42281880a8ac8614832ff918a14e4b950f35d05d |
|
17-Apr-2015 |
Daniel Micay <danielmicay@gmail.com> |
add fortified readlink/readlinkat implementations Change-Id: Ia4b1824d20cad3a072b9162047492dade8576779
|
e7e1c875b0f8eefb1d771f200a58f54e64c39d55 |
|
16-Apr-2015 |
Daniel Micay <danielmicay@gmail.com> |
add fortified implementations of pread/pread64 Change-Id: Iec39c3917e0bc94371bd81541619392f5abe29b9
|
f4fe6937aa5ac5a424b63bc68c5a953aaf46e1c6 |
|
04-Feb-2015 |
Yabin Cui <yabinc@google.com> |
Fix poll/ppoll fortify test to avoid hanging in failed fortify clang test. Bug: 19220800 Change-Id: Ie75c640183c4a41a499556fefb4f824a134a5fb1
|
d036e94bb39a551768dc756a79366e6378fe95e3 |
|
02-Feb-2015 |
Elliott Hughes <enh@google.com> |
Explicitly check that the reason fortify tests abort is fortify. Change-Id: I95291e2febf7b497c1d9f37fd7fa9acdd21e86a4
|
4674e3899afcc6b3ac8a48cdb716695d5489d26b |
|
02-Feb-2015 |
Elliott Hughes <enh@google.com> |
Fortify poll and ppoll. And remove the test for FD_ZERO fortification, which never made much sense anyway. Change-Id: Id1009c5298d461fa4722189e8ecaf22f0c529536
|
9df70403d95f5cfe6824e38a9a6c35f9b9bbc76a |
|
06-Nov-2014 |
Yabin Cui <yabinc@google.com> |
make all bionic death tests not dumpable Bug: 18067305 Change-Id: Ia1ecacf47eddecc9bc58aaac779e0c218f463179
|
884a3de60f442748a1d15c6a219f7058e03e38e2 |
|
06-Oct-2014 |
Nick Kralevich <nnk@google.com> |
Revert "cdefs.h: add artificial attribute to FORTIFY_SOURCE functions" Broke the build. In file included from frameworks/rs/cpu_ref/rsCpuCore.cpp:36: system/core/include/cutils/properties.h:118:1: error: unknown attribute '__artificial__' ignored [-Werror,-Wunknown-attributes] __BIONIC_FORTIFY_INLINE ^ bionic/libc/include/sys/cdefs.h:537:110: note: expanded from macro '__BIONIC_FORTIFY_INLINE' #define __BIONIC_FORTIFY_INLINE extern __inline__ __always_inline __attribute__((gnu_inline)) __attribute__((__artificial__)) ^ 1 error generated. make: *** [out/target/product/generic/obj/SHARED_LIBRARIES/libRSCpuRef_intermediates/rsCpuCore.o] Error 1 This reverts commit 9b543ffeac216189cc8125f7624da9a8cbcbe2e4. Change-Id: I6a1198747505dcb402b722887c1bfbc3a628a8b8
|
9b543ffeac216189cc8125f7624da9a8cbcbe2e4 |
|
05-Oct-2014 |
Nick Kralevich <nnk@google.com> |
cdefs.h: add artificial attribute to FORTIFY_SOURCE functions Otherwise the gcc compiler warning doesn't show up. Delete some unittests. These unittests no longer compile cleanly using -Wall -Werror, and rewriting them to compile cleanly isn't feasible. Bug: 17784968 Change-Id: I9bbdc7b6a1c2ac75754f5d0f90782e0dfae66721
|
92d8b2320a4c3911452227f560ae4a39e83b0abf |
|
23-Jul-2014 |
Nick Kralevich <nnk@google.com> |
debuggerd: if PR_GET_DUMPABLE=0, don't ask for dumping PR_GET_DUMPABLE is used by an application to indicate whether or not core dumps / PTRACE_ATTACH should work. Security sensitive applications often set PR_SET_DUMPABLE to 0 to disable core dumps, to avoid leaking sensitive memory to persistent storage. Similarly, they also set PR_SET_DUMPABLE to zero to prevent PTRACE_ATTACH from working, again to avoid leaking the contents of sensitive memory. Honor PR_GET_DUMPABLE when connecting to debuggerd. If an application has said it doesn't want its memory dumped, then we shouldn't ask debuggerd to dump memory on its behalf. FORTIFY_SOURCE tests: Modify the fortify_source tests to set PR_SET_DUMPABLE=0. This reduces the total runtime of /data/nativetest/bionic-unit-tests/bionic-unit-tests32 from approx 53 seconds to 25 seconds. There's no need to connect to debuggerd when running these tests. Bug: 16513137 (cherry picked from commit be0e43b77676338fd5e6a82c9cc2b6302d579de2) Change-Id: I6e1a9bce564e94fc19893d639b15f38c549cabfa
|
1c5bb20b0d233183146ec8fc520e3b789cf843fb |
|
23-Jul-2014 |
Nick Kralevich <nnk@google.com> |
