1 /* @generated by `generate-fortify-tests.lua "string"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/resource.h> 8 #include <sys/time.h> 9 #include <sys/wait.h> 10 #include <dirent.h> 11 #include <errno.h> 12 #include <fcntl.h> 13 #include <limits.h> 14 #include <signal.h> 15 #include <stdio.h> 16 #include <stdlib.h> 17 #include <string.h> 18 #include <strings.h> 19 #include <sysexits.h> 20 #include <unistd.h> 21 #include <atf-c.h> 22 23 static FILE * __unused 24 new_fp(size_t __len) 25 { 26 static char fpbuf[LINE_MAX]; 27 FILE *fp; 28 29 ATF_REQUIRE(__len <= sizeof(fpbuf)); 30 31 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 32 fpbuf[sizeof(fpbuf) - 1] = '\0'; 33 34 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 35 ATF_REQUIRE(fp != NULL); 36 37 return (fp); 38 } 39 40 /* 41 * Create a new symlink to use for readlink(2) style tests, we'll just use a 42 * random target name to have something interesting to look at. 43 */ 44 static const char * __unused 45 new_symlink(size_t __len) 46 { 47 static const char linkname[] = "link"; 48 char target[MAXNAMLEN]; 49 int error; 50 51 ATF_REQUIRE(__len <= sizeof(target)); 52 53 arc4random_buf(target, sizeof(target)); 54 55 error = unlink(linkname); 56 ATF_REQUIRE(error == 0 || errno == ENOENT); 57 58 error = symlink(target, linkname); 59 ATF_REQUIRE(error == 0); 60 61 return (linkname); 62 } 63 64 /* 65 * Constructs a tmpfile that we can use for testing read(2) and friends. 66 */ 67 static int __unused 68 new_tmpfile(void) 69 { 70 char buf[1024]; 71 ssize_t rv; 72 size_t written; 73 int fd; 74 75 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 76 ATF_REQUIRE(fd >= 0); 77 78 written = 0; 79 while (written < TMPFILE_SIZE) { 80 rv = write(fd, buf, sizeof(buf)); 81 ATF_REQUIRE(rv > 0); 82 83 written += rv; 84 } 85 86 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 87 return (fd); 88 } 89 90 static void 91 disable_coredumps(void) 92 { 93 struct rlimit rl = { 0 }; 94 95 if (setrlimit(RLIMIT_CORE, &rl) == -1) 96 _exit(EX_OSERR); 97 } 98 99 /* 100 * Replaces stdin with a file that we can actually read from, for tests where 101 * we want a FILE * or fd that we can get data from. 102 */ 103 static void __unused 104 replace_stdin(void) 105 { 106 int fd; 107 108 fd = new_tmpfile(); 109 110 (void)dup2(fd, STDIN_FILENO); 111 if (fd != STDIN_FILENO) 112 close(fd); 113 } 114 115 ATF_TC_WITHOUT_HEAD(memcpy_before_end); 116 ATF_TC_BODY(memcpy_before_end, tc) 117 { 118 #define BUF &__stack.__buf 119 struct { 120 uint8_t padding_l; 121 unsigned char __buf[42]; 122 uint8_t padding_r; 123 } __stack; 124 const size_t __bufsz __unused = sizeof(__stack.__buf); 125 const size_t __len = 42 - 1; 126 const size_t __idx __unused = __len - 1; 127 char src[__len + 10]; 128 129 memcpy(__stack.__buf, src, __len); 130 #undef BUF 131 132 } 133 134 ATF_TC_WITHOUT_HEAD(memcpy_end); 135 ATF_TC_BODY(memcpy_end, tc) 136 { 137 #define BUF &__stack.__buf 138 struct { 139 uint8_t padding_l; 140 unsigned char __buf[42]; 141 uint8_t padding_r; 142 } __stack; 143 const size_t __bufsz __unused = sizeof(__stack.__buf); 144 const size_t __len = 42; 145 const size_t __idx __unused = __len - 1; 146 char src[__len + 10]; 147 148 memcpy(__stack.__buf, src, __len); 149 #undef BUF 150 151 } 152 153 ATF_TC_WITHOUT_HEAD(memcpy_heap_before_end); 154 ATF_TC_BODY(memcpy_heap_before_end, tc) 155 { 156 #define BUF __stack.__buf 157 struct { 158 uint8_t padding_l; 159 unsigned char * __buf; 160 uint8_t padding_r; 161 } __stack; 162 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 163 const size_t __len = 42 - 1; 164 const size_t __idx __unused = __len - 1; 165 char src[__len + 10]; 166 167 __stack.__buf = malloc(__bufsz); 168 169 memcpy(__stack.__buf, src, __len); 170 #undef BUF 171 172 } 173 174 ATF_TC_WITHOUT_HEAD(memcpy_heap_end); 175 ATF_TC_BODY(memcpy_heap_end, tc) 176 { 177 #define BUF __stack.__buf 178 struct { 179 uint8_t padding_l; 180 unsigned char * __buf; 181 uint8_t padding_r; 182 } __stack; 183 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 184 const size_t __len = 42; 185 const size_t __idx __unused = __len - 1; 186 char src[__len + 10]; 187 188 __stack.__buf = malloc(__bufsz); 189 190 memcpy(__stack.__buf, src, __len); 191 #undef BUF 192 193 } 194 195 ATF_TC_WITHOUT_HEAD(memcpy_heap_after_end); 196 ATF_TC_BODY(memcpy_heap_after_end, tc) 197 { 198 #define BUF __stack.__buf 199 struct { 200 uint8_t padding_l; 201 unsigned char * __buf; 202 uint8_t padding_r; 203 } __stack; 204 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 205 const size_t __len = 42 + 1; 206 const size_t __idx __unused = __len - 1; 207 pid_t __child; 208 int __status; 209 char src[__len + 10]; 210 211 __child = fork(); 212 ATF_REQUIRE(__child >= 0); 213 if (__child > 0) 214 goto monitor; 215 216 /* Child */ 217 disable_coredumps(); 218 __stack.__buf = malloc(__bufsz); 219 220 memcpy(__stack.__buf, src, __len); 221 _exit(EX_SOFTWARE); /* Should have aborted. */ 222 223 monitor: 224 while (waitpid(__child, &__status, 0) != __child) { 225 ATF_REQUIRE_EQ(EINTR, errno); 226 } 227 228 if (!WIFSIGNALED(__status)) { 229 switch (WEXITSTATUS(__status)) { 230 case EX_SOFTWARE: 231 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 232 break; 233 case EX_OSERR: 234 atf_tc_fail("setrlimit(2) failed"); 235 break; 236 default: 237 atf_tc_fail("child exited with status %d", 238 WEXITSTATUS(__status)); 239 } 240 } else { 241 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 242 } 243 #undef BUF 244 245 } 246 247 ATF_TC_WITHOUT_HEAD(mempcpy_before_end); 248 ATF_TC_BODY(mempcpy_before_end, tc) 249 { 250 #define BUF &__stack.__buf 251 struct { 252 uint8_t padding_l; 253 unsigned char __buf[42]; 254 uint8_t padding_r; 255 } __stack; 256 const size_t __bufsz __unused = sizeof(__stack.__buf); 257 const size_t __len = 42 - 1; 258 const size_t __idx __unused = __len - 1; 259 char src[__len + 10]; 260 261 mempcpy(__stack.