From b3737dbbbeaf60f8685e099043675712284e6fa6 Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Sun, 27 May 2012 21:48:53 +0200
Subject: [PATCH] Detect overwrite of -D_FORTIFY_SOURCE=2 through 0 or 1.

---
 bin/blhc            | 30 ++++++++++++++++++++++++++++--
 t/logs/bad-cppflags |  7 +++++++
 t/tests.t           |  6 ++++++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/bin/blhc b/bin/blhc
index 2168110..c8260e5 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -171,7 +171,12 @@ my @def_cxxflags = (
 # @def_cxxflags_* is the same as @def_cflags_*.
 my @def_cppflags = ();
 my @def_cppflags_fortify = (
-    '-D_FORTIFY_SOURCE=2',
+    '-D_FORTIFY_SOURCE=2', # must be first, see cppflags_fortify_broken()
+);
+my @def_cppflags_fortify_bad = (
+    # These flags may overwrite -D_FORTIFY_SOURCE=2.
+    '-D_FORTIFY_SOURCE=0',
+    '-D_FORTIFY_SOURCE=1',
 );
 my @def_ldflags = ();
 my @def_ldflags_relro = (
@@ -207,6 +212,7 @@ my @flag_refs = (
 # References to all used flags.
 my @flag_refs_all = (
     @flag_refs,
+    \@def_cppflags_fortify_bad,
     \@def_ldflags_pic,
 );
 # Renaming rules for the output so the regex parts are not visible. Also
@@ -325,6 +331,22 @@ sub all_flags_used {
     return 0;
 }
 
+sub cppflags_fortify_broken {
+    my ($line, $missing_flags) = @_;
+
+    # This doesn't take the position into account, but is a simple solution.
+    # And if the build system tries to force -D_FORTIFY_SOURCE=0/1, something
+    # is wrong anyway.
+
+    if (any_flags_used($line, @def_cppflags_fortify_bad)) {
+        # $def_cppflags_fortify[0] must be -D_FORTIFY_SOURCE=2!
+        push @{$missing_flags}, $def_cppflags_fortify[0];
+        return 1;
+    }
+
+    return 0;
+}
+
 # Modifies $missing_flags_ref array.
 sub pic_pie_conflict {
     my ($line, $pie, $missing_flags_ref, @flags_pie) = @_;
@@ -990,7 +1012,11 @@ LINE:
             }
             $exit |= $exit_code{flags_missing};
         }
-        if ($preprocess and not all_flags_used($line, \@missing, @cppflags)
+        if ($preprocess
+                and (not all_flags_used($line, \@missing, @cppflags)
+                    # The fortify flag might be overwritten, detect that.
+                     or ($harden_fortify
+                         and cppflags_fortify_broken($line, \@missing)))
                 # Assume dpkg-buildflags returns the correct flags.
                 and index($line, '`dpkg-buildflags --get CPPFLAGS`') == -1) {
             if (not $option_buildd) {
diff --git a/t/logs/bad-cppflags b/t/logs/bad-cppflags
index a4d83b1..098cb96 100644
--- a/t/logs/bad-cppflags
+++ b/t/logs/bad-cppflags
@@ -8,3 +8,10 @@ gcc -Wl,-z,relro -o test test-a.o test-b.o test-c.o -ltest
 gcc -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c ../../../../src/test/test.c -o test.so.o
 
 g++ -o test -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test-a.cxx test-b.o test-c.o -Wl,-z,relro
+
+gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-a.c
+gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-b.c
+gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=1 -c test-c.c
+gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c
+gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
+gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
diff --git a/t/tests.t b/t/tests.t
index 1248396..1f68cd4 100644
--- a/t/tests.t
+++ b/t/tests.t
@@ -511,6 +511,12 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector --param=ssp
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c test-c.c
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -c ../../../../src/test/test.c -o test.so.o
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): g++ -o test -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test-a.cxx test-b.o test-c.o -Wl,-z,relro
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-a.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-b.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=1 -c test-c.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
 ';
 
 my $bad_ldflags =
-- 
2.43.2