From b5cc329c4fb831ce99cd683caf3c5b5114c90010 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Mon, 18 Oct 2004 04:17:19 +0000
Subject: 2004-10-15  Jakub Jelinek  <jakub@redhat.com>

	* elf/dl-minimal.c (__chk_fail): New.  Add rtld_hidden_def.
	* sysdeps/unix/sysv/linux/readonly-area.c: New file.
	* sysdeps/i386/i686/memmove.S (__memmove_chk): Add checking
	routine.
	* sysdeps/i386/i686/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/i386/i686/mempcpy.S (__mempcpy_chk): Likewise.
	* sysdeps/i386/i686/memset.S (__memset_chk): Likewise.
	* sysdeps/i386/i686/memmove-chk.S: New file.
	* sysdeps/i386/i686/memcpy-chk.S: Likewise.
	* sysdeps/i386/i686/mempcpy-chk.S: Likewise.
	* sysdeps/i386/i686/memset-chk.S: Likewise.
	* sysdeps/generic/strcat-chk.c (__strcat_chk): Don't __chk_fail
	if exactly fitting into buffer.
	* sysdeps/generic/strncat-chk.c (__strncat_chk): Likewise.
	* sysdeps/generic/readonly-area.c: New file.
	* sysdeps/generic/strncpy-chk.c (__strncpy_chk): Only test
	destlen once.
	* sysdeps/x86_64/memset.S (__memset_chk): Add checking routine.
	* sysdeps/x86_64/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/x86_64/mempcpy.S (__memcpy_chk): Define to __mempcpy_chk.
	* sysdeps/x86_64/memcpy-chk.S: New file.
	* sysdeps/x86_64/mempcpy-chk.S: Likewise.
	* sysdeps/x86_64/memset-chk.S: Likewise.
	* sysdeps/x86_64/strcpy-chk.S: Likewise.
	* sysdeps/x86_64/stpcpy-chk.S: Likewise.
	* argp/argp-xinl.c (__OPTIMIZE__): Define to 1 instead of nothing.
	* argp/argp-fs-xinl.c (__OPTIMIZE__): Likewise.
	* debug/tst-chk1.c: New test.
	* debug/tst-chk2.c: Likewise.
	* debug/tst-chk3.c: Likewise.
	* debug/test-strcpy_chk.c: Likewise.
	* debug/test-stpcpy_chk.c: Likewise.
	* debug/vsprintf_chk.c (__vsprintf_chk): If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* debug/Makefile (routines): Add printf_chk, fprintf_chk, vprintf_chk,
	vfprintf_chk, gets_chk and readonly-area.
	(CFLAGS-*_chk.c): Set.
	(tests): Add tst-chk1, tst-chk2, tst-chk3, test-strcpy_chk and
	test-stpcpy_chk.
	* debug/vprintf_chk.c: New file.
	* debug/printf_chk.c: Likewise.
	* debug/vfprintf_chk.c: Likewise.
	* debug/fprintf_chk.c: Likewise.
	* debug/gets_chk.c: Likewise.
	* debug/chk_fail.c (__chk_fail): Add libc_hidden_def.
	* debug/snprintf_chk.c (__snprintf_chk): Fix order of arguments
	passed to __vsnprintf_chk.
	* debug/Versions (libc): Export __printf_chk, __fprintf_chk,
	__vprintf_chk, __vfprintf_chk and __gets_chk @GLIBC_2.3.4.
	* debug/vsnprintf_chk.c (__vsnprintf_chk): Don't call
	__vsnprintf, instead create a temporary file with
	_IO_strn_jumps jumptable.  If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* libio/Makefile (headers): Add bits/stdio2.h.
	* libio/stdio.h: Include <bits/stdio2.h> if __USE_FORTIFY_LEVEL.
	(sprintf, snprintf, vsprintf, vsnprintf): Remove defines.
	* libio/strfile.h (_IO_strnfile): New type.
	(_IO_strn_jumps): New extern.
	* libio/vsnprintf.c (_IO_strnfile): Remove.
	(_IO_strn_jumps): Remove static.
	* libio/bits/stdio2.h: New file.
	* libio/vswprintf.c (_IO_strnfile): Rename type to...
	(_IO_wstrnfile): ...this.  Adjust all uses.
	* libio/libio.h (_IO_FLAGS2_CHECK_PERCENT_N): Define.
	* stdio-common/vfprintf.c (STR_LEN): Define.
	(vfprintf): Add readonly_format variable.
	Handle _IO_FLAGS2_CHECK_PERCENT_N.
	(buffered_vfprintf): Copy _flags2.
	* include/stdio.h (__sprintf_chk, __snprintf_chk, __vsprintf_chk,
	__vsnprintf_chk, __printf_chk, __fprintf_chk, __vprintf_chk,
	__vfprintf_chk): New prototypes.
	(__vsprintf_chk, __vsnprintf_chk): Add libc_hidden_proto.
	* include/string.h (__memcpy_chk, __memmove_chk, __mempcpy_chk,
	__memset_chk, __strcpy_chk, __stpcpy_chk, __strncpy_chk, __strcat_chk,
	__strncat_chk): New prototypes.
	* include/bits/string3.h: New file.
	* include/sys/cdefs.h (__chk_fail): Add libc_hidden_proto
	and rtld_hidden_proto.
	* string/Makefile (headers): Add bits/string3.h.
	* string/bits/string3.h (bcopy, bzero): New defines.
	(memset, memcpy, memmove, strcpy, strncpy, strcat, strncat): Change
	macros so that inlines are used only if unknown destination size
	or side-effects in destination argument.
	(mempcpy, stpcpy): Likewise.  Protect with #ifdef __USE_GNU.

