diff options
| author | sin | 2015-04-08 15:18:49 +0100 |
|---|---|---|
| committer | sin | 2015-04-08 15:18:49 +0100 |
| commit | 2bd3091b3636a18360e4c8bc2393daaf475f43cb (patch) | |
| tree | d14503c9c688161cba5f2c14b4e8cbc94a0f8936 /include/string.h | |
| parent | 91a579a42c7acd240a86f6bc428badb38993cde1 (diff) | |
Check for out of bound reads for memcpy, memmove and mempcpy()
Diffstat (limited to '')
| -rw-r--r-- | include/string.h | 91 |
1 files changed, 47 insertions, 44 deletions
diff --git a/include/string.h b/include/string.h index 699fa8a..eca7c63 100644 --- a/include/string.h +++ b/include/string.h | |||
| @@ -19,42 +19,44 @@ extern "C" { | |||
| 19 | 19 | ||
| 20 | __typeof__(memcpy) __memcpy_orig __asm__(__USER_LABEL_PREFIX__ "memcpy"); | 20 | __typeof__(memcpy) __memcpy_orig __asm__(__USER_LABEL_PREFIX__ "memcpy"); |
| 21 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 21 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 22 | void *memcpy(void *dest, const void *src, size_t n) | 22 | void *memcpy(void *dst, const void *src, size_t n) |
| 23 | { | 23 | { |
| 24 | size_t bos = __builtin_object_size(dest, 0); | 24 | size_t bos_dst = __builtin_object_size(dst, 0); |
| 25 | char *d = (char *)dest; | 25 | size_t bos_src = __builtin_object_size(src, 0); |
| 26 | char *d = (char *)dst; | ||
| 26 | const char *s = (const char *)src; | 27 | const char *s = (const char *)src; |
| 27 | 28 | ||
| 28 | /* trap if pointers are overlapping but not if dest == src. | 29 | /* trap if pointers are overlapping but not if dst == src. |
| 29 | * gcc seems to like to generate code that relies on dest == src */ | 30 | * gcc seems to like to generate code that relies on dst == src */ |
| 30 | if ((d < s && d + n > s) || | 31 | if ((d < s && d + n > s) || |
| 31 | (s < d && s + n > d)) | 32 | (s < d && s + n > d)) |
| 32 | __builtin_trap(); | 33 | __builtin_trap(); |
| 33 | if (n > bos) | 34 | if (n > bos_dst || n > bos_src) |
| 34 | __builtin_trap(); | 35 | __builtin_trap(); |
| 35 | return __memcpy_orig(dest, src, n); | 36 | return __memcpy_orig(dst, src, n); |
| 36 | } | 37 | } |
| 37 | 38 | ||
| 38 | __typeof__(memmove) __memmove_orig __asm__(__USER_LABEL_PREFIX__ "memmove"); | 39 | __typeof__(memmove) __memmove_orig __asm__(__USER_LABEL_PREFIX__ "memmove"); |
| 39 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 40 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 40 | void *memmove(void *dest, const void *src, size_t n) | 41 | void *memmove(void *dst, const void *src, size_t n) |
| 41 | { | 42 | { |
| 42 | size_t bos = __builtin_object_size(dest, 0); | 43 | size_t bos_dst = __builtin_object_size(dst, 0); |
| 44 | size_t bos_src = __builtin_object_size(src, 0); | ||
| 43 | 45 | ||
| 44 | if (n > bos) | 46 | if (n > bos_dst || n > bos_src) |
| 45 | __builtin_trap(); | 47 | __builtin_trap(); |
| 46 | return __memmove_orig(dest, src, n); | 48 | return __memmove_orig(dst, src, n); |
| 47 | } | 49 | } |
| 48 | 50 | ||
| 49 | __typeof__(memset) __memset_orig __asm__(__USER_LABEL_PREFIX__ "memset"); | 51 | __typeof__(memset) __memset_orig __asm__(__USER_LABEL_PREFIX__ "memset"); |
| 50 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 52 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 51 | void *memset(void *dest, int c, size_t n) | 53 | void *memset(void *dst, int c, size_t n) |
| 52 | { | 54 | { |
| 53 | size_t bos = __builtin_object_size(dest, 0); | 55 | size_t bos = __builtin_object_size(dst, 0); |
| 54 | 56 | ||
| 55 | if (n > bos) | 57 | if (n > bos) |
| 56 | __builtin_trap(); | 58 | __builtin_trap(); |
| 57 | return __memset_orig(dest, c, n); | 59 | return __memset_orig(dst, c, n); |
| 58 | } | 60 | } |
| 59 | 61 | ||
| 60 | #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ | 62 | #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ |
| @@ -63,90 +65,91 @@ void *memset(void *dest, int c, size_t n) | |||
| 63 | #undef stpcpy | 65 | #undef stpcpy |
