10a2301598c207fd1b50015984942fee5e8511593Nick Kralevich/* 20a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * Copyright (C) 2012 The Android Open Source Project 30a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * All rights reserved. 40a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * 50a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * Redistribution and use in source and binary forms, with or without 60a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * modification, are permitted provided that the following conditions 70a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * are met: 80a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * * Redistributions of source code must retain the above copyright 90a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * notice, this list of conditions and the following disclaimer. 100a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * * Redistributions in binary form must reproduce the above copyright 110a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * notice, this list of conditions and the following disclaimer in 120a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * the documentation and/or other materials provided with the 130a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * distribution. 140a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * 150a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 160a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 170a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 180a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 190a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 200a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 210a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 220a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 230a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 240a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 250a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 260a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * SUCH DAMAGE. 270a2301598c207fd1b50015984942fee5e8511593Nick Kralevich */ 280a2301598c207fd1b50015984942fee5e8511593Nick Kralevich 29e4c6b08c4e81f640afc502804d1226a3e79dc26dNick Kralevich#undef _FORTIFY_SOURCE 30e4c6b08c4e81f640afc502804d1226a3e79dc26dNick Kralevich 310a2301598c207fd1b50015984942fee5e8511593Nick Kralevich#include <string.h> 320a2301598c207fd1b50015984942fee5e8511593Nick Kralevich#include <stdlib.h> 33eb847bc8666842a3cfc9c06e8458ad1abebebaf0Elliott Hughes#include "private/libc_logging.h" 340a2301598c207fd1b50015984942fee5e8511593Nick Kralevich 350a2301598c207fd1b50015984942fee5e8511593Nick Kralevich/* 360a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * Runtime implementation of __builtin____strncpy_chk. 370a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * 380a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * See 390a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html 400a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html 410a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * for details. 420a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * 430a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * This strncpy check is called if _FORTIFY_SOURCE is defined and 440a2301598c207fd1b50015984942fee5e8511593Nick Kralevich * greater than 0. 450a2301598c207fd1b50015984942fee5e8511593Nick Kralevich */ 4693501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevichextern "C" char* __strncpy_chk(char* __restrict dest, const char* __restrict src, 47d1eda33f012e46083b91e087fb79d14a5ce70f0eElliott Hughes size_t len, size_t dest_len) { 4893501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich if (__predict_false(len > dest_len)) { 49d1eda33f012e46083b91e087fb79d14a5ce70f0eElliott Hughes __fortify_chk_fail("strncpy: prevented write past end of buffer", 5093501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW); 5193501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich } 5293501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich 5393501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich return strncpy(dest, src, len); 5493501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich} 5593501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich 5693501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich/* 5793501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich * __strncpy_chk2 5893501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich * 5993501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich * This is a variant of __strncpy_chk, but it also checks to make 6093501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich * sure we don't read beyond the end of "src". The code for this is 6193501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich * based on the original version of strncpy, but modified to check 6293501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich * how much we read from "src" at the end of the copy operation. 6393501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich */ 6493501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevichextern "C" char* __strncpy_chk2(char* __restrict dst, const char* __restrict src, 6593501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich size_t n, size_t dest_len, size_t src_len) 6693501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich{ 6793501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich if (__predict_false(n > dest_len)) { 68d1eda33f012e46083b91e087fb79d14a5ce70f0eElliott Hughes __fortify_chk_fail("strncpy: prevented write past end of buffer", 6993501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW); 7093501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich } 7193501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich if (n != 0) { 7293501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich char* d = dst; 7393501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich const char* s = src; 7493501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich 7593501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich do { 7693501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich if ((*d++ = *s++) == 0) { 7793501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich /* NUL pad the remaining n-1 bytes */ 7893501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich while (--n != 0) { 7993501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich *d++ = 0; 8093501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich } 8193501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich break; 8293501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich } 8393501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich } while (--n != 0); 8493501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich 8593501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich size_t s_copy_len = static_cast<size_t>(s - src); 8693501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich if (__predict_false(s_copy_len > src_len)) { 87d1eda33f012e46083b91e087fb79d14a5ce70f0eElliott Hughes __fortify_chk_fail("strncpy: prevented read past end of buffer", 0); 880a2301598c207fd1b50015984942fee5e8511593Nick Kralevich } 8993501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich } 900a2301598c207fd1b50015984942fee5e8511593Nick Kralevich 9193501d3ab81156bcef251bb817a49e9ca46a6ec1Nick Kralevich return dst; 920a2301598c207fd1b50015984942fee5e8511593Nick Kralevich} 93