2004-09-16  Ulrich Drepper  <drepper@redhat.com>

	* debug/Makefile (routines): Add *_chk.
	* debug/Versions (libc): Export __chk_fail, __memcpy_chk,
	__memmove_chk, __mempcpy_chk, __memset_chk, __stpcpy_chk,
	__strcat_chk, __strcpy_chk, __strncat_chk, __strncpy_chk,
	__sprintf_chk, __vsprintf_chk, __snprintf_chk, __vsnprintf_chk
	@GLIBC_2.3.4.
	* debug/chk_fail.c: New file.
	* debug/snprintf_chk.c: Likewise.
	* debug/sprintf_chk.c: Likewise.
	* debug/vsnprintf_chk.c: Likewise.
	* debug/vsprintf_chk.c: Likewise.
	* include/features.h (_FORTIFY_SOURCE): Document, handle.
	(__USE_FORTIFY_LEVEL): Define.
	(__GNUC_PREREQ): Move to earlier location.
	* include/sys/cdefs.h (__chk_fail): New prototype.
	* libio/bits/stdio.h (sprintf, vsprintf, snprintf, vsnprintf):
	Define if __USE_FORTIFY_LEVEL.
	* misc/sys/cdefs.h (__bos, __bos0): Define.
	* string/string.h: Include <bits/string3.h> if __USE_FORTIFY_LEVEL.
	* bits/string/string3.h: New header.
	* sysdeps/generic/memcpy_chk.c: New file.
	* sysdeps/generic/memmove_chk.c: Likewise.
	* sysdeps/generic/mempcpy_chk.c: Likewise.
	* sysdeps/generic/memset_chk.c: Likewise.
	* sysdeps/generic/stpcpy_chk.c: Likewise.
	* sysdeps/generic/strcat_chk.c: Likewise.
	* sysdeps/generic/strcpy_chk.c: Likewise.
	* sysdeps/generic/strncat_chk.c: Likewise.
	* sysdeps/generic/strncpy_chk.c: Likewise.
2004-10-15  Jakub Jelinek  <jakub@redhat.com>

