __buf; 384 uint8_t padding_r; 385 } __stack; 386 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 387 const size_t __len = 42 + 1; 388 const size_t __idx __unused = __len - 1; 389 pid_t __child; 390 int __status; 391 char src[__len + 10]; 392 393 __child = fork(); 394 ATF_REQUIRE(__child >= 0); 395 if (__child > 0) 396 goto monitor; 397 398 /* Child */ 399 disable_coredumps(); 400 __stack.__buf = malloc(__bufsz); 401 402 mempcpy(__stack.__buf, src, __len); 403 _exit(EX_SOFTWARE); /* Should have aborted. */ 404 405 monitor: 406 while (waitpid(__child, &__status, 0) != __child) { 407 ATF_REQUIRE_EQ(EINTR, errno); 408 } 409 410 if (!WIFSIGNALED(__status)) { 411 switch (WEXITSTATUS(__status)) { 412 case EX_SOFTWARE: 413 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 414 break; 415 case EX_OSERR: 416 atf_tc_fail("setrlimit(2) failed"); 417 break; 418 default: 419 atf_tc_fail("child exited with status %d", 420 WEXITSTATUS(__status)); 421 } 422 } else { 423 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 424 } 425 #undef BUF 426 427 } 428 429 ATF_TC_WITHOUT_HEAD(memmove_before_end); 430 ATF_TC_BODY(memmove_before_end, tc) 431 { 432 #define BUF &__stack.__buf 433 struct { 434 uint8_t padding_l; 435 unsigned char __buf[42]; 436 uint8_t padding_r; 437 } __stack; 438 const size_t __bufsz __unused = sizeof(__stack.__buf); 439 const size_t __len = 42 - 1; 440 const size_t __idx __unused = __len - 1; 441 char src[__len + 10]; 442 443 memmove(__stack.__buf, src, __len); 444 #undef BUF 445 446 } 447 448 ATF_TC_WITHOUT_HEAD(memmove_end); 449 ATF_TC_BODY(memmove_end, tc) 450 { 451 #define BUF &__stack.__buf 452 struct { 453 uint8_t padding_l; 454 unsigned char __buf[42]; 455 uint8_t padding_r; 456 } __stack; 457 const size_t __bufsz __unused = sizeof(__stack.__buf); 458 const size_t __len = 42; 459 const size_t __idx __unused = __len - 1; 460 char src[__len + 10]; 461 462 memmove(__stack.__buf, src, __len); 463 #undef BUF 464 465 } 466 467 ATF_TC_WITHOUT_HEAD(memmove_heap_before_end); 468 ATF_TC_BODY(memmove_heap_before_end, tc) 469 { 470 #define BUF __stack.__buf 471 struct { 472 uint8_t padding_l; 473 unsigned char * __buf; 474 uint8_t padding_r; 475 } __stack; 476 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 477 const size_t __len = 42 - 1; 478 const size_t __idx __unused = __len - 1; 479 char src[__len + 10]; 480 481 __stack.__buf = malloc(__bufsz); 482 483 memmove(__stack.__buf, src, __len); 484 #undef BUF 485 486 } 487 488 ATF_TC_WITHOUT_HEAD(memmove_heap_end); 489 ATF_TC_BODY(memmove_heap_end, tc) 490 { 491 #define BUF __stack.__buf 492 struct { 493 uint8_t padding_l; 494 unsigned char * __buf; 495 uint8_t padding_r; 496 } __stack; 497 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 498 const size_t __len = 42; 499 const size_t __idx __unused = __len - 1; 500 char src[__len + 10]; 501 502 __stack.__buf = malloc(__bufsz); 503 504 memmove(__stack.__buf, src, __len); 505 #undef BUF 506 507 } 508 509 ATF_TC_WITHOUT_HEAD(memmove_heap_after_end); 510 ATF_TC_BODY(memmove_heap_after_end, tc) 511 { 512 #define BUF __stack.__buf 513 struct { 514 uint8_t padding_l; 515 unsigned char * __buf; 516 uint8_t padding_r; 517 } __stack; 518 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 519 const size_t __len = 42 + 1; 520 const size_t __idx __unused = __len - 1; 521 pid_t __child; 522 int __status; 523 char src[__len + 10]; 524 525 __child = fork(); 526 ATF_REQUIRE(__child >= 0); 527 if (__child > 0) 528 goto monitor; 529 530 /* Child */ 531 disable_coredumps(); 532 __stack.__buf = malloc(__bufsz); 533 534 memmove(__stack.__buf, src, __len); 535 _exit(EX_SOFTWARE); /* Should have aborted. */ 536 537 monitor: 538 while (waitpid(__child, &__status, 0) != __child) { 539 ATF_REQUIRE_EQ(EINTR, errno); 540 } 541 542 if (!WIFSIGNALED(__status)) { 543 switch (WEXITSTATUS(__status)) { 544 case EX_SOFTWARE: 545 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 546 break; 547 case EX_OSERR: 548 atf_tc_fail("setrlimit(2) failed"); 549 break; 550 default: 551 atf_tc_fail("child exited with status %d", 552 WEXITSTATUS(__status)); 553 } 554 } else { 555 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 556 } 557 #undef BUF 558 559 } 560 561 ATF_TC_WITHOUT_HEAD(memset_before_end); 562 ATF_TC_BODY(memset_before_end, tc) 563 { 564 #define BUF &__stack.__buf 565 struct { 566 uint8_t padding_l; 567 unsigned char __buf[42]; 568 uint8_t padding_r; 569 } __stack; 570 const size_t __bufsz __unused = sizeof(__stack.__buf); 571 const size_t __len = 42 - 1; 572 const size_t __idx __unused = __len - 1; 573 574 memset(__stack.__buf, 0, __len); 575 #undef BUF 576 577 } 578 579 ATF_TC_WITHOUT_HEAD(memset_end); 580 ATF_TC_BODY(memset_end, tc) 581 { 582 #define BUF &__stack.__buf 583 struct { 584 uint8_t padding_l; 585 unsigned char __buf[42]; 586 uint8_t padding_r; 587 } __stack; 588 const size_t __bufsz __unused = sizeof(__stack.__buf); 589 const size_t __len = 42; 590 const size_t __idx __unused = __len - 1; 591 592 memset(__stack.__buf, 0, __len); 593 #undef BUF 594 595 } 596 597 ATF_TC_WITHOUT_HEAD(memset_heap_before_end); 598 ATF_TC_BODY(memset_heap_before_end, tc) 599 { 600 #define BUF __stack.__buf 601 struct { 602 uint8_t padding_l; 603 unsigned char * __buf; 604 uint8_t padding_r; 605 } __stack; 606 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 607 const size_t __len = 42 - 1; 608 const size_t __idx __unused = __len - 1; 609 610 __stack.