| 64 | __typeof__(stpcpy) __stpcpy_orig __asm__(__USER_LABEL_PREFIX__ "stpcpy"); | 66 | __typeof__(stpcpy) __stpcpy_orig __asm__(__USER_LABEL_PREFIX__ "stpcpy"); |
| 65 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 67 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 66 | char *stpcpy(char *dest, const char *src) | 68 | char *stpcpy(char *dst, const char *src) |
| 67 | { | 69 | { |
| 68 | size_t bos = __builtin_object_size(dest, 0); | 70 | size_t bos = __builtin_object_size(dst, 0); |
| 69 | 71 | ||
| 70 | if (strlen(src) + 1 > bos) | 72 | if (strlen(src) + 1 > bos) |
| 71 | __builtin_trap(); | 73 | __builtin_trap(); |
| 72 | return __stpcpy_orig(dest, src); | 74 | return __stpcpy_orig(dst, src); |
| 73 | } | 75 | } |
| 74 | 76 | ||
| 75 | #undef stpncpy | 77 | #undef stpncpy |
| 76 | __typeof__(stpncpy) __stpncpy_orig __asm__(__USER_LABEL_PREFIX__ "stpncpy"); | 78 | __typeof__(stpncpy) __stpncpy_orig __asm__(__USER_LABEL_PREFIX__ "stpncpy"); |
| 77 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 79 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 78 | char *stpncpy(char *dest, const char *src, size_t n) | 80 | char *stpncpy(char *dst, const char *src, size_t n) |
| 79 | { | 81 | { |
| 80 | size_t bos = __builtin_object_size(dest, 0); | 82 | size_t bos = __builtin_object_size(dst, 0); |
| 81 | 83 | ||
| 82 | if (n > bos) | 84 | if (n > bos) |
| 83 | __builtin_trap(); | 85 | __builtin_trap(); |
| 84 | return __stpncpy_orig(dest, src, n); | 86 | return __stpncpy_orig(dst, src, n); |
| 85 | } | 87 | } |
| 86 | #endif | 88 | #endif |
| 87 | 89 | ||
| 88 | __typeof__(strcat) __strcat_orig __asm__(__USER_LABEL_PREFIX__ "strcat"); | 90 | __typeof__(strcat) __strcat_orig __asm__(__USER_LABEL_PREFIX__ "strcat"); |
| 89 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 91 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 90 | char *strcat(char *dest, const char *src) | 92 | char *strcat(char *dst, const char *src) |
| 91 | { | 93 | { |
| 92 | size_t bos = __builtin_object_size(dest, 0); | 94 | size_t bos = __builtin_object_size(dst, 0); |
| 93 | 95 | ||
| 94 | if (strlen(src) + strlen(dest) + 1 > bos) | 96 | if (strlen(src) + strlen(dst) + 1 > bos) |
| 95 | __builtin_trap(); | 97 | __builtin_trap(); |
| 96 | return __strcat_orig(dest, src); | 98 | return __strcat_orig(dst, src); |
| 97 | } | 99 | } |
| 98 | 100 | ||
| 99 | __typeof__(strcpy) __strcpy_orig __asm__(__USER_LABEL_PREFIX__ "strcpy"); | 101 | __typeof__(strcpy) __strcpy_orig __asm__(__USER_LABEL_PREFIX__ "strcpy"); |
| 100 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 102 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 101 | char *strcpy(char *dest, const char *src) | 103 | char *strcpy(char *dst, const char *src) |
| 102 | { | 104 | { |
| 103 | size_t bos = __builtin_object_size(dest, 0); | 105 | size_t bos = __builtin_object_size(dst, 0); |
| 104 | 106 | ||
| 105 | if (strlen(src) + 1 > bos) | 107 | if (strlen(src) + 1 > bos) |
| 106 | __builtin_trap(); | 108 | __builtin_trap(); |
| 107 | return __strcpy_orig(dest, src); | 109 | return __strcpy_orig(dst, src); |
| 108 | } | 110 | } |
| 109 | 111 | ||
| 110 | __typeof__(strncat) __strncat_orig __asm__(__USER_LABEL_PREFIX__ "strncat"); | 112 | __typeof__(strncat) __strncat_orig __asm__(__USER_LABEL_PREFIX__ "strncat"); |
| 111 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 113 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 112 | char *strncat(char *dest, const char *src, size_t n) | 114 | char *strncat(char *dst, const char *src, size_t n) |
| 113 | { | 115 | { |
| 114 | size_t bos = __builtin_object_size(dest, 0); | 116 | size_t bos = __builtin_object_size(dst, 0); |
| 115 | size_t slen, dlen; | 117 | size_t slen, dlen; |
| 116 | 118 | ||
| 117 | if (n > bos) { | 119 | if (n > bos) { |
| 118 | slen = strlen(src); | 120 | slen = strlen(src); |
| 119 | dlen = strlen(dest); | 121 | dlen = strlen(dst); |