	* elf/dl-minimal.c (__chk_fail): New.  Add rtld_hidden_def.
	* sysdeps/unix/sysv/linux/readonly-area.c: New file.
	* sysdeps/i386/i686/memmove.S (__memmove_chk): Add checking
	routine.
	* sysdeps/i386/i686/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/i386/i686/mempcpy.S (__mempcpy_chk): Likewise.
	* sysdeps/i386/i686/memset.S (__memset_chk): Likewise.
	* sysdeps/i386/i686/memmove-chk.S: New file.
	* sysdeps/i386/i686/memcpy-chk.S: Likewise.
	* sysdeps/i386/i686/mempcpy-chk.S: Likewise.
	* sysdeps/i386/i686/memset-chk.S: Likewise.
	* sysdeps/generic/strcat-chk.c (__strcat_chk): Don't __chk_fail
	if exactly fitting into buffer.
	* sysdeps/generic/strncat-chk.c (__strncat_chk): Likewise.
	* sysdeps/generic/readonly-area.c: New file.
	* sysdeps/generic/strncpy-chk.c (__strncpy_chk): Only test
	destlen once.
	* sysdeps/x86_64/memset.S (__memset_chk): Add checking routine.
	* sysdeps/x86_64/memcpy.S (__memcpy_chk): Likewise.
	* sysdeps/x86_64/mempcpy.S (__memcpy_chk): Define to __mempcpy_chk.
	* sysdeps/x86_64/memcpy-chk.S: New file.
	* sysdeps/x86_64/mempcpy-chk.S: Likewise.
	* sysdeps/x86_64/memset-chk.S: Likewise.
	* sysdeps/x86_64/strcpy-chk.S: Likewise.
	* sysdeps/x86_64/stpcpy-chk.S: Likewise.
	* argp/argp-xinl.c (__OPTIMIZE__): Define to 1 instead of nothing.
	* argp/argp-fs-xinl.c (__OPTIMIZE__): Likewise.
	* debug/tst-chk1.c: New test.
	* debug/tst-chk2.c: Likewise.
	* debug/tst-chk3.c: Likewise.
	* debug/test-strcpy_chk.c: Likewise.
	* debug/test-stpcpy_chk.c: Likewise.
	* debug/vsprintf_chk.c (__vsprintf_chk): If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* debug/Makefile (routines): Add printf_chk, fprintf_chk, vprintf_chk,
	vfprintf_chk, gets_chk and readonly-area.
	(CFLAGS-*_chk.c): Set.
	(tests): Add tst-chk1, tst-chk2, tst-chk3, test-strcpy_chk and
	test-stpcpy_chk.
	* debug/vprintf_chk.c: New file.
	* debug/printf_chk.c: Likewise.
	* debug/vfprintf_chk.c: Likewise.
	* debug/fprintf_chk.c: Likewise.
	* debug/gets_chk.c: Likewise.
	* debug/chk_fail.c (__chk_fail): Add libc_hidden_def.
	* debug/snprintf_chk.c (__snprintf_chk): Fix order of arguments
	passed to __vsnprintf_chk.
	* debug/Versions (libc): Export __printf_chk, __fprintf_chk,
	__vprintf_chk, __vfprintf_chk and __gets_chk @GLIBC_2.3.4.
	* debug/vsnprintf_chk.c (__vsnprintf_chk): Don't call
	__vsnprintf, instead create a temporary file with
	_IO_strn_jumps jumptable.  If flags > 0, request
	_IO_FLAGS2_CHECK_PERCENT_N.  Add libc_hidden_def.
	* libio/Makefile (headers): Add bits/stdio2.h.
	* libio/stdio.h: Include <bits/stdio2.h> if __USE_FORTIFY_LEVEL.
	(sprintf, snprintf, vsprintf, vsnprintf): Remove defines.
	* libio/strfile.h (_IO_strnfile): New type.
	(_IO_strn_jumps): New extern.
	* libio/vsnprintf.c (_IO_strnfile): Remove.
	(_IO_strn_jumps): Remove static.
	* libio/bits/stdio2.h: New file.
	* libio/vswprintf.c (_IO_strnfile): Rename type to...
	(_IO_wstrnfile): ...this.  Adjust all uses.
	* libio/libio.h (_IO_FLAGS2_CHECK_PERCENT_N): Define.
	* stdio-common/vfprintf.c (STR_LEN): Define.
	(vfprintf): Add readonly_format variable.
	Handle _IO_FLAGS2_CHECK_PERCENT_N.
	(buffered_vfprintf): Copy _flags2.
	* include/stdio.h (__sprintf_chk, __snprintf_chk, __vsprintf_chk,
	__vsnprintf_chk, __printf_chk, __fprintf_chk, __vprintf_chk,
	__vfprintf_chk): New prototypes.
	(__vsprintf_chk, __vsnprintf_chk): Add libc_hidden_proto.
	* include/string.h (__memcpy_chk, __memmove_chk, __mempcpy_chk,
	__memset_chk, __strcpy_chk, __stpcpy_chk, __strncpy_chk, __strcat_chk,
	__strncat_chk): New prototypes.
	* include/bits/string3.h: New file.
	* include/sys/cdefs.h (__chk_fail): Add libc_hidden_proto
	and rtld_hidden_proto.
	* string/Makefile (headers): Add bits/string3.h.
	* string/bits/string3.h (bcopy, bzero): New defines.
	(memset, memcpy, memmove, strcpy, strncpy, strcat, strncat): Change
	macros so that inlines are used only if unknown destination size
	or side-effects in destination argument.
	(mempcpy, stpcpy): Likewise.  Protect with #ifdef __USE_GNU.