__buf, src, __len); 262 #undef BUF 263 264 } 265 266 ATF_TC_WITHOUT_HEAD(mempcpy_end); 267 ATF_TC_BODY(mempcpy_end, tc) 268 { 269 #define BUF &__stack.__buf 270 struct { 271 uint8_t padding_l; 272 unsigned char __buf[42]; 273 uint8_t padding_r; 274 } __stack; 275 const size_t __bufsz __unused = sizeof(__stack.__buf); 276 const size_t __len = 42; 277 const size_t __idx __unused = __len - 1; 278 char src[__len + 10]; 279 280 mempcpy(__stack.__buf, src, __len); 281 #undef BUF 282 283 } 284 285 ATF_TC_WITHOUT_HEAD(mempcpy_heap_before_end); 286 ATF_TC_BODY(mempcpy_heap_before_end, tc) 287 { 288 #define BUF __stack.__buf 289 struct { 290 uint8_t padding_l; 291 unsigned char * __buf; 292 uint8_t padding_r; 293 } __stack; 294 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 295 const size_t __len = 42 - 1; 296 const size_t __idx __unused = __len - 1; 297 char src[__len + 10]; 298 299 __stack.__buf = malloc(__bufsz); 300 301 mempcpy(__stack.__buf, src, __len); 302 #undef BUF 303 304 } 305 306 ATF_TC_WITHOUT_HEAD(mempcpy_heap_end); 307 ATF_TC_BODY(mempcpy_heap_end, tc) 308 { 309 #define BUF __stack.__buf 310 struct { 311 uint8_t padding_l; 312 unsigned char * __buf; 313 uint8_t padding_r; 314 } __stack; 315 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 316 const size_t __len = 42; 317 const size_t __idx __unused = __len - 1; 318 char src[__len + 10]; 319 320 __stack.__buf = malloc(__bufsz); 321 322 mempcpy(__stack.__buf, src, __len); 323 #undef BUF 324 325 } 326 327 ATF_TC_WITHOUT_HEAD(mempcpy_heap_after_end); 328 ATF_TC_BODY(mempcpy_heap_after_end, tc) 329 { 330 #define BUF __stack.__buf 331 struct { 332 uint8_t padding_l; 333 unsigned char * __buf; 334 uint8_t padding_r; 335 } __stack; 336 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 337 const size_t __len = 42 + 1; 338 const size_t __idx __unused = __len - 1; 339 pid_t __child; 340 int __status; 341 char src[__len + 10]; 342 343 __child = fork(); 344 ATF_REQUIRE(__child >= 0); 345 if (__child > 0) 346 goto monitor; 347 348 /* Child */ 349 disable_coredumps(); 350 __stack.__buf = malloc(__bufsz); 351 352 mempcpy(__stack.__buf, src, __len); 353 _exit(EX_SOFTWARE); /* Should have aborted. */ 354 355 monitor: 356 while (waitpid(__child, &__status, 0) != __child) { 357 ATF_REQUIRE_EQ(EINTR, errno); 358 } 359 360 if (!WIFSIGNALED(__status)) { 361 switch (WEXITSTATUS(__status)) { 362 case EX_SOFTWARE: 363 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 364 break; 365 case EX_OSERR: 366 atf_tc_fail("setrlimit(2) failed"); 367 break; 368 default: 369 atf_tc_fail("child exited with status %d", 370 WEXITSTATUS(__status)); 371 } 372 } else { 373 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 374 } 375 #undef BUF 376 377 } 378 379 ATF_TC_WITHOUT_HEAD(memmove_before_end); 380 ATF_TC_BODY(memmove_before_end, tc) 381 { 382 #define BUF &__stack.__buf 383 struct { 384 uint8_t padding_l; 385 unsigned char __buf[42]; 386 uint8_t padding_r; 387 } __stack; 388 const size_t __bufsz __unused = sizeof(__stack.__buf); 389 const size_t __len = 42 - 1; 390 const size_t __idx __unused = __len - 1; 391 char src[__len + 10]; 392 393 memmove(__stack.__buf, src, __len); 394 #undef BUF 395 396 } 397 398 ATF_TC_WITHOUT_HEAD(memmove_end); 399 ATF_TC_BODY(memmove_end, tc) 400 { 401 #define BUF &__stack.__buf 402 struct { 403 uint8_t padding_l; 404 unsigned char __buf[42]; 405 uint8_t padding_r; 406 } __stack; 407 const size_t __bufsz __unused = sizeof(__stack.__buf); 408 const size_t __len = 42; 409 const size_t __idx __unused = __len - 1; 410 char src[__len + 10]; 411 412 memmove(__stack.__buf, src, __len); 413 #undef BUF 414 415 } 416 417 ATF_TC_WITHOUT_HEAD(memmove_heap_before_end); 418 ATF_TC_BODY(memmove_heap_before_end, tc) 419 { 420 #define BUF __stack.__buf 421 struct { 422 uint8_t padding_l; 423 unsigned char * __buf; 424 uint8_t padding_r; 425 } __stack; 426 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 427 const size_t __len = 42 - 1; 428 const size_t __idx __unused = __len - 1; 429 char src[__len + 10]; 430 431 __stack.__buf = malloc(__bufsz); 432 433 memmove(__stack.__buf, src, __len); 434 #undef BUF 435 436 } 437 438 ATF_TC_WITHOUT_HEAD(memmove_heap_end); 439 ATF_TC_BODY(memmove_heap_end, tc) 440 { 441 #define BUF __stack.__buf 442 struct { 443 uint8_t padding_l; 444 unsigned char * __buf; 445 uint8_t padding_r; 446 } __stack; 447 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 448 const size_t __len = 42; 449 const size_t __idx __unused = __len - 1; 450 char src[__len + 10]; 451 452 __stack.__buf = malloc(__bufsz); 453 454 memmove(__stack.__buf, src, __len); 455 #undef BUF 456 457 } 458 459 ATF_TC_WITHOUT_HEAD(memmove_heap_after_end); 460 ATF_TC_BODY(memmove_heap_after_end, tc) 461 { 462 #define BUF __stack.__buf 463 struct { 464 uint8_t padding_l; 465 unsigned char * __buf; 466 uint8_t padding_r; 467 } __stack; 468 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 469 const size_t __len = 42 + 1; 470 const size_t __idx __unused = __len - 1; 471 pid_t __child; 472 int __status; 473 char src[__len + 10]; 474 475 __child = fork(); 476 ATF_REQUIRE(__child >= 0); 477 if (__child > 0) 478 goto monitor; 479 480 /* Child */ 481 disable_coredumps(); 482 __stack.__buf = malloc(__bufsz); 483 484 memmove(__stack.__buf, src, __len); 485 _exit(EX_SOFTWARE); /* Should have aborted. */ 486 487 monitor: 488 while (waitpid(__child, &__status, 0) != __child) { 489 ATF_REQUIRE_EQ(EINTR, errno); 490 } 491 492 if (!WIFSIGNALED(__status)) { 493 switch (WEXITSTATUS(__status)) { 494 case EX_SOFTWARE: 495 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 496 break; 497 case EX_OSERR: 498 atf_tc_fail("setrlimit(2) failed"); 499 break; 500 default: 501 atf_tc_fail("child exited with status %d", 502 WEXITSTATUS(__status)); 503 } 504 } else { 505 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 506 } 507 #undef BUF 508 509 } 510 511 ATF_TC_WITHOUT_HEAD(memset_before_end); 512 ATF_TC_BODY(memset_before_end, tc) 513 { 514 #define BUF &__stack.