__buf = malloc(__bufsz); 611 612 memset(__stack.__buf, 0, __len); 613 #undef BUF 614 615 } 616 617 ATF_TC_WITHOUT_HEAD(memset_heap_end); 618 ATF_TC_BODY(memset_heap_end, tc) 619 { 620 #define BUF __stack.__buf 621 struct { 622 uint8_t padding_l; 623 unsigned char * __buf; 624 uint8_t padding_r; 625 } __stack; 626 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 627 const size_t __len = 42; 628 const size_t __idx __unused = __len - 1; 629 630 __stack.__buf = malloc(__bufsz); 631 632 memset(__stack.__buf, 0, __len); 633 #undef BUF 634 635 } 636 637 ATF_TC_WITHOUT_HEAD(memset_heap_after_end); 638 ATF_TC_BODY(memset_heap_after_end, tc) 639 { 640 #define BUF __stack.__buf 641 struct { 642 uint8_t padding_l; 643 unsigned char * __buf; 644 uint8_t padding_r; 645 } __stack; 646 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 647 const size_t __len = 42 + 1; 648 const size_t __idx __unused = __len - 1; 649 pid_t __child; 650 int __status; 651 652 __child = fork(); 653 ATF_REQUIRE(__child >= 0); 654 if (__child > 0) 655 goto monitor; 656 657 /* Child */ 658 disable_coredumps(); 659 __stack.__buf = malloc(__bufsz); 660 661 memset(__stack.__buf, 0, __len); 662 _exit(EX_SOFTWARE); /* Should have aborted. */ 663 664 monitor: 665 while (waitpid(__child, &__status, 0) != __child) { 666 ATF_REQUIRE_EQ(EINTR, errno); 667 } 668 669 if (!WIFSIGNALED(__status)) { 670 switch (WEXITSTATUS(__status)) { 671 case EX_SOFTWARE: 672 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 673 break; 674 case EX_OSERR: 675 atf_tc_fail("setrlimit(2) failed"); 676 break; 677 default: 678 atf_tc_fail("child exited with status %d", 679 WEXITSTATUS(__status)); 680 } 681 } else { 682 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 683 } 684 #undef BUF 685 686 } 687 688 ATF_TC_WITHOUT_HEAD(memset_explicit_before_end); 689 ATF_TC_BODY(memset_explicit_before_end, tc) 690 { 691 #define BUF &__stack.__buf 692 struct { 693 uint8_t padding_l; 694 unsigned char __buf[42]; 695 uint8_t padding_r; 696 } __stack; 697 const size_t __bufsz __unused = sizeof(__stack.__buf); 698 const size_t __len = 42 - 1; 699 const size_t __idx __unused = __len - 1; 700 701 memset_explicit(__stack.__buf, 0, __len); 702 #undef BUF 703 704 } 705 706 ATF_TC_WITHOUT_HEAD(memset_explicit_end); 707 ATF_TC_BODY(memset_explicit_end, tc) 708 { 709 #define BUF &__stack.__buf 710 struct { 711 uint8_t padding_l; 712 unsigned char __buf[42]; 713 uint8_t padding_r; 714 } __stack; 715 const size_t __bufsz __unused = sizeof(__stack.__buf); 716 const size_t __len = 42; 717 const size_t __idx __unused = __len - 1; 718 719 memset_explicit(__stack.__buf, 0, __len); 720 #undef BUF 721 722 } 723 724 ATF_TC_WITHOUT_HEAD(memset_explicit_heap_before_end); 725 ATF_TC_BODY(memset_explicit_heap_before_end, tc) 726 { 727 #define BUF __stack.__buf 728 struct { 729 uint8_t padding_l; 730 unsigned char * __buf; 731 uint8_t padding_r; 732 } __stack; 733 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 734 const size_t __len = 42 - 1; 735 const size_t __idx __unused = __len - 1; 736 737 __stack.__buf = malloc(__bufsz); 738 739 memset_explicit(__stack.__buf, 0, __len); 740 #undef BUF 741 742 } 743 744 ATF_TC_WITHOUT_HEAD(memset_explicit_heap_end); 745 ATF_TC_BODY(memset_explicit_heap_end, tc) 746 { 747 #define BUF __stack.__buf 748 struct { 749 uint8_t padding_l; 750 unsigned char * __buf; 751 uint8_t padding_r; 752 } __stack; 753 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 754 const size_t __len = 42; 755 const size_t __idx __unused = __len - 1; 756 757 __stack.__buf = malloc(__bufsz); 758 759 memset_explicit(__stack.__buf, 0, __len); 760 #undef BUF 761 762 } 763 764 ATF_TC_WITHOUT_HEAD(memset_explicit_heap_after_end); 765 ATF_TC_BODY(memset_explicit_heap_after_end, tc) 766 { 767 #define BUF __stack.__buf 768 struct { 769 uint8_t padding_l; 770 unsigned char * __buf; 771 uint8_t padding_r; 772 } __stack; 773 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 774 const size_t __len = 42 + 1; 775 const size_t __idx __unused = __len - 1; 776 pid_t __child; 777 int __status; 778 779 __child = fork(); 780 ATF_REQUIRE(__child >= 0); 781 if (__child > 0) 782 goto monitor; 783 784 /* Child */ 785 disable_coredumps(); 786 __stack.__buf = malloc(__bufsz); 787 788 memset_explicit(__stack.__buf, 0, __len); 789 _exit(EX_SOFTWARE); /* Should have aborted. */ 790 791 monitor: 792 while (waitpid(__child, &__status, 0) != __child) { 793 ATF_REQUIRE_EQ(EINTR, errno); 794 } 795 796 if (!WIFSIGNALED(__status)) { 797 switch (WEXITSTATUS(__status)) { 798 case EX_SOFTWARE: 799 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 800 break; 801 case EX_OSERR: 802 atf_tc_fail("setrlimit(2) failed"); 803 break; 804 default: 805 atf_tc_fail("child exited with status %d", 806 WEXITSTATUS(__status)); 807 } 808 } else { 809 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 810 } 811 #undef BUF 812 813 } 814 815 ATF_TC_WITHOUT_HEAD(stpcpy_before_end); 816 ATF_TC_BODY(stpcpy_before_end, tc) 817 { 818 #define BUF &__stack.__buf 819 struct { 820 uint8_t padding_l; 821 unsigned char __buf[42]; 822 uint8_t padding_r; 823 } __stack; 824 const size_t __bufsz __unused = sizeof(__stack.__buf); 825 const size_t __len = 42 - 1; 826 const size_t __idx __unused = __len - 1; 827 char src[__len]; 828 829 memset(__stack.