1 /* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
27 #include <sys/socket.h>
32 static void do_prepare (void);
33 static int do_test (void);
34 #define PREPARE(argc, argv) do_prepare ()
35 #define TEST_FUNCTION do_test ()
36 #include "../test-skeleton.c"
41 int temp_fd
= create_temp_file ("tst-chk1.", &temp_filename
);
44 printf ("cannot create temporary file: %m\n");
48 const char *strs
= "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
49 if (write (temp_fd
, strs
, strlen (strs
)) != strlen (strs
))
51 puts ("could not write test strings into file");
52 unlink (temp_filename
);
57 volatile int chk_fail_ok
;
67 longjmp (chk_fail_buf
, 1);
76 const char *str1
= "JIHGFEDCBA";
77 const char *str2
= "F";
78 const char *str3
= "%s%n%s%n";
79 const char *str4
= "Hello, ";
80 const char *str5
= "World!\n";
86 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
87 #define CHK_FAIL_START \
89 if (! setjmp (chk_fail_buf)) \
91 #define CHK_FAIL_END \
95 #if __USE_FORTIFY_LEVEL >= 2
96 #define CHK_FAIL2_START CHK_FAIL_START
97 #define CHK_FAIL2_END CHK_FAIL_END
99 #define CHK_FAIL2_START
100 #define CHK_FAIL2_END
107 sa
.sa_handler
= handler
;
109 sigemptyset (&sa
.sa_mask
);
111 sigaction (SIGABRT
, &sa
, NULL
);
113 /* Avoid all the buffer overflow messages on stderr. */
114 int fd
= open (_PATH_DEVNULL
, O_WRONLY
);
116 close (STDERR_FILENO
);
119 dup2 (fd
, STDERR_FILENO
);
122 setenv ("LIBC_FATAL_STDERR_", "1", 1);
124 struct A
{ char buf1
[9]; char buf2
[1]; } a
;
126 printf ("Test checking routines at fortify level %d\n",
127 #ifdef __USE_FORTIFY_LEVEL
128 (int) __USE_FORTIFY_LEVEL
134 /* These ops can be done without runtime checking of object size. */
135 memcpy (buf
, "abcdefghij", 10);
136 memmove (buf
+ 1, buf
, 9);
137 if (memcmp (buf
, "aabcdefghi", 10))
140 if (mempcpy (buf
+ 5, "abcde", 5) != buf
+ 10 || memcmp (buf
, "aabcdabcde", 10))
143 memset (buf
+ 8, 'j', 2);
144 if (memcmp (buf
, "aabcdabcjj", 10))
147 strcpy (buf
+ 4, "EDCBA");
148 if (memcmp (buf
, "aabcEDCBA", 10))
151 if (stpcpy (buf
+ 8, "F") != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
154 strncpy (buf
+ 6, "X", 4);
155 if (memcmp (buf
, "aabcEDX\0\0", 10))
158 if (sprintf (buf
+ 7, "%s", "67") != 2 || memcmp (buf
, "aabcEDX67", 10))
161 if (snprintf (buf
+ 7, 3, "%s", "987654") != 6
162 || memcmp (buf
, "aabcEDX98", 10))
165 /* These ops need runtime checking, but shouldn't __chk_fail. */
166 memcpy (buf
, "abcdefghij", l0
+ 10);
167 memmove (buf
+ 1, buf
, l0
+ 9);
168 if (memcmp (buf
, "aabcdefghi", 10))
171 if (mempcpy (buf
+ 5, "abcde", l0
+ 5) != buf
+ 10 || memcmp (buf
, "aabcdabcde", 10))
174 memset (buf
+ 8, 'j', l0
+ 2);
175 if (memcmp (buf
, "aabcdabcjj", 10))
178 strcpy (buf
+ 4, str1
+ 5);
179 if (memcmp (buf
, "aabcEDCBA", 10))
182 if (stpcpy (buf
+ 8, str2
) != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
185 strncpy (buf
+ 6, "X", l0
+ 4);
186 if (memcmp (buf
, "aabcEDX\0\0", 10))
189 if (sprintf (buf
+ 7, "%d", num1
) != 2 || memcmp (buf
, "aabcEDX67", 10))
192 if (snprintf (buf
+ 7, 3, "%d", num2
) != 6 || memcmp (buf
, "aabcEDX98", 10))
197 if (memcmp (buf
, "aabcEDX9A", 10))
201 strncat (buf
, "ZYXWV", l0
+ 2);
202 if (memcmp (buf
, "aabcEDXZY", 10))
205 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
206 memmove (a
.buf1
+ 1, a
.buf1
, l0
+ 9);
207 if (memcmp (a
.buf1
, "aabcdefghi", 10))
210 if (mempcpy (a
.buf1
+ 5, "abcde", l0
+ 5) != a
.buf1
+ 10
211 || memcmp (a
.buf1
, "aabcdabcde", 10))
214 memset (a
.buf1
+ 8, 'j', l0
+ 2);
215 if (memcmp (a
.buf1
, "aabcdabcjj", 10))
218 #if __USE_FORTIFY_LEVEL < 2
219 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
220 and sufficient GCC support, as the string operations overflow