__buf 515 struct { 516 uint8_t padding_l; 517 unsigned char __buf[42]; 518 uint8_t padding_r; 519 } __stack; 520 const size_t __bufsz __unused = sizeof(__stack.__buf); 521 const size_t __len = 42 - 1; 522 const size_t __idx __unused = __len - 1; 523 524 memset(__stack.__buf, 0, __len); 525 #undef BUF 526 527 } 528 529 ATF_TC_WITHOUT_HEAD(memset_end); 530 ATF_TC_BODY(memset_end, tc) 531 { 532 #define BUF &__stack.__buf 533 struct { 534 uint8_t padding_l; 535 unsigned char __buf[42]; 536 uint8_t padding_r; 537 } __stack; 538 const size_t __bufsz __unused = sizeof(__stack.__buf); 539 const size_t __len = 42; 540 const size_t __idx __unused = __len - 1; 541 542 memset(__stack.__buf, 0, __len); 543 #undef BUF 544 545 } 546 547 ATF_TC_WITHOUT_HEAD(memset_heap_before_end); 548 ATF_TC_BODY(memset_heap_before_end, tc) 549 { 550 #define BUF __stack.__buf 551 struct { 552 uint8_t padding_l; 553 unsigned char * __buf; 554 uint8_t padding_r; 555 } __stack; 556 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 557 const size_t __len = 42 - 1; 558 const size_t __idx __unused = __len - 1; 559 560 __stack.__buf = malloc(__bufsz); 561 562 memset(__stack.__buf, 0, __len); 563 #undef BUF 564 565 } 566 567 ATF_TC_WITHOUT_HEAD(memset_heap_end); 568 ATF_TC_BODY(memset_heap_end, tc) 569 { 570 #define BUF __stack.__buf 571 struct { 572 uint8_t padding_l; 573 unsigned char * __buf; 574 uint8_t padding_r; 575 } __stack; 576 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 577 const size_t __len = 42; 578 const size_t __idx __unused = __len - 1; 579 580 __stack.__buf = malloc(__bufsz); 581 582 memset(__stack.__buf, 0, __len); 583 #undef BUF 584 585 } 586 587 ATF_TC_WITHOUT_HEAD(memset_heap_after_end); 588 ATF_TC_BODY(memset_heap_after_end, tc) 589 { 590 #define BUF __stack.__buf 591 struct { 592 uint8_t padding_l; 593 unsigned char * __buf; 594 uint8_t padding_r; 595 } __stack; 596 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 597 const size_t __len = 42 + 1; 598 const size_t __idx __unused = __len - 1; 599 pid_t __child; 600 int __status; 601 602 __child = fork(); 603 ATF_REQUIRE(__child >= 0); 604 if (__child > 0) 605 goto monitor; 606 607 /* Child */ 608 disable_coredumps(); 609 __stack.__buf = malloc(__bufsz); 610 611 memset(__stack.__buf, 0, __len); 612 _exit(EX_SOFTWARE); /* Should have aborted. */ 613 614 monitor: 615 while (waitpid(__child, &__status, 0) != __child) { 616 ATF_REQUIRE_EQ(EINTR, errno); 617 } 618 619 if (!WIFSIGNALED(__status)) { 620 switch (WEXITSTATUS(__status)) { 621 case EX_SOFTWARE: 622 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 623 break; 624 case EX_OSERR: 625 atf_tc_fail("setrlimit(2) failed"); 626 break; 627 default: 628 atf_tc_fail("child exited with status %d", 629 WEXITSTATUS(__status)); 630 } 631 } else { 632 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 633 } 634 #undef BUF 635 636 } 637 638 ATF_TC_WITHOUT_HEAD(stpcpy_before_end); 639 ATF_TC_BODY(stpcpy_before_end, tc) 640 { 641 #define BUF &__stack.__buf 642 struct { 643 uint8_t padding_l; 644 unsigned char __buf[42]; 645 uint8_t padding_r; 646 } __stack; 647 const size_t __bufsz __unused = sizeof(__stack.__buf); 648 const size_t __len = 42 - 1; 649 const size_t __idx __unused = __len - 1; 650 char src[__len]; 651 652 memset(__stack.__buf, 0, __len); 653 memset(src, 'A', __len - 1); 654 src[__len - 1] = '\0'; 655 656 stpcpy(__stack.__buf, src); 657 #undef BUF 658 659 } 660 661 ATF_TC_WITHOUT_HEAD(stpcpy_end); 662 ATF_TC_BODY(stpcpy_end, tc) 663 { 664 #define BUF &__stack.__buf 665 struct { 666 uint8_t padding_l; 667 unsigned char __buf[42]; 668 uint8_t padding_r; 669 } __stack; 670 const size_t __bufsz __unused = sizeof(__stack.__buf); 671 const size_t __len = 42; 672 const size_t __idx __unused = __len - 1; 673 char src[__len]; 674 675 memset(__stack.__buf, 0, __len); 676 memset(src, 'A', __len - 1); 677 src[__len - 1] = '\0'; 678 679 stpcpy(__stack.__buf, src); 680 #undef BUF 681 682 } 683 684 ATF_TC_WITHOUT_HEAD(stpcpy_heap_before_end); 685 ATF_TC_BODY(stpcpy_heap_before_end, tc) 686 { 687 #define BUF __stack.__buf 688 struct { 689 uint8_t padding_l; 690 unsigned char * __buf; 691 uint8_t padding_r; 692 } __stack; 693 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 694 const size_t __len = 42 - 1; 695 const size_t __idx __unused = __len - 1; 696 char src[__len]; 697 698 __stack.__buf = malloc(__bufsz); 699 memset(__stack.__buf, 0, __len); 700 memset(src, 'A', __len - 1); 701 src[__len - 1] = '\0'; 702 703 stpcpy(__stack.__buf, src); 704 #undef BUF 705 706 } 707 708 ATF_TC_WITHOUT_HEAD(stpcpy_heap_end); 709 ATF_TC_BODY(stpcpy_heap_end, tc) 710 { 711 #define BUF __stack.__buf 712 struct { 713 uint8_t padding_l; 714 unsigned char * __buf; 715 uint8_t padding_r; 716 } __stack; 717 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 718 const size_t __len = 42; 719 const size_t __idx __unused = __len - 1; 720 char src[__len]; 721 722 __stack.__buf = malloc(__bufsz); 723 memset(__stack.__buf, 0, __len); 724 memset(src, 'A', __len - 1); 725 src[__len - 1] = '\0'; 726 727 stpcpy(__stack.__buf, src); 728 #undef BUF 729 730 } 731 732 ATF_TC_WITHOUT_HEAD(stpcpy_heap_after_end); 733 ATF_TC_BODY(stpcpy_heap_after_end, tc) 734 { 735 #define BUF __stack.__buf 736 struct { 737 uint8_t padding_l; 738 unsigned char * __buf; 739 uint8_t padding_r; 740 } __stack; 741 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 742 const size_t __len = 42 + 1; 743 const size_t __idx __unused = __len - 1; 744 pid_t __child; 745 int __status; 746 char src[__len]; 747 748 __child = fork(); 749 ATF_REQUIRE(__child >= 0); 750 if (__child > 0) 751 goto monitor; 752 753 /* Child */ 754 disable_coredumps(); 755 __stack.__buf = malloc(__bufsz); 756 memset(__stack.