__buf, 0, __len); 830 memset(src, 'A', __len - 1); 831 src[__len - 1] = '\0'; 832 833 stpcpy(__stack.__buf, src); 834 #undef BUF 835 836 } 837 838 ATF_TC_WITHOUT_HEAD(stpcpy_end); 839 ATF_TC_BODY(stpcpy_end, tc) 840 { 841 #define BUF &__stack.__buf 842 struct { 843 uint8_t padding_l; 844 unsigned char __buf[42]; 845 uint8_t padding_r; 846 } __stack; 847 const size_t __bufsz __unused = sizeof(__stack.__buf); 848 const size_t __len = 42; 849 const size_t __idx __unused = __len - 1; 850 char src[__len]; 851 852 memset(__stack.__buf, 0, __len); 853 memset(src, 'A', __len - 1); 854 src[__len - 1] = '\0'; 855 856 stpcpy(__stack.__buf, src); 857 #undef BUF 858 859 } 860 861 ATF_TC_WITHOUT_HEAD(stpcpy_heap_before_end); 862 ATF_TC_BODY(stpcpy_heap_before_end, tc) 863 { 864 #define BUF __stack.__buf 865 struct { 866 uint8_t padding_l; 867 unsigned char * __buf; 868 uint8_t padding_r; 869 } __stack; 870 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 871 const size_t __len = 42 - 1; 872 const size_t __idx __unused = __len - 1; 873 char src[__len]; 874 875 __stack.__buf = malloc(__bufsz); 876 memset(__stack.__buf, 0, __len); 877 memset(src, 'A', __len - 1); 878 src[__len - 1] = '\0'; 879 880 stpcpy(__stack.__buf, src); 881 #undef BUF 882 883 } 884 885 ATF_TC_WITHOUT_HEAD(stpcpy_heap_end); 886 ATF_TC_BODY(stpcpy_heap_end, tc) 887 { 888 #define BUF __stack.__buf 889 struct { 890 uint8_t padding_l; 891 unsigned char * __buf; 892 uint8_t padding_r; 893 } __stack; 894 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 895 const size_t __len = 42; 896 const size_t __idx __unused = __len - 1; 897 char src[__len]; 898 899 __stack.__buf = malloc(__bufsz); 900 memset(__stack.__buf, 0, __len); 901 memset(src, 'A', __len - 1); 902 src[__len - 1] = '\0'; 903 904 stpcpy(__stack.__buf, src); 905 #undef BUF 906 907 } 908 909 ATF_TC_WITHOUT_HEAD(stpcpy_heap_after_end); 910 ATF_TC_BODY(stpcpy_heap_after_end, tc) 911 { 912 #define BUF __stack.__buf 913 struct { 914 uint8_t padding_l; 915 unsigned char * __buf; 916 uint8_t padding_r; 917 } __stack; 918 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 919 const size_t __len = 42 + 1; 920 const size_t __idx __unused = __len - 1; 921 pid_t __child; 922 int __status; 923 char src[__len]; 924 925 __child = fork(); 926 ATF_REQUIRE(__child >= 0); 927 if (__child > 0) 928 goto monitor; 929 930 /* Child */ 931 disable_coredumps(); 932 __stack.__buf = malloc(__bufsz); 933 memset(__stack.__buf, 0, __len); 934 memset(src, 'A', __len - 1); 935 src[__len - 1] = '\0'; 936 937 stpcpy(__stack.__buf, src); 938 _exit(EX_SOFTWARE); /* Should have aborted. */ 939 940 monitor: 941 while (waitpid(__child, &__status, 0) != __child) { 942 ATF_REQUIRE_EQ(EINTR, errno); 943 } 944 945 if (!WIFSIGNALED(__status)) { 946 switch (WEXITSTATUS(__status)) { 947 case EX_SOFTWARE: 948 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 949 break; 950 case EX_OSERR: 951 atf_tc_fail("setrlimit(2) failed"); 952 break; 953 default: 954 atf_tc_fail("child exited with status %d", 955 WEXITSTATUS(__status)); 956 } 957 } else { 958 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 959 } 960 #undef BUF 961 962 } 963 964 ATF_TC_WITHOUT_HEAD(stpncpy_before_end); 965 ATF_TC_BODY(stpncpy_before_end, tc) 966 { 967 #define BUF &__stack.__buf 968 struct { 969 uint8_t padding_l; 970 unsigned char __buf[42]; 971 uint8_t padding_r; 972 } __stack; 973 const size_t __bufsz __unused = sizeof(__stack.__buf); 974 const size_t __len = 42 - 1; 975 const size_t __idx __unused = __len - 1; 976 char src[__len]; 977 978 memset(__stack.__buf, 0, __len); 979 memset(src, 'A', __len - 1); 980 src[__len - 1] = '\0'; 981 982 stpncpy(__stack.__buf, src, __len); 983 #undef BUF 984 985 } 986 987 ATF_TC_WITHOUT_HEAD(stpncpy_end); 988 ATF_TC_BODY(stpncpy_end, tc) 989 { 990 #define BUF &__stack.__buf 991 struct { 992 uint8_t padding_l; 993 unsigned char __buf[42]; 994 uint8_t padding_r; 995 } __stack; 996 const size_t __bufsz __unused = sizeof(__stack.__buf); 997 const size_t __len = 42; 998 const size_t __idx __unused = __len - 1; 999 char src[__len]; 1000 1001 memset(__stack.__buf, 0, __len); 1002 memset(src, 'A', __len - 1); 1003 src[__len - 1] = '\0'; 1004 1005 stpncpy(__stack.__buf, src, __len); 1006 #undef BUF 1007 1008 } 1009 1010 ATF_TC_WITHOUT_HEAD(stpncpy_heap_before_end); 1011 ATF_TC_BODY(stpncpy_heap_before_end, tc) 1012 { 1013 #define BUF __stack.__buf 1014 struct { 1015 uint8_t padding_l; 1016 unsigned char * __buf; 1017 uint8_t padding_r; 1018 } __stack; 1019 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1020 const size_t __len = 42 - 1; 1021 const size_t __idx __unused = __len - 1; 1022 char src[__len]; 1023 1024 __stack.__buf = malloc(__bufsz); 1025 memset(__stack.__buf, 0, __len); 1026 memset(src, 'A', __len - 1); 1027 src[__len - 1] = '\0'; 1028 1029 stpncpy(__stack.__buf, src, __len); 1030 #undef BUF 1031 1032 } 1033 1034 ATF_TC_WITHOUT_HEAD(stpncpy_heap_end); 1035 ATF_TC_BODY(stpncpy_heap_end, tc) 1036 { 1037 #define BUF __stack.__buf 1038 struct { 1039 uint8_t padding_l; 1040 unsigned char * __buf; 1041 uint8_t padding_r; 1042 } __stack; 1043 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1044 const size_t __len = 42; 1045 const size_t __idx __unused = __len - 1; 1046 char src[__len]; 1047 1048 __stack.__buf = malloc(__bufsz); 1049 memset(__stack.__buf, 0, __len); 1050 memset(src, 'A', __len - 1); 1051 src[__len - 1] = '\0'; 1052 1053 stpncpy(__stack.