debuggerd: if PR_GET_DUMPABLE=0, don't ask for dumping PR_GET_DUMPABLE is used by an application to indicate whether or not core dumps / PTRACE_ATTACH should work. Security sensitive applications often set PR_SET_DUMPABLE to 0 to disable core dumps, to avoid leaking sensitive memory to persistent storage. Similarly, they also set PR_SET_DUMPABLE to zero to prevent PTRACE_ATTACH from working, again to avoid leaking the contents of sensitive memory. Honor PR_GET_DUMPABLE when connecting to debuggerd. If an application has said it doesn't want its memory dumped, then we shouldn't ask debuggerd to dump memory on its behalf. FORTIFY_SOURCE tests: Modify the fortify_source tests to set PR_SET_DUMPABLE=0. This reduces the total runtime of /data/nativetest/bionic-unit-tests/bionic-unit-tests32 from approx 53 seconds to 25 seconds. There's no need to connect to debuggerd when running these tests. Bug: 16513137 (cherry picked from commit be0e43b77676338fd5e6a82c9cc2b6302d579de2) Change-Id: I1e2af2300db56e6c8e6f304a666e66f6904c2be6
|
be0e43b77676338fd5e6a82c9cc2b6302d579de2 |
|
23-Jul-2014 |
Nick Kralevich <nnk@google.com> |
debuggerd: if PR_GET_DUMPABLE=0, don't ask for dumping PR_GET_DUMPABLE is used by an application to indicate whether or not core dumps / PTRACE_ATTACH should work. Security sensitive applications often set PR_SET_DUMPABLE to 0 to disable core dumps, to avoid leaking sensitive memory to persistent storage. Similarly, they also set PR_SET_DUMPABLE to zero to prevent PTRACE_ATTACH from working, again to avoid leaking the contents of sensitive memory. Honor PR_GET_DUMPABLE when connecting to debuggerd. If an application has said it doesn't want its memory dumped, then we shouldn't ask debuggerd to dump memory on its behalf. FORTIFY_SOURCE tests: Modify the fortify_source tests to set PR_SET_DUMPABLE=0. This reduces the total runtime of /data/nativetest/bionic-unit-tests/bionic-unit-tests32 from approx 53 seconds to 25 seconds. There's no need to connect to debuggerd when running these tests. Bug: 16513137 Change-Id: Idc7857b089f3545758f4d9b436b783d580fb653f
|
063525c61d24776094d76971f33920e2a2079530 |
|
13-May-2014 |
Elliott Hughes <enh@google.com> |
Consistently use #if defined(__BIONIC__) in tests. I've also switched some tests to be positive rather than negative, because !defined is slightly harder to reason about and there are only two cases: bionic and glibc. Change-Id: I8d3ac40420ca5aead3e88c69cf293f267273c8ef
|
409588cdae447a0e58bf136a9ea3a9b8d321fbf3 |
|
24-Apr-2014 |
Elliott Hughes <enh@google.com> |
Fix fallout from host GCC upgrade. I'll raise a bug for the FD_ISSET fortification; we should do better too. Change-Id: Id2bf277890ad06b010dc952e270d746714c2bea7
|
950a58e24d1019eb9d814dbb16f111a6b61e3f23 |
|
04-Apr-2014 |
Christopher Ferris <cferris@google.com> |
Add stpcpy/stpncpy. Add tests for the above. Add the fortify implementations of __stpcpy_chk and __stpncpy_chk. Modify the strncpy test to cover more cases and use this template for stpncpy. Add all of the fortify test cases. Bug: 13746695 Change-Id: I8c0f0d4991a878b8e8734fff12c8b73b07fdd344
|
f04935c85e0b466f0d30d2cd4c0fa2fff62e7d6d |
|
21-Dec-2013 |
Christopher Ferris <cferris@google.com> |
Make sure that the same tests are on all platforms. In order to be able to generate a list of tests for cts, the same set of tests must exist across all platforms. This CL adds empty tests where a test was conditionally compiled out. This CL creates a single library libBionicTests that includes all of the tests found in bionic-unit-tests-static. Also fix a few missing include files in some test files. Tested by running and compiling the tests for every platform and verifying the same number of tests are on each platform. Change-Id: I9989d4bfebb0f9c409a0ce7e87169299eac605a2
|
6e38072addd556e3894284b5bd040ac64fffa72e |
|
11-Oct-2013 |
Stephen Hines <srhines@google.com> |
Wrap sprintf()/snprintf() macros to prevent expansion errors. Previously, FORTIFY_SOURCE used single macros to define these standard functions for use with clang. This can cause conflicts with other macros used to call these functions, particularly when those macros expand the number of arguments to the function. This change wraps our macro definitions, so that expansion properly takes place for programmer arguments first. Change-Id: I55929b1fd2a643b9d14a17631c4bcab3b0b712cf
|
b036b5ca36c1e12b075909b3eca6eab73ee611cf |
|