__buf, 0, __len); 757 memset(src, 'A', __len - 1); 758 src[__len - 1] = '\0'; 759 760 stpcpy(__stack.__buf, src); 761 _exit(EX_SOFTWARE); /* Should have aborted. */ 762 763 monitor: 764 while (waitpid(__child, &__status, 0) != __child) { 765 ATF_REQUIRE_EQ(EINTR, errno); 766 } 767 768 if (!WIFSIGNALED(__status)) { 769 switch (WEXITSTATUS(__status)) { 770 case EX_SOFTWARE: 771 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 772 break; 773 case EX_OSERR: 774 atf_tc_fail("setrlimit(2) failed"); 775 break; 776 default: 777 atf_tc_fail("child exited with status %d", 778 WEXITSTATUS(__status)); 779 } 780 } else { 781 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 782 } 783 #undef BUF 784 785 } 786 787 ATF_TC_WITHOUT_HEAD(stpncpy_before_end); 788 ATF_TC_BODY(stpncpy_before_end, tc) 789 { 790 #define BUF &__stack.__buf 791 struct { 792 uint8_t padding_l; 793 unsigned char __buf[42]; 794 uint8_t padding_r; 795 } __stack; 796 const size_t __bufsz __unused = sizeof(__stack.__buf); 797 const size_t __len = 42 - 1; 798 const size_t __idx __unused = __len - 1; 799 char src[__len]; 800 801 memset(__stack.__buf, 0, __len); 802 memset(src, 'A', __len - 1); 803 src[__len - 1] = '\0'; 804 805 stpncpy(__stack.__buf, src, __len); 806 #undef BUF 807 808 } 809 810 ATF_TC_WITHOUT_HEAD(stpncpy_end); 811 ATF_TC_BODY(stpncpy_end, tc) 812 { 813 #define BUF &__stack.__buf 814 struct { 815 uint8_t padding_l; 816 unsigned char __buf[42]; 817 uint8_t padding_r; 818 } __stack; 819 const size_t __bufsz __unused = sizeof(__stack.__buf); 820 const size_t __len = 42; 821 const size_t __idx __unused = __len - 1; 822 char src[__len]; 823 824 memset(__stack.__buf, 0, __len); 825 memset(src, 'A', __len - 1); 826 src[__len - 1] = '\0'; 827 828 stpncpy(__stack.__buf, src, __len); 829 #undef BUF 830 831 } 832 833 ATF_TC_WITHOUT_HEAD(stpncpy_heap_before_end); 834 ATF_TC_BODY(stpncpy_heap_before_end, tc) 835 { 836 #define BUF __stack.__buf 837 struct { 838 uint8_t padding_l; 839 unsigned char * __buf; 840 uint8_t padding_r; 841 } __stack; 842 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 843 const size_t __len = 42 - 1; 844 const size_t __idx __unused = __len - 1; 845 char src[__len]; 846 847 __stack.__buf = malloc(__bufsz); 848 memset(__stack.__buf, 0, __len); 849 memset(src, 'A', __len - 1); 850 src[__len - 1] = '\0'; 851 852 stpncpy(__stack.__buf, src, __len); 853 #undef BUF 854 855 } 856 857 ATF_TC_WITHOUT_HEAD(stpncpy_heap_end); 858 ATF_TC_BODY(stpncpy_heap_end, tc) 859 { 860 #define BUF __stack.__buf 861 struct { 862 uint8_t padding_l; 863 unsigned char * __buf; 864 uint8_t padding_r; 865 } __stack; 866 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 867 const size_t __len = 42; 868 const size_t __idx __unused = __len - 1; 869 char src[__len]; 870 871 __stack.__buf = malloc(__bufsz); 872 memset(__stack.__buf, 0, __len); 873 memset(src, 'A', __len - 1); 874 src[__len - 1] = '\0'; 875 876 stpncpy(__stack.__buf, src, __len); 877 #undef BUF 878 879 } 880 881 ATF_TC_WITHOUT_HEAD(stpncpy_heap_after_end); 882 ATF_TC_BODY(stpncpy_heap_after_end, tc) 883 { 884 #define BUF __stack.__buf 885 struct { 886 uint8_t padding_l; 887 unsigned char * __buf; 888 uint8_t padding_r; 889 } __stack; 890 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 891 const size_t __len = 42 + 1; 892 const size_t __idx __unused = __len - 1; 893 pid_t __child; 894 int __status; 895 char src[__len]; 896 897 __child = fork(); 898 ATF_REQUIRE(__child >= 0); 899 if (__child > 0) 900 goto monitor; 901 902 /* Child */ 903 disable_coredumps(); 904 __stack.__buf = malloc(__bufsz); 905 memset(__stack.__buf, 0, __len); 906 memset(src, 'A', __len - 1); 907 src[__len - 1] = '\0'; 908 909 stpncpy(__stack.__buf, src, __len); 910 _exit(EX_SOFTWARE); /* Should have aborted. */ 911 912 monitor: 913 while (waitpid(__child, &__status, 0) != __child) { 914 ATF_REQUIRE_EQ(EINTR, errno); 915 } 916 917 if (!WIFSIGNALED(__status)) { 918 switch (WEXITSTATUS(__status)) { 919 case EX_SOFTWARE: 920 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 921 break; 922 case EX_OSERR: 923 atf_tc_fail("setrlimit(2) failed"); 924 break; 925 default: 926 atf_tc_fail("child exited with status %d", 927 WEXITSTATUS(__status)); 928 } 929 } else { 930 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 931 } 932 #undef BUF 933 934 } 935 936 ATF_TC_WITHOUT_HEAD(strcat_before_end); 937 ATF_TC_BODY(strcat_before_end, tc) 938 { 939 #define BUF &__stack.__buf 940 struct { 941 uint8_t padding_l; 942 unsigned char __buf[42]; 943 uint8_t padding_r; 944 } __stack; 945 const size_t __bufsz __unused = sizeof(__stack.__buf); 946 const size_t __len = 42 - 1; 947 const size_t __idx __unused = __len - 1; 948 char src[__len]; 949 950 memset(__stack.__buf, 0, __len); 951 memset(src, 'A', __len - 1); 952 src[__len - 1] = '\0'; 953 954 strcat(__stack.__buf, src); 955 #undef BUF 956 957 } 958 959 ATF_TC_WITHOUT_HEAD(strcat_end); 960 ATF_TC_BODY(strcat_end, tc) 961 { 962 #define BUF &__stack.__buf 963 struct { 964 uint8_t padding_l; 965 unsigned char __buf[42]; 966 uint8_t padding_r; 967 } __stack; 968 const size_t __bufsz __unused = sizeof(__stack.__buf); 969 const size_t __len = 42; 970 const size_t __idx __unused = __len - 1; 971 char src[__len]; 972 973 memset(__stack.__buf, 0, __len); 974 memset(src, 'A', __len - 1); 975 src[__len - 1] = '\0'; 976 977 strcat(__stack.__buf, src); 978 #undef BUF 979 980 } 981 982 ATF_TC_WITHOUT_HEAD(strcat_heap_before_end); 983 ATF_TC_BODY(strcat_heap_before_end, tc) 984 { 985 #define BUF __stack.__buf 986 struct { 987 uint8_t padding_l; 988 unsigned char * __buf; 989 uint8_t padding_r; 990 } __stack; 991 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 992 const size_t __len = 42 - 1; 993 const size_t __idx __unused = __len - 1; 994 char src[__len]; 995 996 __stack.__buf = malloc(__bufsz); 997 memset(__stack.