2004-09-16  Ulrich Drepper  <drepper@redhat.com>

	* debug/Makefile (routines): Add *_chk.
	* debug/Versions (libc): Export __chk_fail, __memcpy_chk,
	__memmove_chk, __mempcpy_chk, __memset_chk, __stpcpy_chk,
	__strcat_chk, __strcpy_chk, __strncat_chk, __strncpy_chk,
	__sprintf_chk, __vsprintf_chk, __snprintf_chk, __vsnprintf_chk
	@GLIBC_2.3.4.
	* debug/chk_fail.c: New file.
	* debug/snprintf_chk.c: Likewise.
	* debug/sprintf_chk.c: Likewise.
	* debug/vsnprintf_chk.c: Likewise.
	* debug/vsprintf_chk.c: Likewise.
	* include/features.h (_FORTIFY_SOURCE): Document, handle.
	(__USE_FORTIFY_LEVEL): Define.
	(__GNUC_PREREQ): Move to earlier location.
	* include/sys/cdefs.h (__chk_fail): New prototype.
	* libio/bits/stdio.h (sprintf, vsprintf, snprintf, vsnprintf):
	Define if __USE_FORTIFY_LEVEL.
	* misc/sys/cdefs.h (__bos, __bos0): Define.
	* string/string.h: Include <bits/string3.h> if __USE_FORTIFY_LEVEL.
	* bits/string/string3.h: New header.
	* sysdeps/generic/memcpy_chk.c: New file.
	* sysdeps/generic/memmove_chk.c: Likewise.
	* sysdeps/generic/mempcpy_chk.c: Likewise.
	* sysdeps/generic/memset_chk.c: Likewise.
	* sysdeps/generic/stpcpy_chk.c: Likewise.
	* sysdeps/generic/strcat_chk.c: Likewise.
	* sysdeps/generic/strcpy_chk.c: Likewise.
	* sysdeps/generic/strncat_chk.c: Likewise.
	* sysdeps/generic/strncpy_chk.c: Likewise.
---
 string/Makefile       |   2 +-
 string/bits/string3.h | 167 ++++++++++++++++++++++++++++++++++++++++++++++++++
 string/string.h       |   5 ++
 3 files changed, 173 insertions(+), 1 deletion(-)
 create mode 100644 string/bits/string3.h

(limited to 'string')

diff --git a/string/Makefile b/string/Makefile
index 5ab487f5ba..66469f586e 100644
--- a/string/Makefile
+++ b/string/Makefile
@@ -23,7 +23,7 @@ subdir	:= string
 
 headers	:= string.h strings.h memory.h endian.h bits/endian.h \
 	   argz.h envz.h byteswap.h bits/byteswap.h bits/string.h \
-	   bits/string2.h
+	   bits/string2.h bits/string3.h
 