__buf, src, __len); 1054 #undef BUF 1055 1056 } 1057 1058 ATF_TC_WITHOUT_HEAD(stpncpy_heap_after_end); 1059 ATF_TC_BODY(stpncpy_heap_after_end, tc) 1060 { 1061 #define BUF __stack.__buf 1062 struct { 1063 uint8_t padding_l; 1064 unsigned char * __buf; 1065 uint8_t padding_r; 1066 } __stack; 1067 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1068 const size_t __len = 42 + 1; 1069 const size_t __idx __unused = __len - 1; 1070 pid_t __child; 1071 int __status; 1072 char src[__len]; 1073 1074 __child = fork(); 1075 ATF_REQUIRE(__child >= 0); 1076 if (__child > 0) 1077 goto monitor; 1078 1079 /* Child */ 1080 disable_coredumps(); 1081 __stack.__buf = malloc(__bufsz); 1082 memset(__stack.__buf, 0, __len); 1083 memset(src, 'A', __len - 1); 1084 src[__len - 1] = '\0'; 1085 1086 stpncpy(__stack.__buf, src, __len); 1087 _exit(EX_SOFTWARE); /* Should have aborted. */ 1088 1089 monitor: 1090 while (waitpid(__child, &__status, 0) != __child) { 1091 ATF_REQUIRE_EQ(EINTR, errno); 1092 } 1093 1094 if (!WIFSIGNALED(__status)) { 1095 switch (WEXITSTATUS(__status)) { 1096 case EX_SOFTWARE: 1097 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1098 break; 1099 case EX_OSERR: 1100 atf_tc_fail("setrlimit(2) failed"); 1101 break; 1102 default: 1103 atf_tc_fail("child exited with status %d", 1104 WEXITSTATUS(__status)); 1105 } 1106 } else { 1107 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1108 } 1109 #undef BUF 1110 1111 } 1112 1113 ATF_TC_WITHOUT_HEAD(strcat_before_end); 1114 ATF_TC_BODY(strcat_before_end, tc) 1115 { 1116 #define BUF &__stack.__buf 1117 struct { 1118 uint8_t padding_l; 1119 unsigned char __buf[42]; 1120 uint8_t padding_r; 1121 } __stack; 1122 const size_t __bufsz __unused = sizeof(__stack.__buf); 1123 const size_t __len = 42 - 1; 1124 const size_t __idx __unused = __len - 1; 1125 char src[__len]; 1126 1127 memset(__stack.__buf, 0, __len); 1128 memset(src, 'A', __len - 1); 1129 src[__len - 1] = '\0'; 1130 1131 strcat(__stack.__buf, src); 1132 #undef BUF 1133 1134 } 1135 1136 ATF_TC_WITHOUT_HEAD(strcat_end); 1137 ATF_TC_BODY(strcat_end, tc) 1138 { 1139 #define BUF &__stack.__buf 1140 struct { 1141 uint8_t padding_l; 1142 unsigned char __buf[42]; 1143 uint8_t padding_r; 1144 } __stack; 1145 const size_t __bufsz __unused = sizeof(__stack.__buf); 1146 const size_t __len = 42; 1147 const size_t __idx __unused = __len - 1; 1148 char src[__len]; 1149 1150 memset(__stack.__buf, 0, __len); 1151 memset(src, 'A', __len - 1); 1152 src[__len - 1] = '\0'; 1153 1154 strcat(__stack.__buf, src); 1155 #undef BUF 1156 1157 } 1158 1159 ATF_TC_WITHOUT_HEAD(strcat_heap_before_end); 1160 ATF_TC_BODY(strcat_heap_before_end, tc) 1161 { 1162 #define BUF __stack.__buf 1163 struct { 1164 uint8_t padding_l; 1165 unsigned char * __buf; 1166 uint8_t padding_r; 1167 } __stack; 1168 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1169 const size_t __len = 42 - 1; 1170 const size_t __idx __unused = __len - 1; 1171 char src[__len]; 1172 1173 __stack.__buf = malloc(__bufsz); 1174 memset(__stack.__buf, 0, __len); 1175 memset(src, 'A', __len - 1); 1176 src[__len - 1] = '\0'; 1177 1178 strcat(__stack.__buf, src); 1179 #undef BUF 1180 1181 } 1182 1183 ATF_TC_WITHOUT_HEAD(strcat_heap_end); 1184 ATF_TC_BODY(strcat_heap_end, tc) 1185 { 1186 #define BUF __stack.__buf 1187 struct { 1188 uint8_t padding_l; 1189 unsigned char * __buf; 1190 uint8_t padding_r; 1191 } __stack; 1192 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1193 const size_t __len = 42; 1194 const size_t __idx __unused = __len - 1; 1195 char src[__len]; 1196 1197 __stack.__buf = malloc(__bufsz); 1198 memset(__stack.__buf, 0, __len); 1199 memset(src, 'A', __len - 1); 1200 src[__len - 1] = '\0'; 1201 1202 strcat(__stack.__buf, src); 1203 #undef BUF 1204 1205 } 1206 1207 ATF_TC_WITHOUT_HEAD(strcat_heap_after_end); 1208 ATF_TC_BODY(strcat_heap_after_end, tc) 1209 { 1210 #define BUF __stack.__buf 1211 struct { 1212 uint8_t padding_l; 1213 unsigned char * __buf; 1214 uint8_t padding_r; 1215 } __stack; 1216 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1217 const size_t __len = 42 + 1; 1218 const size_t __idx __unused = __len - 1; 1219 pid_t __child; 1220 int __status; 1221 char src[__len]; 1222 1223 __child = fork(); 1224 ATF_REQUIRE(__child >= 0); 1225 if (__child > 0) 1226 goto monitor; 1227 1228 /* Child */ 1229 disable_coredumps(); 1230 __stack.__buf = malloc(__bufsz); 1231 memset(__stack.__buf, 0, __len); 1232 memset(src, 'A', __len - 1); 1233 src[__len - 1] = '\0'; 1234 1235 strcat(__stack.__buf, src); 1236 _exit(EX_SOFTWARE); /* Should have aborted. */ 1237 1238 monitor: 1239 while (waitpid(__child, &__status, 0) != __child) { 1240 ATF_REQUIRE_EQ(EINTR, errno); 1241 } 1242 1243 if (!WIFSIGNALED(__status)) { 1244 switch (WEXITSTATUS(__status)) { 1245 case EX_SOFTWARE: 1246 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1247 break; 1248 case EX_OSERR: 1249 atf_tc_fail("setrlimit(2) failed"); 1250 break; 1251 default: 1252 atf_tc_fail("child exited with status %d", 1253 WEXITSTATUS(__status)); 1254 } 1255 } else { 1256 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1257 } 1258 #undef BUF 1259 1260 } 1261 1262 ATF_TC_WITHOUT_HEAD(strlcat_before_end); 1263 ATF_TC_BODY(strlcat_before_end, tc) 1264 { 1265 #define BUF &__stack.