__buf, 0, __len); 998 memset(src, 'A', __len - 1); 999 src[__len - 1] = '\0'; 1000 1001 strcat(__stack.__buf, src); 1002 #undef BUF 1003 1004 } 1005 1006 ATF_TC_WITHOUT_HEAD(strcat_heap_end); 1007 ATF_TC_BODY(strcat_heap_end, tc) 1008 { 1009 #define BUF __stack.__buf 1010 struct { 1011 uint8_t padding_l; 1012 unsigned char * __buf; 1013 uint8_t padding_r; 1014 } __stack; 1015 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1016 const size_t __len = 42; 1017 const size_t __idx __unused = __len - 1; 1018 char src[__len]; 1019 1020 __stack.__buf = malloc(__bufsz); 1021 memset(__stack.__buf, 0, __len); 1022 memset(src, 'A', __len - 1); 1023 src[__len - 1] = '\0'; 1024 1025 strcat(__stack.__buf, src); 1026 #undef BUF 1027 1028 } 1029 1030 ATF_TC_WITHOUT_HEAD(strcat_heap_after_end); 1031 ATF_TC_BODY(strcat_heap_after_end, tc) 1032 { 1033 #define BUF __stack.__buf 1034 struct { 1035 uint8_t padding_l; 1036 unsigned char * __buf; 1037 uint8_t padding_r; 1038 } __stack; 1039 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1040 const size_t __len = 42 + 1; 1041 const size_t __idx __unused = __len - 1; 1042 pid_t __child; 1043 int __status; 1044 char src[__len]; 1045 1046 __child = fork(); 1047 ATF_REQUIRE(__child >= 0); 1048 if (__child > 0) 1049 goto monitor; 1050 1051 /* Child */ 1052 disable_coredumps(); 1053 __stack.__buf = malloc(__bufsz); 1054 memset(__stack.__buf, 0, __len); 1055 memset(src, 'A', __len - 1); 1056 src[__len - 1] = '\0'; 1057 1058 strcat(__stack.__buf, src); 1059 _exit(EX_SOFTWARE); /* Should have aborted. */ 1060 1061 monitor: 1062 while (waitpid(__child, &__status, 0) != __child) { 1063 ATF_REQUIRE_EQ(EINTR, errno); 1064 } 1065 1066 if (!WIFSIGNALED(__status)) { 1067 switch (WEXITSTATUS(__status)) { 1068 case EX_SOFTWARE: 1069 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1070 break; 1071 case EX_OSERR: 1072 atf_tc_fail("setrlimit(2) failed"); 1073 break; 1074 default: 1075 atf_tc_fail("child exited with status %d", 1076 WEXITSTATUS(__status)); 1077 } 1078 } else { 1079 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1080 } 1081 #undef BUF 1082 1083 } 1084 1085 ATF_TC_WITHOUT_HEAD(strlcat_before_end); 1086 ATF_TC_BODY(strlcat_before_end, tc) 1087 { 1088 #define BUF &__stack.__buf 1089 struct { 1090 uint8_t padding_l; 1091 unsigned char __buf[42]; 1092 uint8_t padding_r; 1093 } __stack; 1094 const size_t __bufsz __unused = sizeof(__stack.__buf); 1095 const size_t __len = 42 - 1; 1096 const size_t __idx __unused = __len - 1; 1097 char src[__len]; 1098 1099 memset(__stack.__buf, 0, __len); 1100 memset(src, 'A', __len - 1); 1101 src[__len - 1] = '\0'; 1102 1103 strlcat(__stack.__buf, src, __len); 1104 #undef BUF 1105 1106 } 1107 1108 ATF_TC_WITHOUT_HEAD(strlcat_end); 1109 ATF_TC_BODY(strlcat_end, tc) 1110 { 1111 #define BUF &__stack.__buf 1112 struct { 1113 uint8_t padding_l; 1114 unsigned char __buf[42]; 1115 uint8_t padding_r; 1116 } __stack; 1117 const size_t __bufsz __unused = sizeof(__stack.__buf); 1118 const size_t __len = 42; 1119 const size_t __idx __unused = __len - 1; 1120 char src[__len]; 1121 1122 memset(__stack.__buf, 0, __len); 1123 memset(src, 'A', __len - 1); 1124 src[__len - 1] = '\0'; 1125 1126 strlcat(__stack.__buf, src, __len); 1127 #undef BUF 1128 1129 } 1130 1131 ATF_TC_WITHOUT_HEAD(strlcat_heap_before_end); 1132 ATF_TC_BODY(strlcat_heap_before_end, tc) 1133 { 1134 #define BUF __stack.__buf 1135 struct { 1136 uint8_t padding_l; 1137 unsigned char * __buf; 1138 uint8_t padding_r; 1139 } __stack; 1140 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1141 const size_t __len = 42 - 1; 1142 const size_t __idx __unused = __len - 1; 1143 char src[__len]; 1144 1145 __stack.__buf = malloc(__bufsz); 1146 memset(__stack.__buf, 0, __len); 1147 memset(src, 'A', __len - 1); 1148 src[__len - 1] = '\0'; 1149 1150 strlcat(__stack.__buf, src, __len); 1151 #undef BUF 1152 1153 } 1154 1155 ATF_TC_WITHOUT_HEAD(strlcat_heap_end); 1156 ATF_TC_BODY(strlcat_heap_end, tc) 1157 { 1158 #define BUF __stack.__buf 1159 struct { 1160 uint8_t padding_l; 1161 unsigned char * __buf; 1162 uint8_t padding_r; 1163 } __stack; 1164 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1165 const size_t __len = 42; 1166 const size_t __idx __unused = __len - 1; 1167 char src[__len]; 1168 1169 __stack.__buf = malloc(__bufsz); 1170 memset(__stack.__buf, 0, __len); 1171 memset(src, 'A', __len - 1); 1172 src[__len - 1] = '\0'; 1173 1174 strlcat(__stack.__buf, src, __len); 1175 #undef BUF 1176 1177 } 1178 1179 ATF_TC_WITHOUT_HEAD(strlcat_heap_after_end); 1180 ATF_TC_BODY(strlcat_heap_after_end, tc) 1181 { 1182 #define BUF __stack.__buf 1183 struct { 1184 uint8_t padding_l; 1185 unsigned char * __buf; 1186 uint8_t padding_r; 1187 } __stack; 1188 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1189 const size_t __len = 42 + 1; 1190 const size_t __idx __unused = __len - 1; 1191 pid_t __child; 1192 int __status; 1193 char src[__len]; 1194 1195 __child = fork(); 1196 ATF_REQUIRE(__child >= 0); 1197 if (__child > 0) 1198 goto monitor; 1199 1200 /* Child */ 1201 disable_coredumps(); 1202 __stack.__buf = malloc(__bufsz); 1203 memset(__stack.__buf, 0, __len); 1204 memset(src, 'A', __len - 1); 1205 src[__len - 1] = '\0'; 1206 1207 strlcat(__stack.__buf, src, __len); 1208 _exit(EX_SOFTWARE); /* Should have aborted. */ 1209 1210 monitor: 1211 while (waitpid(__child, &__status, 0) != __child) { 1212 ATF_REQUIRE_EQ(EINTR, errno); 1213 } 1214 1215 if (!WIFSIGNALED(__status)) { 1216 switch (WEXITSTATUS(__status)) { 1217 case EX_SOFTWARE: 1218 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1219 break; 1220 case EX_OSERR: 1221 atf_tc_fail("setrlimit(2) failed"); 1222 break; 1223 default: 1224 atf_tc_fail("child exited with status %d", 1225 WEXITSTATUS(__status)); 1226 } 1227 } else { 1228 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1229 } 1230 #undef BUF 1231 1232 } 1233 1234 ATF_TC_WITHOUT_HEAD(strncat_before_end); 1235 ATF_TC_BODY(strncat_before_end, tc) 1236 { 1237 #define BUF &__stack.