# fortify needs at least -O1, but -O2 is recommended anyway
);
my @def_cflags_stack = (
- '-fstack-protector',
+ '-fstack-protector', # keep first, used by cflags_stack_broken()
'--param[= ]ssp-buffer-size=4',
);
my @def_cflags_stack_strong = (
- '-fstack-protector-strong',
+ '-fstack-protector-strong', # keep first, used by cflags_stack_broken()
+);
+my @def_cflags_stack_bad = (
+ # Blacklist all stack protector options for simplicity.
+ '-fno-stack-protector',
+ '-fno-stack-protector-all',
+ '-fno-stack-protector-strong',
);
my @def_cflags_pie = (
'-fPIE',
\@def_cflags_fortify,
\@def_cflags_stack,
\@def_cflags_stack_strong,
+ \@def_cflags_stack_bad,
\@def_cflags_pie,
\@def_cxxflags,
\@def_cppflags,
return 1;
}
+sub cflags_stack_broken {
+ my ($line, $missing_flags, $strong) = @_;
+
+ my $flag = $strong ? $def_cflags_stack_strong[0]
+ : $def_cflags_stack[0];
+
+ if (not flag_overwritten($line, $flag, \@def_cflags_stack_bad)) {
+ return 0;
+ }
+ push @{$missing_flags}, $flag;
+ return 1;
+}
+
# Modifies $missing_flags_ref array.
sub pic_pie_conflict {
my ($line, $pie, $missing_flags_ref, @flags_pie) = @_;
# Check hardening flags.
my @missing;
- if ($compile and not all_flags_used($line, \@missing, @cflags)
+ if ($compile and (not all_flags_used($line, \@missing, @cflags)
+ or (($harden_stack or $harden_stack_strong)
+ and cflags_stack_broken($line, \@missing,
+ $harden_stack_strong)))
# Libraries linked with -fPIC don't have to (and can't) be
# linked with -fPIE as well. It's no error if only PIE flags
# are missing.
gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -c test-i.c
+
+gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector -fstack-protector-strong test-a.c
+gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-all -fstack-protector-strong test-a.c
+gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-strong -fstack-protector-strong test-a.c
use strict;
use warnings;
-use Test::More tests => 234;
+use Test::More tests => 236;
sub is_blhc {
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): (gcc -Wl,-z,relro -o test.output test.c)
LDFLAGS missing (-fPIE -pie -Wl,-z,now): (gcc -Wl,-z,relro -o test.output test.c)
';
+is_blhc 'bad-cflags-stackprotector', '', 8,
+ 'CFLAGS missing (-fstack-protector-strong): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector test-a.c
+CFLAGS missing (-fstack-protector-strong): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-all test-a.c
+CFLAGS missing (-fstack-protector-strong): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-strong test-a.c
+';
is_blhc 'bad-cppflags', '', 8,
'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -c test-a.c
ruderich.org/simon / blhc / blhc.git / commitdiff