__buf 1266 struct { 1267 uint8_t padding_l; 1268 unsigned char __buf[42]; 1269 uint8_t padding_r; 1270 } __stack; 1271 const size_t __bufsz __unused = sizeof(__stack.__buf); 1272 const size_t __len = 42 - 1; 1273 const size_t __idx __unused = __len - 1; 1274 char src[__len]; 1275 1276 memset(__stack.__buf, 0, __len); 1277 memset(src, 'A', __len - 1); 1278 src[__len - 1] = '\0'; 1279 1280 strlcat(__stack.__buf, src, __len); 1281 #undef BUF 1282 1283 } 1284 1285 ATF_TC_WITHOUT_HEAD(strlcat_end); 1286 ATF_TC_BODY(strlcat_end, tc) 1287 { 1288 #define BUF &__stack.__buf 1289 struct { 1290 uint8_t padding_l; 1291 unsigned char __buf[42]; 1292 uint8_t padding_r; 1293 } __stack; 1294 const size_t __bufsz __unused = sizeof(__stack.__buf); 1295 const size_t __len = 42; 1296 const size_t __idx __unused = __len - 1; 1297 char src[__len]; 1298 1299 memset(__stack.__buf, 0, __len); 1300 memset(src, 'A', __len - 1); 1301 src[__len - 1] = '\0'; 1302 1303 strlcat(__stack.__buf, src, __len); 1304 #undef BUF 1305 1306 } 1307 1308 ATF_TC_WITHOUT_HEAD(strlcat_heap_before_end); 1309 ATF_TC_BODY(strlcat_heap_before_end, tc) 1310 { 1311 #define BUF __stack.__buf 1312 struct { 1313 uint8_t padding_l; 1314 unsigned char * __buf; 1315 uint8_t padding_r; 1316 } __stack; 1317 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1318 const size_t __len = 42 - 1; 1319 const size_t __idx __unused = __len - 1; 1320 char src[__len]; 1321 1322 __stack.__buf = malloc(__bufsz); 1323 memset(__stack.__buf, 0, __len); 1324 memset(src, 'A', __len - 1); 1325 src[__len - 1] = '\0'; 1326 1327 strlcat(__stack.__buf, src, __len); 1328 #undef BUF 1329 1330 } 1331 1332 ATF_TC_WITHOUT_HEAD(strlcat_heap_end); 1333 ATF_TC_BODY(strlcat_heap_end, tc) 1334 { 1335 #define BUF __stack.__buf 1336 struct { 1337 uint8_t padding_l; 1338 unsigned char * __buf; 1339 uint8_t padding_r; 1340 } __stack; 1341 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1342 const size_t __len = 42; 1343 const size_t __idx __unused = __len - 1; 1344 char src[__len]; 1345 1346 __stack.__buf = malloc(__bufsz); 1347 memset(__stack.__buf, 0, __len); 1348 memset(src, 'A', __len - 1); 1349 src[__len - 1] = '\0'; 1350 1351 strlcat(__stack.__buf, src, __len); 1352 #undef BUF 1353 1354 } 1355 1356 ATF_TC_WITHOUT_HEAD(strlcat_heap_after_end); 1357 ATF_TC_BODY(strlcat_heap_after_end, tc) 1358 { 1359 #define BUF __stack.__buf 1360 struct { 1361 uint8_t padding_l; 1362 unsigned char * __buf; 1363 uint8_t padding_r; 1364 } __stack; 1365 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1366 const size_t __len = 42 + 1; 1367 const size_t __idx __unused = __len - 1; 1368 pid_t __child; 1369 int __status; 1370 char src[__len]; 1371 1372 __child = fork(); 1373 ATF_REQUIRE(__child >= 0); 1374 if (__child > 0) 1375 goto monitor; 1376 1377 /* Child */ 1378 disable_coredumps(); 1379 __stack.__buf = malloc(__bufsz); 1380 memset(__stack.__buf, 0, __len); 1381 memset(src, 'A', __len - 1); 1382 src[__len - 1] = '\0'; 1383 1384 strlcat(__stack.__buf, src, __len); 1385 _exit(EX_SOFTWARE); /* Should have aborted. */ 1386 1387 monitor: 1388 while (waitpid(__child, &__status, 0) != __child) { 1389 ATF_REQUIRE_EQ(EINTR, errno); 1390 } 1391 1392 if (!WIFSIGNALED(__status)) { 1393 switch (WEXITSTATUS(__status)) { 1394 case EX_SOFTWARE: 1395 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1396 break; 1397 case EX_OSERR: 1398 atf_tc_fail("setrlimit(2) failed"); 1399 break; 1400 default: 1401 atf_tc_fail("child exited with status %d", 1402 WEXITSTATUS(__status)); 1403 } 1404 } else { 1405 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1406 } 1407 #undef BUF 1408 1409 } 1410 1411 ATF_TC_WITHOUT_HEAD(strncat_before_end); 1412 ATF_TC_BODY(strncat_before_end, tc) 1413 { 1414 #define BUF &__stack.__buf 1415 struct { 1416 uint8_t padding_l; 1417 unsigned char __buf[42]; 1418 uint8_t padding_r; 1419 } __stack; 1420 const size_t __bufsz __unused = sizeof(__stack.__buf); 1421 const size_t __len = 42 - 1; 1422 const size_t __idx __unused = __len - 1; 1423 char src[__len]; 1424 1425 memset(__stack.__buf, 0, __len); 1426 memset(src, 'A', __len - 1); 1427 src[__len - 1] = '\0'; 1428 1429 strncat(__stack.__buf, src, __len); 1430 #undef BUF 1431 1432 } 1433 1434 ATF_TC_WITHOUT_HEAD(strncat_end); 1435 ATF_TC_BODY(strncat_end, tc) 1436 { 1437 #define BUF &__stack.__buf 1438 struct { 1439 uint8_t padding_l; 1440 unsigned char __buf[42]; 1441 uint8_t padding_r; 1442 } __stack; 1443 const size_t __bufsz __unused = sizeof(__stack.__buf); 1444 const size_t __len = 42; 1445 const size_t __idx __unused = __len - 1; 1446 char src[__len]; 1447 1448 memset(__stack.__buf, 0, __len); 1449 memset(src, 'A', __len - 1); 1450 src[__len - 1] = '\0'; 1451 1452 strncat(__stack.__buf, src, __len); 1453 #undef BUF 1454 1455 } 1456 1457 ATF_TC_WITHOUT_HEAD(strncat_heap_before_end); 1458 ATF_TC_BODY(strncat_heap_before_end, tc) 1459 { 1460 #define BUF __stack.__buf 1461 struct { 1462 uint8_t padding_l; 1463 unsigned char * __buf; 1464 uint8_t padding_r; 1465 } __stack; 1466 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1467 const size_t __len = 42 - 1; 1468 const size_t __idx __unused = __len - 1; 1469 char src[__len]; 1470 1471 __stack.__buf = malloc(__bufsz); 1472 memset(__stack.__buf, 0, __len); 1473 memset(src, 'A', __len - 1); 1474 src[__len - 1] = '\0'; 1475 1476 strncat(__stack.__buf, src, __len); 1477 #undef BUF 1478 1479 } 1480 1481 ATF_TC_WITHOUT_HEAD(strncat_heap_end); 1482 ATF_TC_BODY(strncat_heap_end, tc) 1483 { 1484 #define BUF __stack.