__buf 1238 struct { 1239 uint8_t padding_l; 1240 unsigned char __buf[42]; 1241 uint8_t padding_r; 1242 } __stack; 1243 const size_t __bufsz __unused = sizeof(__stack.__buf); 1244 const size_t __len = 42 - 1; 1245 const size_t __idx __unused = __len - 1; 1246 char src[__len]; 1247 1248 memset(__stack.__buf, 0, __len); 1249 memset(src, 'A', __len - 1); 1250 src[__len - 1] = '\0'; 1251 1252 strncat(__stack.__buf, src, __len); 1253 #undef BUF 1254 1255 } 1256 1257 ATF_TC_WITHOUT_HEAD(strncat_end); 1258 ATF_TC_BODY(strncat_end, tc) 1259 { 1260 #define BUF &__stack.__buf 1261 struct { 1262 uint8_t padding_l; 1263 unsigned char __buf[42]; 1264 uint8_t padding_r; 1265 } __stack; 1266 const size_t __bufsz __unused = sizeof(__stack.__buf); 1267 const size_t __len = 42; 1268 const size_t __idx __unused = __len - 1; 1269 char src[__len]; 1270 1271 memset(__stack.__buf, 0, __len); 1272 memset(src, 'A', __len - 1); 1273 src[__len - 1] = '\0'; 1274 1275 strncat(__stack.__buf, src, __len); 1276 #undef BUF 1277 1278 } 1279 1280 ATF_TC_WITHOUT_HEAD(strncat_heap_before_end); 1281 ATF_TC_BODY(strncat_heap_before_end, tc) 1282 { 1283 #define BUF __stack.__buf 1284 struct { 1285 uint8_t padding_l; 1286 unsigned char * __buf; 1287 uint8_t padding_r; 1288 } __stack; 1289 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1290 const size_t __len = 42 - 1; 1291 const size_t __idx __unused = __len - 1; 1292 char src[__len]; 1293 1294 __stack.__buf = malloc(__bufsz); 1295 memset(__stack.__buf, 0, __len); 1296 memset(src, 'A', __len - 1); 1297 src[__len - 1] = '\0'; 1298 1299 strncat(__stack.__buf, src, __len); 1300 #undef BUF 1301 1302 } 1303 1304 ATF_TC_WITHOUT_HEAD(strncat_heap_end); 1305 ATF_TC_BODY(strncat_heap_end, tc) 1306 { 1307 #define BUF __stack.__buf 1308 struct { 1309 uint8_t padding_l; 1310 unsigned char * __buf; 1311 uint8_t padding_r; 1312 } __stack; 1313 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1314 const size_t __len = 42; 1315 const size_t __idx __unused = __len - 1; 1316 char src[__len]; 1317 1318 __stack.__buf = malloc(__bufsz); 1319 memset(__stack.__buf, 0, __len); 1320 memset(src, 'A', __len - 1); 1321 src[__len - 1] = '\0'; 1322 1323 strncat(__stack.__buf, src, __len); 1324 #undef BUF 1325 1326 } 1327 1328 ATF_TC_WITHOUT_HEAD(strncat_heap_after_end); 1329 ATF_TC_BODY(strncat_heap_after_end, tc) 1330 { 1331 #define BUF __stack.__buf 1332 struct { 1333 uint8_t padding_l; 1334 unsigned char * __buf; 1335 uint8_t padding_r; 1336 } __stack; 1337 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1338 const size_t __len = 42 + 1; 1339 const size_t __idx __unused = __len - 1; 1340 pid_t __child; 1341 int __status; 1342 char src[__len]; 1343 1344 __child = fork(); 1345 ATF_REQUIRE(__child >= 0); 1346 if (__child > 0) 1347 goto monitor; 1348 1349 /* Child */ 1350 disable_coredumps(); 1351 __stack.__buf = malloc(__bufsz); 1352 memset(__stack.__buf, 0, __len); 1353 memset(src, 'A', __len - 1); 1354 src[__len - 1] = '\0'; 1355 1356 strncat(__stack.__buf, src, __len); 1357 _exit(EX_SOFTWARE); /* Should have aborted. */ 1358 1359 monitor: 1360 while (waitpid(__child, &__status, 0) != __child) { 1361 ATF_REQUIRE_EQ(EINTR, errno); 1362 } 1363 1364 if (!WIFSIGNALED(__status)) { 1365 switch (WEXITSTATUS(__status)) { 1366 case EX_SOFTWARE: 1367 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1368 break; 1369 case EX_OSERR: 1370 atf_tc_fail("setrlimit(2) failed"); 1371 break; 1372 default: 1373 atf_tc_fail("child exited with status %d", 1374 WEXITSTATUS(__status)); 1375 } 1376 } else { 1377 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1378 } 1379 #undef BUF 1380 1381 } 1382 1383 ATF_TC_WITHOUT_HEAD(strcpy_before_end); 1384 ATF_TC_BODY(strcpy_before_end, tc) 1385 { 1386 #define BUF &__stack.__buf 1387 struct { 1388 uint8_t padding_l; 1389 unsigned char __buf[42]; 1390 uint8_t padding_r; 1391 } __stack; 1392 const size_t __bufsz __unused = sizeof(__stack.__buf); 1393 const size_t __len = 42 - 1; 1394 const size_t __idx __unused = __len - 1; 1395 char src[__len]; 1396 1397 memset(__stack.__buf, 0, __len); 1398 memset(src, 'A', __len - 1); 1399 src[__len - 1] = '\0'; 1400 1401 strcpy(__stack.__buf, src); 1402 #undef BUF 1403 1404 } 1405 1406 ATF_TC_WITHOUT_HEAD(strcpy_end); 1407 ATF_TC_BODY(strcpy_end, tc) 1408 { 1409 #define BUF &__stack.__buf 1410 struct { 1411 uint8_t padding_l; 1412 unsigned char __buf[42]; 1413 uint8_t padding_r; 1414 } __stack; 1415 const size_t __bufsz __unused = sizeof(__stack.__buf); 1416 const size_t __len = 42; 1417 const size_t __idx __unused = __len - 1; 1418 char src[__len]; 1419 1420 memset(__stack.__buf, 0, __len); 1421 memset(src, 'A', __len - 1); 1422 src[__len - 1] = '\0'; 1423 1424 strcpy(__stack.__buf, src); 1425 #undef BUF 1426 1427 } 1428 1429 ATF_TC_WITHOUT_HEAD(strcpy_heap_before_end); 1430 ATF_TC_BODY(strcpy_heap_before_end, tc) 1431 { 1432 #define BUF __stack.__buf 1433 struct { 1434 uint8_t padding_l; 1435 unsigned char * __buf; 1436 uint8_t padding_r; 1437 } __stack; 1438 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1439 const size_t __len = 42 - 1; 1440 const size_t __idx __unused = __len - 1; 1441 char src[__len]; 1442 1443 __stack.__buf = malloc(__bufsz); 1444 memset(__stack.__buf, 0, __len); 1445 memset(src, 'A', __len - 1); 1446 src[__len - 1] = '\0'; 1447 1448 strcpy(__stack.__buf, src); 1449 #undef BUF 1450 1451 } 1452 1453 ATF_TC_WITHOUT_HEAD(strcpy_heap_end); 1454 ATF_TC_BODY(strcpy_heap_end, tc) 1455 { 1456 #define BUF __stack.__buf 1457 struct { 1458 uint8_t padding_l; 1459 unsigned char * __buf; 1460 uint8_t padding_r; 1461 } __stack; 1462 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1463 const size_t __len = 42; 1464 const size_t __idx __unused = __len - 1; 1465 char src[__len]; 1466 1467 __stack.