10-Oct-2013 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: fortify read() Change-Id: Ic7de163fe121db13e00560adb257331bc709814d
|
8d2532763981d132b02df157e4cc363c39330090 |
|
10-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Revert "FORTIFY_SOURCE: fortify read()" This change reverts * fb3f956d075676c0438f2ee2bf3a5be659dfc04b. * 65c99de2cb7a569ea17ca35e2f8f1e033421864b Change-Id: Id5774eeede41130579115cf67a72ee914f2b47d5
|
65c99de2cb7a569ea17ca35e2f8f1e033421864b |
|
09-Oct-2013 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: fortify read() Change-Id: I3d7b4ec86d04efb865117ce7629a2e26917f3331
|
7943df62f70f686b0c77532f6617b47255d75763 |
|
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Check memory size on FD_* functions Make sure the buffer we're dealing with has enough room. Might as well check for memory issues while we're here, even though I don't imagine they'll happen in practice. Change-Id: I0ae1f0f06aca9ceb91e58c70183bb14e275b92b5
|
5b9310e502003e584bcb3a028ca3db7aa4d3f01b |
|
03-Oct-2013 |
Elliott Hughes <enh@google.com> |
Fix 32-bit issues in tests, and add a trivial test for the FD_* macros. Change-Id: Ia3f21ce1f0ed9236527fe44d36ccb7de6bf63113
|
90201d5eca050414d50a433866ccb580415bb0d4 |
|
03-Oct-2013 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: Add __FD_* checks Add FORTIFY_SOURCE checks for the following macros: * FD_CLR * FD_ISSET * FD_SET Bug: 11047121 Change-Id: I3c5952136aec9eff3288b91b1318677ff971525c
|
b91791d71c58d14309cd4d842d222f5d36b3a5a8 |
|
02-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Use alloc_size attribute on *alloc functions malloc and family were not declared with __attribute__((alloc_size)). This was (sometimes) preventing FORTIFY_SOURCE related functions from knowing the size of the buffer it's dealing with, inhibiting FORTIFY_SOURCE protections. Add __attribute__((alloc_size)) Information about the alloc_size attribute can be found at http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html Change-Id: Ia2f0a445f0170a7325f69259b5e7fb35a9f14921
|
60f4f9a5b99a0a66817f50edfc2194a49f8b5146 |
|
25-Sep-2013 |
Nick Kralevich <nnk@google.com> |
libc: fortify recvfrom() Fortify calls to recv() and recvfrom(). We use __bos0 to match glibc's behavior, and because I haven't tested using __bos. Change-Id: Iad6ae96551a89af17a9c347b80cdefcf2020c505
|
16e185c9081530859c17270fbaf5798f0ea871f8 |
|
11-Sep-2013 |
Christopher Ferris <cferris@google.com> |
__memcpy_chk: Fix signed cmp of unsigned values. I accidentally did a signed comparison of the size_t values passed in for three of the _chk functions. Changing them to unsigned compares. Add three new tests to verify this failure is fixed. Bug: 10691831 Merge from internal master. (cherry-picked from 883ef2499c2ff76605f73b1240f719ca6282e554) Change-Id: Id9a96b549435f5d9b61dc132cf1082e0e30889f5
|
883ef2499c2ff76605f73b1240f719ca6282e554 |
|
11-Sep-2013 |
Christopher Ferris <cferris@google.com> |
__memcpy_chk: Fix signed cmp of unsigned values. I accidentally did a signed comparison of the size_t values passed in for three of the _chk functions. Changing them to unsigned compares. Add three new tests to verify this failure is fixed. Bug: 10691831 Change-Id: Ia831071f7dffd5972a748d888dd506c7cc7ddba3
|
93501d3ab81156bcef251bb817a49e9ca46a6ec1 |
|
28-Aug-2013 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: introduce __strncpy_chk2 This change detects programs reading beyond the end of "src" when calling strncpy. Change-Id: Ie1b42de923385d62552b22c27b2d4713ab77ee03
|
a6cde392765eb955cb4be5faa6ee62dcf77e8aa5 |
|
29-Jun-2013 |
Nick Kralevich <nnk@google.com> |
More FORTIFY_SOURCE functions under clang * bzero * umask * strlcat Change-Id: I65065208e0b8b37e10f6a266d5305de8fa9e59fc
|
5bcf39842e8c4b02ae557a2765a84e724f762469 |
|
28-Jun-2013 |
Nick Kralevich <nnk@google.com> |
Reorganize FORTIFY_SOURCE tests. Get rid of a lot of the duplication in the various FORTIFY_SOURCE tests. Instead, we build 4 separate static libraries, with 4 different compile time options, and link them into the final test binary. Change-Id: Idb0b7cccc8dd837adb037bf4ddfe8942ae138230
|