__buf 1485 struct { 1486 uint8_t padding_l; 1487 unsigned char * __buf; 1488 uint8_t padding_r; 1489 } __stack; 1490 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1491 const size_t __len = 42; 1492 const size_t __idx __unused = __len - 1; 1493 char src[__len]; 1494 1495 __stack.__buf = malloc(__bufsz); 1496 memset(__stack.__buf, 0, __len); 1497 memset(src, 'A', __len - 1); 1498 src[__len - 1] = '\0'; 1499 1500 strncat(__stack.__buf, src, __len); 1501 #undef BUF 1502 1503 } 1504 1505 ATF_TC_WITHOUT_HEAD(strncat_heap_after_end); 1506 ATF_TC_BODY(strncat_heap_after_end, tc) 1507 { 1508 #define BUF __stack.__buf 1509 struct { 1510 uint8_t padding_l; 1511 unsigned char * __buf; 1512 uint8_t padding_r; 1513 } __stack; 1514 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1515 const size_t __len = 42 + 1; 1516 const size_t __idx __unused = __len - 1; 1517 pid_t __child; 1518 int __status; 1519 char src[__len]; 1520 1521 __child = fork(); 1522 ATF_REQUIRE(__child >= 0); 1523 if (__child > 0) 1524 goto monitor; 1525 1526 /* Child */ 1527 disable_coredumps(); 1528 __stack.__buf = malloc(__bufsz); 1529 memset(__stack.__buf, 0, __len); 1530 memset(src, 'A', __len - 1); 1531 src[__len - 1] = '\0'; 1532 1533 strncat(__stack.__buf, src, __len); 1534 _exit(EX_SOFTWARE); /* Should have aborted. */ 1535 1536 monitor: 1537 while (waitpid(__child, &__status, 0) != __child) { 1538 ATF_REQUIRE_EQ(EINTR, errno); 1539 } 1540 1541 if (!WIFSIGNALED(__status)) { 1542 switch (WEXITSTATUS(__status)) { 1543 case EX_SOFTWARE: 1544 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1545 break; 1546 case EX_OSERR: 1547 atf_tc_fail("setrlimit(2) failed"); 1548 break; 1549 default: 1550 atf_tc_fail("child exited with status %d", 1551 WEXITSTATUS(__status)); 1552 } 1553 } else { 1554 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1555 } 1556 #undef BUF 1557 1558 } 1559 1560 ATF_TC_WITHOUT_HEAD(strcpy_before_end); 1561 ATF_TC_BODY(strcpy_before_end, tc) 1562 { 1563 #define BUF &__stack.__buf 1564 struct { 1565 uint8_t padding_l; 1566 unsigned char __buf[42]; 1567 uint8_t padding_r; 1568 } __stack; 1569 const size_t __bufsz __unused = sizeof(__stack.__buf); 1570 const size_t __len = 42 - 1; 1571 const size_t __idx __unused = __len - 1; 1572 char src[__len]; 1573 1574 memset(__stack.__buf, 0, __len); 1575 memset(src, 'A', __len - 1); 1576 src[__len - 1] = '\0'; 1577 1578 strcpy(__stack.__buf, src); 1579 #undef BUF 1580 1581 } 1582 1583 ATF_TC_WITHOUT_HEAD(strcpy_end); 1584 ATF_TC_BODY(strcpy_end, tc) 1585 { 1586 #define BUF &__stack.__buf 1587 struct { 1588 uint8_t padding_l; 1589 unsigned char __buf[42]; 1590 uint8_t padding_r; 1591 } __stack; 1592 const size_t __bufsz __unused = sizeof(__stack.__buf); 1593 const size_t __len = 42; 1594 const size_t __idx __unused = __len - 1; 1595 char src[__len]; 1596 1597 memset(__stack.__buf, 0, __len); 1598 memset(src, 'A', __len - 1); 1599 src[__len - 1] = '\0'; 1600 1601 strcpy(__stack.__buf, src); 1602 #undef BUF 1603 1604 } 1605 1606 ATF_TC_WITHOUT_HEAD(strcpy_heap_before_end); 1607 ATF_TC_BODY(strcpy_heap_before_end, tc) 1608 { 1609 #define BUF __stack.__buf 1610 struct { 1611 uint8_t padding_l; 1612 unsigned char * __buf; 1613 uint8_t padding_r; 1614 } __stack; 1615 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1616 const size_t __len = 42 - 1; 1617 const size_t __idx __unused = __len - 1; 1618 char src[__len]; 1619 1620 __stack.__buf = malloc(__bufsz); 1621 memset(__stack.__buf, 0, __len); 1622 memset(src, 'A', __len - 1); 1623 src[__len - 1] = '\0'; 1624 1625 strcpy(__stack.__buf, src); 1626 #undef BUF 1627 1628 } 1629 1630 ATF_TC_WITHOUT_HEAD(strcpy_heap_end); 1631 ATF_TC_BODY(strcpy_heap_end, tc) 1632 { 1633 #define BUF __stack.__buf 1634 struct { 1635 uint8_t padding_l; 1636 unsigned char * __buf; 1637 uint8_t padding_r; 1638 } __stack; 1639 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1640 const size_t __len = 42; 1641 const size_t __idx __unused = __len - 1; 1642 char src[__len]; 1643 1644 __stack.__buf = malloc(__bufsz); 1645 memset(__stack.__buf, 0, __len); 1646 memset(src, 'A', __len - 1); 1647 src[__len - 1] = '\0'; 1648 1649 strcpy(__stack.__buf, src); 1650 #undef BUF 1651 1652 } 1653 1654 ATF_TC_WITHOUT_HEAD(strcpy_heap_after_end); 1655 ATF_TC_BODY(strcpy_heap_after_end, tc) 1656 { 1657 #define BUF __stack.__buf 1658 struct { 1659 uint8_t padding_l; 1660 unsigned char * __buf; 1661 uint8_t padding_r; 1662 } __stack; 1663 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1664 const size_t __len = 42 + 1; 1665 const size_t __idx __unused = __len - 1; 1666 pid_t __child; 1667 int __status; 1668 char src[__len]; 1669 1670 __child = fork(); 1671 ATF_REQUIRE(__child >= 0); 1672 if (__child > 0) 1673 goto monitor; 1674 1675 /* Child */ 1676 disable_coredumps(); 1677 __stack.__buf = malloc(__bufsz); 1678 memset(__stack.__buf, 0, __len); 1679 memset(src, 'A', __len - 1); 1680 src[__len - 1] = '\0'; 1681 1682 strcpy(__stack.