__buf = malloc(__bufsz); 1468 memset(__stack.__buf, 0, __len); 1469 memset(src, 'A', __len - 1); 1470 src[__len - 1] = '\0'; 1471 1472 strcpy(__stack.__buf, src); 1473 #undef BUF 1474 1475 } 1476 1477 ATF_TC_WITHOUT_HEAD(strcpy_heap_after_end); 1478 ATF_TC_BODY(strcpy_heap_after_end, tc) 1479 { 1480 #define BUF __stack.__buf 1481 struct { 1482 uint8_t padding_l; 1483 unsigned char * __buf; 1484 uint8_t padding_r; 1485 } __stack; 1486 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1487 const size_t __len = 42 + 1; 1488 const size_t __idx __unused = __len - 1; 1489 pid_t __child; 1490 int __status; 1491 char src[__len]; 1492 1493 __child = fork(); 1494 ATF_REQUIRE(__child >= 0); 1495 if (__child > 0) 1496 goto monitor; 1497 1498 /* Child */ 1499 disable_coredumps(); 1500 __stack.__buf = malloc(__bufsz); 1501 memset(__stack.__buf, 0, __len); 1502 memset(src, 'A', __len - 1); 1503 src[__len - 1] = '\0'; 1504 1505 strcpy(__stack.__buf, src); 1506 _exit(EX_SOFTWARE); /* Should have aborted. */ 1507 1508 monitor: 1509 while (waitpid(__child, &__status, 0) != __child) { 1510 ATF_REQUIRE_EQ(EINTR, errno); 1511 } 1512 1513 if (!WIFSIGNALED(__status)) { 1514 switch (WEXITSTATUS(__status)) { 1515 case EX_SOFTWARE: 1516 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1517 break; 1518 case EX_OSERR: 1519 atf_tc_fail("setrlimit(2) failed"); 1520 break; 1521 default: 1522 atf_tc_fail("child exited with status %d", 1523 WEXITSTATUS(__status)); 1524 } 1525 } else { 1526 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1527 } 1528 #undef BUF 1529 1530 } 1531 1532 ATF_TC_WITHOUT_HEAD(strlcpy_before_end); 1533 ATF_TC_BODY(strlcpy_before_end, tc) 1534 { 1535 #define BUF &__stack.__buf 1536 struct { 1537 uint8_t padding_l; 1538 unsigned char __buf[42]; 1539 uint8_t padding_r; 1540 } __stack; 1541 const size_t __bufsz __unused = sizeof(__stack.__buf); 1542 const size_t __len = 42 - 1; 1543 const size_t __idx __unused = __len - 1; 1544 char src[__len]; 1545 1546 memset(__stack.__buf, 0, __len); 1547 memset(src, 'A', __len - 1); 1548 src[__len - 1] = '\0'; 1549 1550 strlcpy(__stack.__buf, src, __len); 1551 #undef BUF 1552 1553 } 1554 1555 ATF_TC_WITHOUT_HEAD(strlcpy_end); 1556 ATF_TC_BODY(strlcpy_end, tc) 1557 { 1558 #define BUF &__stack.__buf 1559 struct { 1560 uint8_t padding_l; 1561 unsigned char __buf[42]; 1562 uint8_t padding_r; 1563 } __stack; 1564 const size_t __bufsz __unused = sizeof(__stack.__buf); 1565 const size_t __len = 42; 1566 const size_t __idx __unused = __len - 1; 1567 char src[__len]; 1568 1569 memset(__stack.__buf, 0, __len); 1570 memset(src, 'A', __len - 1); 1571 src[__len - 1] = '\0'; 1572 1573 strlcpy(__stack.__buf, src, __len); 1574 #undef BUF 1575 1576 } 1577 1578 ATF_TC_WITHOUT_HEAD(strlcpy_heap_before_end); 1579 ATF_TC_BODY(strlcpy_heap_before_end, tc) 1580 { 1581 #define BUF __stack.__buf 1582 struct { 1583 uint8_t padding_l; 1584 unsigned char * __buf; 1585 uint8_t padding_r; 1586 } __stack; 1587 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1588 const size_t __len = 42 - 1; 1589 const size_t __idx __unused = __len - 1; 1590 char src[__len]; 1591 1592 __stack.__buf = malloc(__bufsz); 1593 memset(__stack.__buf, 0, __len); 1594 memset(src, 'A', __len - 1); 1595 src[__len - 1] = '\0'; 1596 1597 strlcpy(__stack.__buf, src, __len); 1598 #undef BUF 1599 1600 } 1601 1602 ATF_TC_WITHOUT_HEAD(strlcpy_heap_end); 1603 ATF_TC_BODY(strlcpy_heap_end, tc) 1604 { 1605 #define BUF __stack.__buf 1606 struct { 1607 uint8_t padding_l; 1608 unsigned char * __buf; 1609 uint8_t padding_r; 1610 } __stack; 1611 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1612 const size_t __len = 42; 1613 const size_t __idx __unused = __len - 1; 1614 char src[__len]; 1615 1616 __stack.__buf = malloc(__bufsz); 1617 memset(__stack.__buf, 0, __len); 1618 memset(src, 'A', __len - 1); 1619 src[__len - 1] = '\0'; 1620 1621 strlcpy(__stack.__buf, src, __len); 1622 #undef BUF 1623 1624 } 1625 1626 ATF_TC_WITHOUT_HEAD(strlcpy_heap_after_end); 1627 ATF_TC_BODY(strlcpy_heap_after_end, tc) 1628 { 1629 #define BUF __stack.__buf 1630 struct { 1631 uint8_t padding_l; 1632 unsigned char * __buf; 1633 uint8_t padding_r; 1634 } __stack; 1635 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1636 const size_t __len = 42 + 1; 1637 const size_t __idx __unused = __len - 1; 1638 pid_t __child; 1639 int __status; 1640 char src[__len]; 1641 1642 __child = fork(); 1643 ATF_REQUIRE(__child >= 0); 1644 if (__child > 0) 1645 goto monitor; 1646 1647 /* Child */ 1648 disable_coredumps(); 1649 __stack.__buf = malloc(__bufsz); 1650 memset(__stack.__buf, 0, __len); 1651 memset(src, 'A', __len - 1); 1652 src[__len - 1] = '\0'; 1653 1654 strlcpy(__stack.__buf, src, __len); 1655 _exit(EX_SOFTWARE); /* Should have aborted. */ 1656 1657 monitor: 1658 while (waitpid(__child, &__status, 0) != __child) { 1659 ATF_REQUIRE_EQ(EINTR, errno); 1660 } 1661 1662 if (!WIFSIGNALED(__status)) { 1663 switch (WEXITSTATUS(__status)) { 1664 case EX_SOFTWARE: 1665 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1666 break; 1667 case EX_OSERR: 1668 atf_tc_fail("setrlimit(2) failed"); 1669 break; 1670 default: 1671 atf_tc_fail("child exited with status %d", 1672 WEXITSTATUS(__status)); 1673 } 1674 } else { 1675 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1676 } 1677 #undef BUF 1678 1679 } 1680 1681 ATF_TC_WITHOUT_HEAD(strncpy_before_end); 1682 ATF_TC_BODY(strncpy_before_end, tc) 1683 { 1684 #define BUF &__stack.__buf 1685 struct { 1686 uint8_t padding_l; 1687 unsigned char __buf[42]; 1688 uint8_t padding_r; 1689 } __stack; 1690 const size_t __bufsz __unused = sizeof(__stack.__buf); 1691 const size_t __len = 42 - 1; 1692 const size_t __idx __unused = __len - 1; 1693 char src[__len]; 1694 1695 memset(__stack.__buf, 0, __len); 1696 memset(src, 'A', __len - 1); 1697 src[__len - 1] = '\0'; 1698 1699 strncpy(__stack.