 routines	:= strcat strchr strcmp strcoll strcpy strcspn		\
 		   strverscmp strdup strndup				\
diff --git a/string/bits/string3.h b/string/bits/string3.h
new file mode 100644
index 0000000000..87cbe35bb1
--- /dev/null
+++ b/string/bits/string3.h
@@ -0,0 +1,167 @@
+/* Copyright (C) 2004 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#ifndef _STRING_H
+# error "Never use <bits/string3.h> directly; include <string.h> instead."
+#endif
+
+/* XXX This is temporarily.  We should not redefine any of the symbols
+   and instead integrate the error checking into the original
+   definitions.  */
+#undef memcpy
+#undef memmove
+#undef memset
+#undef strcat
+#undef strcpy
+#undef strncat
+#undef strncpy
+#ifdef __USE_GNU
+# undef mempcpy
+# undef stpcpy
+#endif
+#ifdef __USE_BSD
+# undef bcopy
+# undef bzero
+#endif
+
+
+#define memcpy(dest, src, len) \
+  ((__bos0 (dest) != (size_t) -1)					\
+   ? __builtin___memcpy_chk (dest, src, len, __bos0 (dest))		\
+   : __memcpy_ichk (dest, src, len))
+static __inline__ void *
+__attribute__ ((__always_inline__))
+__memcpy_ichk (void *__restrict __dest, const void *__restrict __src,
+	       size_t __len)
+{
+  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
+}
+
+
+#define memmove(dest, src, len) \
+  ((__bos0 (dest) != (size_t) -1)					\
+   ? __builtin___memmove_chk (dest, src, len, __bos0 (dest))		\
+   : __memmove_ichk (dest, src, len))
+static __inline__ void *
+__attribute__ ((__always_inline__))
+__memmove_ichk (void *__dest, const void *__src, size_t __len)
+{
+  return __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
+}
+
+
+#ifdef __USE_GNU
+# define mempcpy(dest, src, len) \
+  ((__bos0 (dest) != (size_t) -1)					\
+   ? __builtin___mempcpy_chk (dest, src, len, __bos0 (dest))		\
+   : __mempcpy_ichk (dest, src, len))
+static __inline__ void *
+__attribute__ ((__always_inline__))
+__mempcpy_ichk (void *__restrict __dest, const void *__restrict __src,
+		size_t __len)
+{
+  return __builtin___mempcpy_chk (__dest, __src, __len, __bos0 (__dest));
+}
+#endif
+
+
+#define memset(dest, ch, len) \
+  ((__bos0 (dest) != (size_t) -1)					\
+   ? __builtin___memset_chk (dest, ch, len, __bos0 (dest))		\
+   : __memset_ichk (dest, ch, len))
+static __inline__ void *
+__attribute__ ((__always_inline__))
+__memset_ichk (void *__dest, int __ch, size_t __len)
+{
+  return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
+}
+
+#ifdef __USE_BSD
+# define bcopy(src, dest, len) ((void) \
+  ((__bos0 (dest) != (size_t) -1)					\
+   ? __builtin___memmove_chk (dest, src, len, __bos0 (dest))		\
+   : __memmove_ichk (dest, src, len)))
+# define bzero(dest, len) ((void) \
+  ((__bos0 (dest) != (size_t) -1)					\
+   ? __builtin___memset_chk (dest, '\0', len, __bos0 (dest))		\
+   : __memset_ichk (dest, '\0', len)))
+#endif
+
+
+#define strcpy(dest, src) \
+  ((__bos (dest) != (size_t) -1)					\
+   ? __builtin___strcpy_chk (dest, src, __bos (dest))			\
+   : __strcpy_ichk (dest, src))
+static __inline__ char *
+__attribute__ ((__always_inline__))
+__strcpy_ichk (char *__restrict __dest, const char *__restrict __src)
+{
+  return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
+}
+
+
+#ifdef __USE_GNU
+# define stpcpy(dest, src) \
+  ((__bos (dest) != (size_t) -1)					\
+   ? __builtin___stpcpy_chk (dest, src, __bos (dest))			\
+   : __stpcpy_ichk (dest, src))
+static __inline__ char *
+__attribute__ ((__always_inline__))
+__stpcpy_ichk (char *__restrict __dest, const char *__restrict __src)
+{
+  return __builtin___stpcpy_chk (__dest, __src, __bos (__dest));
+}
+#endif
+
+
+#define strncpy(dest, src, len) \
+  ((__bos (dest) != (size_t) -1)					\
+   ? __builtin___strncpy_chk (dest, src, len, __bos (dest))		\
+   : __strncpy_ichk (dest, src, len))
+static __inline__ char *
+__attribute__ ((__always_inline__))
+__strncpy_ichk (char *__restrict __dest, const char *__restrict __src,
+		size_t __len)
+{
+  return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
+}
+
+
+#define strcat(dest, src) \
+  ((__bos (dest) != (size_t) -1)					\
+   ? __builtin___strcat_chk (dest, src, __bos (dest))			\
+   : __strcat_ichk (dest, src))
+static __inline__ char *
+__attribute__ ((__always_inline__))
+__strcat_ichk (char *__restrict __dest, const char *__restrict __src)
+{
+  return __builtin___strcat_chk (__dest, __src, __bos (__dest));
+}
+
+
+#define strncat(dest, src, len) \
+  ((__bos (dest) != (size_t) -1)					\
+   ? __builtin___strncat_chk (dest, src, len, __bos (dest))		\
+   : __strncat_ichk (dest, src, len))
+static __inline__ char *
+__attribute__ ((__always_inline__))
+__strncat_ichk (char *__restrict __dest, const char *__restrict __src,
+		size_t __len)
+{
+  return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
+}
diff --git a/string/string.h b/string/string.h
index 4ea3a74ca7..1adf925bb0 100644
--- a/string/string.h
+++ b/string/string.h
@@ -416,6 +416,11 @@ extern char *basename (__const char *__filename) __THROW __nonnull ((1));
 /* These are generic optimizations which do not add too much inline code.  */
 #  include <bits/string2.h>
 # endif
+
+# if __USE_FORTIFY_LEVEL > 0 && !defined __cplusplus
+/* Functions with security checks.  */
+#  include <bits/string3.h>
+# endif
 #endif
 
 __END_DECLS
-- 
cgit v1.2.3