__buf, src); 1683 _exit(EX_SOFTWARE); /* Should have aborted. */ 1684 1685 monitor: 1686 while (waitpid(__child, &__status, 0) != __child) { 1687 ATF_REQUIRE_EQ(EINTR, errno); 1688 } 1689 1690 if (!WIFSIGNALED(__status)) { 1691 switch (WEXITSTATUS(__status)) { 1692 case EX_SOFTWARE: 1693 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1694 break; 1695 case EX_OSERR: 1696 atf_tc_fail("setrlimit(2) failed"); 1697 break; 1698 default: 1699 atf_tc_fail("child exited with status %d", 1700 WEXITSTATUS(__status)); 1701 } 1702 } else { 1703 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1704 } 1705 #undef BUF 1706 1707 } 1708 1709 ATF_TC_WITHOUT_HEAD(strlcpy_before_end); 1710 ATF_TC_BODY(strlcpy_before_end, tc) 1711 { 1712 #define BUF &__stack.__buf 1713 struct { 1714 uint8_t padding_l; 1715 unsigned char __buf[42]; 1716 uint8_t padding_r; 1717 } __stack; 1718 const size_t __bufsz __unused = sizeof(__stack.__buf); 1719 const size_t __len = 42 - 1; 1720 const size_t __idx __unused = __len - 1; 1721 char src[__len]; 1722 1723 memset(__stack.__buf, 0, __len); 1724 memset(src, 'A', __len - 1); 1725 src[__len - 1] = '\0'; 1726 1727 strlcpy(__stack.__buf, src, __len); 1728 #undef BUF 1729 1730 } 1731 1732 ATF_TC_WITHOUT_HEAD(strlcpy_end); 1733 ATF_TC_BODY(strlcpy_end, tc) 1734 { 1735 #define BUF &__stack.__buf 1736 struct { 1737 uint8_t padding_l; 1738 unsigned char __buf[42]; 1739 uint8_t padding_r; 1740 } __stack; 1741 const size_t __bufsz __unused = sizeof(__stack.__buf); 1742 const size_t __len = 42; 1743 const size_t __idx __unused = __len - 1; 1744 char src[__len]; 1745 1746 memset(__stack.__buf, 0, __len); 1747 memset(src, 'A', __len - 1); 1748 src[__len - 1] = '\0'; 1749 1750 strlcpy(__stack.__buf, src, __len); 1751 #undef BUF 1752 1753 } 1754 1755 ATF_TC_WITHOUT_HEAD(strlcpy_heap_before_end); 1756 ATF_TC_BODY(strlcpy_heap_before_end, tc) 1757 { 1758 #define BUF __stack.__buf 1759 struct { 1760 uint8_t padding_l; 1761 unsigned char * __buf; 1762 uint8_t padding_r; 1763 } __stack; 1764 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1765 const size_t __len = 42 - 1; 1766 const size_t __idx __unused = __len - 1; 1767 char src[__len]; 1768 1769 __stack.__buf = malloc(__bufsz); 1770 memset(__stack.__buf, 0, __len); 1771 memset(src, 'A', __len - 1); 1772 src[__len - 1] = '\0'; 1773 1774 strlcpy(__stack.__buf, src, __len); 1775 #undef BUF 1776 1777 } 1778 1779 ATF_TC_WITHOUT_HEAD(strlcpy_heap_end); 1780 ATF_TC_BODY(strlcpy_heap_end, tc) 1781 { 1782 #define BUF __stack.__buf 1783 struct { 1784 uint8_t padding_l; 1785 unsigned char * __buf; 1786 uint8_t padding_r; 1787 } __stack; 1788 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1789 const size_t __len = 42; 1790 const size_t __idx __unused = __len - 1; 1791 char src[__len]; 1792 1793 __stack.__buf = malloc(__bufsz); 1794 memset(__stack.__buf, 0, __len); 1795 memset(src, 'A', __len - 1); 1796 src[__len - 1] = '\0'; 1797 1798 strlcpy(__stack.__buf, src, __len); 1799 #undef BUF 1800 1801 } 1802 1803 ATF_TC_WITHOUT_HEAD(strlcpy_heap_after_end); 1804 ATF_TC_BODY(strlcpy_heap_after_end, tc) 1805 { 1806 #define BUF __stack.__buf 1807 struct { 1808 uint8_t padding_l; 1809 unsigned char * __buf; 1810 uint8_t padding_r; 1811 } __stack; 1812 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1813 const size_t __len = 42 + 1; 1814 const size_t __idx __unused = __len - 1; 1815 pid_t __child; 1816 int __status; 1817 char src[__len]; 1818 1819 __child = fork(); 1820 ATF_REQUIRE(__child >= 0); 1821 if (__child > 0) 1822 goto monitor; 1823 1824 /* Child */ 1825 disable_coredumps(); 1826 __stack.__buf = malloc(__bufsz); 1827 memset(__stack.__buf, 0, __len); 1828 memset(src, 'A', __len - 1); 1829 src[__len - 1] = '\0'; 1830 1831 strlcpy(__stack.__buf, src, __len); 1832 _exit(EX_SOFTWARE); /* Should have aborted. */ 1833 1834 monitor: 1835 while (waitpid(__child, &__status, 0) != __child) { 1836 ATF_REQUIRE_EQ(EINTR, errno); 1837 } 1838 1839 if (!WIFSIGNALED(__status)) { 1840 switch (WEXITSTATUS(__status)) { 1841 case EX_SOFTWARE: 1842 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1843 break; 1844 case EX_OSERR: 1845 atf_tc_fail("setrlimit(2) failed"); 1846 break; 1847 default: 1848 atf_tc_fail("child exited with status %d", 1849 WEXITSTATUS(__status)); 1850 } 1851 } else { 1852 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1853 } 1854 #undef BUF 1855 1856 } 1857 1858 ATF_TC_WITHOUT_HEAD(strncpy_before_end); 1859 ATF_TC_BODY(strncpy_before_end, tc) 1860 { 1861 #define BUF &__stack.__buf 1862 struct { 1863 uint8_t padding_l; 1864 unsigned char __buf[42]; 1865 uint8_t padding_r; 1866 } __stack; 1867 const size_t __bufsz __unused = sizeof(__stack.__buf); 1868 const size_t __len = 42 - 1; 1869 const size_t __idx __unused = __len - 1; 1870 char src[__len]; 1871 1872 memset(__stack.__buf, 0, __len); 1873 memset(src, 'A', __len - 1); 1874 src[__len - 1] = '\0'; 1875 1876 strncpy(__stack.__buf, src, __len); 1877 #undef BUF 1878 1879 } 1880 1881 ATF_TC_WITHOUT_HEAD(strncpy_end); 1882 ATF_TC_BODY(strncpy_end, tc) 1883 { 1884 #define BUF &__stack.__buf 1885 struct { 1886 uint8_t padding_l; 1887 unsigned char __buf[42]; 1888 uint8_t padding_r; 1889 } __stack; 1890 const size_t __bufsz __unused = sizeof(__stack.__buf); 1891 const size_t __len = 42; 1892 const size_t __idx __unused = __len - 1; 1893 char src[__len]; 1894 1895 memset(__stack.__buf, 0, __len); 1896 memset(src, 'A', __len - 1); 1897 src[__len - 1] = '\0'; 1898 1899 strncpy(__stack.__buf, src, __len); 1900 #undef BUF 1901 1902 } 1903 1904 ATF_TC_WITHOUT_HEAD(strncpy_heap_before_end); 1905 ATF_TC_BODY(strncpy_heap_before_end, tc) 1906 { 1907 #define BUF __stack.