__buf, src, __len); 1700 #undef BUF 1701 1702 } 1703 1704 ATF_TC_WITHOUT_HEAD(strncpy_end); 1705 ATF_TC_BODY(strncpy_end, tc) 1706 { 1707 #define BUF &__stack.__buf 1708 struct { 1709 uint8_t padding_l; 1710 unsigned char __buf[42]; 1711 uint8_t padding_r; 1712 } __stack; 1713 const size_t __bufsz __unused = sizeof(__stack.__buf); 1714 const size_t __len = 42; 1715 const size_t __idx __unused = __len - 1; 1716 char src[__len]; 1717 1718 memset(__stack.__buf, 0, __len); 1719 memset(src, 'A', __len - 1); 1720 src[__len - 1] = '\0'; 1721 1722 strncpy(__stack.__buf, src, __len); 1723 #undef BUF 1724 1725 } 1726 1727 ATF_TC_WITHOUT_HEAD(strncpy_heap_before_end); 1728 ATF_TC_BODY(strncpy_heap_before_end, tc) 1729 { 1730 #define BUF __stack.__buf 1731 struct { 1732 uint8_t padding_l; 1733 unsigned char * __buf; 1734 uint8_t padding_r; 1735 } __stack; 1736 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1737 const size_t __len = 42 - 1; 1738 const size_t __idx __unused = __len - 1; 1739 char src[__len]; 1740 1741 __stack.__buf = malloc(__bufsz); 1742 memset(__stack.__buf, 0, __len); 1743 memset(src, 'A', __len - 1); 1744 src[__len - 1] = '\0'; 1745 1746 strncpy(__stack.__buf, src, __len); 1747 #undef BUF 1748 1749 } 1750 1751 ATF_TC_WITHOUT_HEAD(strncpy_heap_end); 1752 ATF_TC_BODY(strncpy_heap_end, tc) 1753 { 1754 #define BUF __stack.__buf 1755 struct { 1756 uint8_t padding_l; 1757 unsigned char * __buf; 1758 uint8_t padding_r; 1759 } __stack; 1760 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1761 const size_t __len = 42; 1762 const size_t __idx __unused = __len - 1; 1763 char src[__len]; 1764 1765 __stack.__buf = malloc(__bufsz); 1766 memset(__stack.__buf, 0, __len); 1767 memset(src, 'A', __len - 1); 1768 src[__len - 1] = '\0'; 1769 1770 strncpy(__stack.__buf, src, __len); 1771 #undef BUF 1772 1773 } 1774 1775 ATF_TC_WITHOUT_HEAD(strncpy_heap_after_end); 1776 ATF_TC_BODY(strncpy_heap_after_end, tc) 1777 { 1778 #define BUF __stack.__buf 1779 struct { 1780 uint8_t padding_l; 1781 unsigned char * __buf; 1782 uint8_t padding_r; 1783 } __stack; 1784 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1785 const size_t __len = 42 + 1; 1786 const size_t __idx __unused = __len - 1; 1787 pid_t __child; 1788 int __status; 1789 char src[__len]; 1790 1791 __child = fork(); 1792 ATF_REQUIRE(__child >= 0); 1793 if (__child > 0) 1794 goto monitor; 1795 1796 /* Child */ 1797 disable_coredumps(); 1798 __stack.__buf = malloc(__bufsz); 1799 memset(__stack.__buf, 0, __len); 1800 memset(src, 'A', __len - 1); 1801 src[__len - 1] = '\0'; 1802 1803 strncpy(__stack.__buf, src, __len); 1804 _exit(EX_SOFTWARE); /* Should have aborted. */ 1805 1806 monitor: 1807 while (waitpid(__child, &__status, 0) != __child) { 1808 ATF_REQUIRE_EQ(EINTR, errno); 1809 } 1810 1811 if (!WIFSIGNALED(__status)) { 1812 switch (WEXITSTATUS(__status)) { 1813 case EX_SOFTWARE: 1814 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1815 break; 1816 case EX_OSERR: 1817 atf_tc_fail("setrlimit(2) failed"); 1818 break; 1819 default: 1820 atf_tc_fail("child exited with status %d", 1821 WEXITSTATUS(__status)); 1822 } 1823 } else { 1824 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1825 } 1826 #undef BUF 1827 1828 } 1829 1830 ATF_TP_ADD_TCS(tp) 1831 { 1832 ATF_TP_ADD_TC(tp, memcpy_before_end); 1833 ATF_TP_ADD_TC(tp, memcpy_end); 1834 ATF_TP_ADD_TC(tp, memcpy_heap_before_end); 1835 ATF_TP_ADD_TC(tp, memcpy_heap_end); 1836 ATF_TP_ADD_TC(tp, memcpy_heap_after_end); 1837 ATF_TP_ADD_TC(tp, mempcpy_before_end); 1838 ATF_TP_ADD_TC(tp, mempcpy_end); 1839 ATF_TP_ADD_TC(tp, mempcpy_heap_before_end); 1840 ATF_TP_ADD_TC(tp, mempcpy_heap_end); 1841 ATF_TP_ADD_TC(tp, mempcpy_heap_after_end); 1842 ATF_TP_ADD_TC(tp, memmove_before_end); 1843 ATF_TP_ADD_TC(tp, memmove_end); 1844 ATF_TP_ADD_TC(tp, memmove_heap_before_end); 1845 ATF_TP_ADD_TC(tp, memmove_heap_end); 1846 ATF_TP_ADD_TC(tp, memmove_heap_after_end); 1847 ATF_TP_ADD_TC(tp, memset_before_end); 1848 ATF_TP_ADD_TC(tp, memset_end); 1849 ATF_TP_ADD_TC(tp, memset_heap_before_end); 1850 ATF_TP_ADD_TC(tp, memset_heap_end); 1851 ATF_TP_ADD_TC(tp, memset_heap_after_end); 1852 ATF_TP_ADD_TC(tp, stpcpy_before_end); 1853 ATF_TP_ADD_TC(tp, stpcpy_end); 1854 ATF_TP_ADD_TC(tp, stpcpy_heap_before_end); 1855 ATF_TP_ADD_TC(tp, stpcpy_heap_end); 1856 ATF_TP_ADD_TC(tp, stpcpy_heap_after_end); 1857 ATF_TP_ADD_TC(tp, stpncpy_before_end); 1858 ATF_TP_ADD_TC(tp, stpncpy_end); 1859 ATF_TP_ADD_TC(tp, stpncpy_heap_before_end); 1860 ATF_TP_ADD_TC(tp, stpncpy_heap_end); 1861 ATF_TP_ADD_TC(tp, stpncpy_heap_after_end); 1862 ATF_TP_ADD_TC(tp, strcat_before_end); 1863 ATF_TP_ADD_TC(tp, strcat_end); 1864 ATF_TP_ADD_TC(tp, strcat_heap_before_end); 1865 ATF_TP_ADD_TC(tp, strcat_heap_end); 1866 ATF_TP_ADD_TC(tp, strcat_heap_after_end); 1867 ATF_TP_ADD_TC(tp, strlcat_before_end); 1868 ATF_TP_ADD_TC(tp, strlcat_end); 1869 ATF_TP_ADD_TC(tp, strlcat_heap_before_end); 1870 ATF_TP_ADD_TC(tp, strlcat_heap_end); 1871 ATF_TP_ADD_TC(tp, strlcat_heap_after_end); 1872 ATF_TP_ADD_TC(tp, strncat_before_end); 1873 ATF_TP_ADD_TC(tp, strncat_end); 1874 ATF_TP_ADD_TC(tp, strncat_heap_before_end); 1875 ATF_TP_ADD_TC(tp, strncat_heap_end); 1876 ATF_TP_ADD_TC(tp, strncat_heap_after_end); 1877 ATF_TP_ADD_TC(tp, strcpy_before_end); 1878 ATF_TP_ADD_TC(tp, strcpy_end); 1879 ATF_TP_ADD_TC(tp, strcpy_heap_before_end); 1880 ATF_TP_ADD_TC(tp, strcpy_heap_end); 1881 ATF_TP_ADD_TC(tp, strcpy_heap_after_end); 1882 ATF_TP_ADD_TC(tp, strlcpy_before_end); 1883 ATF_TP_ADD_TC(tp, strlcpy_end); 1884 ATF_TP_ADD_TC(tp, strlcpy_heap_before_end); 1885 ATF_TP_ADD_TC(tp, strlcpy_heap_end); 1886 ATF_TP_ADD_TC(tp, strlcpy_heap_after_end); 1887 ATF_TP_ADD_TC(tp, strncpy_before_end); 1888 ATF_TP_ADD_TC(tp, strncpy_end); 1889 ATF_TP_ADD_TC(tp, strncpy_heap_before_end); 1890 ATF_TP_ADD_TC(tp, strncpy_heap_end); 1891 ATF_TP_ADD_TC(tp, strncpy_heap_after_end); 1892 return (atf_no_error()); 1893 } 1894