| 120 | if (slen > n) | 122 | if (slen > n) |
| 121 | slen = n; | 123 | slen = n; |
| 122 | if (slen + dlen + 1 > bos) | 124 | if (slen + dlen + 1 > bos) |
| 123 | __builtin_trap(); | 125 | __builtin_trap(); |
| 124 | } | 126 | } |
| 125 | return __strncat_orig(dest, src, n); | 127 | return __strncat_orig(dst, src, n); |
| 126 | } | 128 | } |
| 127 | 129 | ||
| 128 | __typeof__(strncpy) __strncpy_orig __asm__(__USER_LABEL_PREFIX__ "strncpy"); | 130 | __typeof__(strncpy) __strncpy_orig __asm__(__USER_LABEL_PREFIX__ "strncpy"); |
| 129 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 131 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 130 | char *strncpy(char *dest, const char *src, size_t n) | 132 | char *strncpy(char *dst, const char *src, size_t n) |
| 131 | { | 133 | { |
| 132 | size_t bos = __builtin_object_size(dest, 0); | 134 | size_t bos = __builtin_object_size(dst, 0); |
| 133 | 135 | ||
| 134 | if (n > bos) | 136 | if (n > bos) |
| 135 | __builtin_trap(); | 137 | __builtin_trap(); |
| 136 | return __strncpy_orig(dest, src, n); | 138 | return __strncpy_orig(dst, src, n); |
| 137 | } | 139 | } |
| 138 | 140 | ||
| 139 | #ifdef _GNU_SOURCE | 141 | #ifdef _GNU_SOURCE |
| 140 | #undef mempcpy | 142 | #undef mempcpy |
| 141 | __typeof__(mempcpy) __mempcpy_orig __asm__(__USER_LABEL_PREFIX__ "mempcpy"); | 143 | __typeof__(mempcpy) __mempcpy_orig __asm__(__USER_LABEL_PREFIX__ "mempcpy"); |
| 142 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 144 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 143 | void *mempcpy(void *dest, const void *src, size_t n) | 145 | void *mempcpy(void *dst, const void *src, size_t n) |
| 144 | { | 146 | { |
| 145 | size_t bos = __builtin_object_size(dest, 0); | 147 | size_t bos_dst = __builtin_object_size(dst, 0); |
| 148 | size_t bos_src = __builtin_object_size(src, 0); | ||
| 146 | 149 | ||
| 147 | if (n > bos) | 150 | if (n > bos_dst || n > bos_src) |
| 148 | __builtin_trap(); | 151 | __builtin_trap(); |
| 149 | return __mempcpy_orig(dest, src, n); | 152 | return __mempcpy_orig(dst, src, n); |
| 150 | } | 153 | } |
| 151 | #endif | 154 | #endif |
| 152 | 155 | ||
| @@ -155,24 +158,24 @@ void *mempcpy(void *dest, const void *src, size_t n) | |||
| 155 | #undef strlcpy | 158 | #undef strlcpy |
| 156 | __typeof__(strlcat) __strlcat_orig __asm__(__USER_LABEL_PREFIX__ "strlcat"); | 159 | __typeof__(strlcat) __strlcat_orig __asm__(__USER_LABEL_PREFIX__ "strlcat"); |
| 157 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 160 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 158 | size_t strlcat(char *dest, const char *src, size_t n) | 161 | size_t strlcat(char *dst, const char *src, size_t n) |
| 159 | { | 162 | { |
| 160 | size_t bos = __builtin_object_size(dest, 0); | 163 | size_t bos = __builtin_object_size(dst, 0); |
| 161 | 164 | ||
| 162 | if (n > bos) | 165 | if (n > bos) |
| 163 | __builtin_trap(); | 166 | __builtin_trap(); |
| 164 | return __strlcat_orig(dest, src, n); | 167 | return __strlcat_orig(dst, src, n); |
| 165 | } | 168 | } |
| 166 | 169 | ||
| 167 | __typeof__(strlcpy) __strlcpy_orig __asm__(__USER_LABEL_PREFIX__ "strlcpy"); | 170 | __typeof__(strlcpy) __strlcpy_orig __asm__(__USER_LABEL_PREFIX__ "strlcpy"); |
| 168 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) | 171 | extern __inline __attribute__((__always_inline__,__gnu_inline__,__artificial__)) |
| 169 | size_t strlcpy(char *dest, const char *src, size_t n) | 172 | size_t strlcpy(char *dst, const char *src, size_t n) |
| 170 | { | 173 | { |
| 171 | size_t bos = __builtin_object_size(dest, 0); | 174 | size_t bos = __builtin_object_size(dst, 0); |
| 172 | 175 | ||
| 173 | if (n > bos) | 176 | if (n > bos) |
| 174 | __builtin_trap(); | 177 | __builtin_trap(); |
| 175 | return __strlcpy_orig(dest, src, n); | 178 | return __strlcpy_orig(dst, src, n); |
| 176 | } | 179 | } |
| 177 | #endif | 180 | #endif |
| 178 | 181 | ||