__buf 1908 struct { 1909 uint8_t padding_l; 1910 unsigned char * __buf; 1911 uint8_t padding_r; 1912 } __stack; 1913 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1914 const size_t __len = 42 - 1; 1915 const size_t __idx __unused = __len - 1; 1916 char src[__len]; 1917 1918 __stack.__buf = malloc(__bufsz); 1919 memset(__stack.__buf, 0, __len); 1920 memset(src, 'A', __len - 1); 1921 src[__len - 1] = '\0'; 1922 1923 strncpy(__stack.__buf, src, __len); 1924 #undef BUF 1925 1926 } 1927 1928 ATF_TC_WITHOUT_HEAD(strncpy_heap_end); 1929 ATF_TC_BODY(strncpy_heap_end, tc) 1930 { 1931 #define BUF __stack.__buf 1932 struct { 1933 uint8_t padding_l; 1934 unsigned char * __buf; 1935 uint8_t padding_r; 1936 } __stack; 1937 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1938 const size_t __len = 42; 1939 const size_t __idx __unused = __len - 1; 1940 char src[__len]; 1941 1942 __stack.__buf = malloc(__bufsz); 1943 memset(__stack.__buf, 0, __len); 1944 memset(src, 'A', __len - 1); 1945 src[__len - 1] = '\0'; 1946 1947 strncpy(__stack.__buf, src, __len); 1948 #undef BUF 1949 1950 } 1951 1952 ATF_TC_WITHOUT_HEAD(strncpy_heap_after_end); 1953 ATF_TC_BODY(strncpy_heap_after_end, tc) 1954 { 1955 #define BUF __stack.__buf 1956 struct { 1957 uint8_t padding_l; 1958 unsigned char * __buf; 1959 uint8_t padding_r; 1960 } __stack; 1961 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1962 const size_t __len = 42 + 1; 1963 const size_t __idx __unused = __len - 1; 1964 pid_t __child; 1965 int __status; 1966 char src[__len]; 1967 1968 __child = fork(); 1969 ATF_REQUIRE(__child >= 0); 1970 if (__child > 0) 1971 goto monitor; 1972 1973 /* Child */ 1974 disable_coredumps(); 1975 __stack.__buf = malloc(__bufsz); 1976 memset(__stack.__buf, 0, __len); 1977 memset(src, 'A', __len - 1); 1978 src[__len - 1] = '\0'; 1979 1980 strncpy(__stack.__buf, src, __len); 1981 _exit(EX_SOFTWARE); /* Should have aborted. */ 1982 1983 monitor: 1984 while (waitpid(__child, &__status, 0) != __child) { 1985 ATF_REQUIRE_EQ(EINTR, errno); 1986 } 1987 1988 if (!WIFSIGNALED(__status)) { 1989 switch (WEXITSTATUS(__status)) { 1990 case EX_SOFTWARE: 1991 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1992 break; 1993 case EX_OSERR: 1994 atf_tc_fail("setrlimit(2) failed"); 1995 break; 1996 default: 1997 atf_tc_fail("child exited with status %d", 1998 WEXITSTATUS(__status)); 1999 } 2000 } else { 2001 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 2002 } 2003 #undef BUF 2004 2005 } 2006 2007 ATF_TP_ADD_TCS(tp) 2008 { 2009 ATF_TP_ADD_TC(tp, memcpy_before_end); 2010 ATF_TP_ADD_TC(tp, memcpy_end); 2011 ATF_TP_ADD_TC(tp, memcpy_heap_before_end); 2012 ATF_TP_ADD_TC(tp, memcpy_heap_end); 2013 ATF_TP_ADD_TC(tp, memcpy_heap_after_end); 2014 ATF_TP_ADD_TC(tp, mempcpy_before_end); 2015 ATF_TP_ADD_TC(tp, mempcpy_end); 2016 ATF_TP_ADD_TC(tp, mempcpy_heap_before_end); 2017 ATF_TP_ADD_TC(tp, mempcpy_heap_end); 2018 ATF_TP_ADD_TC(tp, mempcpy_heap_after_end); 2019 ATF_TP_ADD_TC(tp, memmove_before_end); 2020 ATF_TP_ADD_TC(tp, memmove_end); 2021 ATF_TP_ADD_TC(tp, memmove_heap_before_end); 2022 ATF_TP_ADD_TC(tp, memmove_heap_end); 2023 ATF_TP_ADD_TC(tp, memmove_heap_after_end); 2024 ATF_TP_ADD_TC(tp, memset_before_end); 2025 ATF_TP_ADD_TC(tp, memset_end); 2026 ATF_TP_ADD_TC(tp, memset_heap_before_end); 2027 ATF_TP_ADD_TC(tp, memset_heap_end); 2028 ATF_TP_ADD_TC(tp, memset_heap_after_end); 2029 ATF_TP_ADD_TC(tp, memset_explicit_before_end); 2030 ATF_TP_ADD_TC(tp, memset_explicit_end); 2031 ATF_TP_ADD_TC(tp, memset_explicit_heap_before_end); 2032 ATF_TP_ADD_TC(tp, memset_explicit_heap_end); 2033 ATF_TP_ADD_TC(tp, memset_explicit_heap_after_end); 2034 ATF_TP_ADD_TC(tp, stpcpy_before_end); 2035 ATF_TP_ADD_TC(tp, stpcpy_end); 2036 ATF_TP_ADD_TC(tp, stpcpy_heap_before_end); 2037 ATF_TP_ADD_TC(tp, stpcpy_heap_end); 2038 ATF_TP_ADD_TC(tp, stpcpy_heap_after_end); 2039 ATF_TP_ADD_TC(tp, stpncpy_before_end); 2040 ATF_TP_ADD_TC(tp, stpncpy_end); 2041 ATF_TP_ADD_TC(tp, stpncpy_heap_before_end); 2042 ATF_TP_ADD_TC(tp, stpncpy_heap_end); 2043 ATF_TP_ADD_TC(tp, stpncpy_heap_after_end); 2044 ATF_TP_ADD_TC(tp, strcat_before_end); 2045 ATF_TP_ADD_TC(tp, strcat_end); 2046 ATF_TP_ADD_TC(tp, strcat_heap_before_end); 2047 ATF_TP_ADD_TC(tp, strcat_heap_end); 2048 ATF_TP_ADD_TC(tp, strcat_heap_after_end); 2049 ATF_TP_ADD_TC(tp, strlcat_before_end); 2050 ATF_TP_ADD_TC(tp, strlcat_end); 2051 ATF_TP_ADD_TC(tp, strlcat_heap_before_end); 2052 ATF_TP_ADD_TC(tp, strlcat_heap_end); 2053 ATF_TP_ADD_TC(tp, strlcat_heap_after_end); 2054 ATF_TP_ADD_TC(tp, strncat_before_end); 2055 ATF_TP_ADD_TC(tp, strncat_end); 2056 ATF_TP_ADD_TC(tp, strncat_heap_before_end); 2057 ATF_TP_ADD_TC(tp, strncat_heap_end); 2058 ATF_TP_ADD_TC(tp, strncat_heap_after_end); 2059 ATF_TP_ADD_TC(tp, strcpy_before_end); 2060 ATF_TP_ADD_TC(tp, strcpy_end); 2061 ATF_TP_ADD_TC(tp, strcpy_heap_before_end); 2062 ATF_TP_ADD_TC(tp, strcpy_heap_end); 2063 ATF_TP_ADD_TC(tp, strcpy_heap_after_end); 2064 ATF_TP_ADD_TC(tp, strlcpy_before_end); 2065 ATF_TP_ADD_TC(tp, strlcpy_end); 2066 ATF_TP_ADD_TC(tp, strlcpy_heap_before_end); 2067 ATF_TP_ADD_TC(tp, strlcpy_heap_end); 2068 ATF_TP_ADD_TC(tp, strlcpy_heap_after_end); 2069 ATF_TP_ADD_TC(tp, strncpy_before_end); 2070 ATF_TP_ADD_TC(tp, strncpy_end); 2071 ATF_TP_ADD_TC(tp, strncpy_heap_before_end); 2072 ATF_TP_ADD_TC(tp, strncpy_heap_end); 2073 ATF_TP_ADD_TC(tp, strncpy_heap_after_end); 2074 return (atf_no_error()); 2075 } 2076