221 from a.buf1 into a.buf2. */
222 strcpy (a
.buf1
+ 4, str1
+ 5);
223 if (memcmp (a
.buf1
, "aabcEDCBA", 10))
226 if (stpcpy (a
.buf1
+ 8, str2
) != a
.buf1
+ 9 || memcmp (a
.buf1
, "aabcEDCBF", 10))
229 strncpy (a
.buf1
+ 6, "X", l0
+ 4);
230 if (memcmp (a
.buf1
, "aabcEDX\0\0", 10))
233 if (sprintf (a
.buf1
+ 7, "%d", num1
) != 2 || memcmp (a
.buf1
, "aabcEDX67", 10))
236 if (snprintf (a
.buf1
+ 7, 3, "%d", num2
) != 6
237 || memcmp (a
.buf1
, "aabcEDX98", 10))
240 a
.buf1
[l0
+ 8] = '\0';
241 strcat (a
.buf1
, "A");
242 if (memcmp (a
.buf1
, "aabcEDX9A", 10))
245 a
.buf1
[l0
+ 7] = '\0';
246 strncat (a
.buf1
, "ZYXWV", l0
+ 2);
247 if (memcmp (a
.buf1
, "aabcEDXZY", 10))
252 #if __USE_FORTIFY_LEVEL >= 1
253 /* Now check if all buffer overflows are caught at runtime. */
256 memcpy (buf
+ 1, "abcdefghij", l0
+ 10);
260 memmove (buf
+ 2, buf
+ 1, l0
+ 9);
264 p
= mempcpy (buf
+ 6, "abcde", l0
+ 5);
268 memset (buf
+ 9, 'j', l0
+ 2);
272 strcpy (buf
+ 5, str1
+ 5);
276 p
= stpcpy (buf
+ 9, str2
);
280 strncpy (buf
+ 7, "X", l0
+ 4);
284 sprintf (buf
+ 8, "%d", num1
);
288 snprintf (buf
+ 8, l0
+ 3, "%d", num2
);
291 memcpy (buf
, str1
+ 2, l0
+ 9);
296 memcpy (buf
, str1
+ 3, l0
+ 8);
298 strncat (buf
, "ZYXWV", l0
+ 3);
302 memcpy (a
.buf1
+ 1, "abcdefghij", l0
+ 10);
306 memmove (a
.buf1
+ 2, a
.buf1
+ 1, l0
+ 9);
310 p
= mempcpy (a
.buf1
+ 6, "abcde", l0
+ 5);
314 memset (a
.buf1
+ 9, 'j', l0
+ 2);
317 #if __USE_FORTIFY_LEVEL >= 2
324 strcpy (a
.buf1
+ (O
+ 4), str1
+ 5);
328 p
= stpcpy (a
.buf1
+ (O
+ 8), str2
);
332 strncpy (a
.buf1
+ (O
+ 6), "X", l0
+ 4);
336 sprintf (a
.buf1
+ (O
+ 7), "%d", num1
);
340 snprintf (a
.buf1
+ (O
+ 7), l0
+ 3, "%d", num2
);
343 memcpy (a
.buf1
, str1
+ (3 - O
), l0
+ 8 + O
);
345 strcat (a
.buf1
, "AB");
348 memcpy (a
.buf1
, str1
+ (4 - O
), l0
+ 7 + O
);
350 strncat (a
.buf1
, "ZYXWV", l0
+ 3);
354 /* Now checks for %n protection. */
356 /* Constant literals passed directly are always ok
357 (even with warnings about possible bugs from GCC). */
359 if (sprintf (buf
, "%s%n%s%n", str2
, &n1
, str2
, &n2
) != 2
360 || n1
!= 1 || n2
!= 2)
363 /* In this case the format string is not known at compile time,
364 but resides in read-only memory, so is ok. */
365 if (snprintf (buf
, 4, str3
, str2
, &n1
, str2
, &n2
) != 2
366 || n1
!= 1 || n2
!= 2)
369 strcpy (buf2
+ 2, "%n%s%n");
370 /* When the format string is writable and contains %n,
371 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
373 if (sprintf (buf
, buf2
, str2
, &n1
, str2
, &n1
) != 2)
378 if (snprintf (buf
, 3, buf2
, str2
, &n1
, str2
, &n1
) != 2)
382 /* But if there is no %n, even writable format string
385 if (sprintf (buf
, buf2
+ 4, str2
) != 1)
388 /* Constant literals passed directly are always ok
389 (even with warnings about possible bugs from GCC). */
390 if (printf ("%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
391 || n1
!= 7 || n2
!= 14)
394 /* In this case the format string is not known at compile time,
395 but resides in read-only memory, so is ok. */
396 if (printf (str3
, str4
, &n1
, str5
, &n2
) != 14
397 || n1
!= 7 || n2
!= 14)
400 strcpy (buf2
+ 2, "%n%s%n");
401 /* When the format string is writable and contains %n,
402 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
404 if (printf (buf2
, str4
, &n1
, str5
, &n1
) != 14)
408 /* But if there is no %n, even writable format string
411 if (printf (buf2
+ 4, str5
) != 7)
416 /* Constant literals passed directly are always ok
417 (even with warnings about possible bugs from GCC). */
418 if (fprintf (fp
, "%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
419 || n1
!= 7 || n2
!= 14)
422 /* In this case the format string is not known at compile time,
423 but resides in read-only memory, so is ok. */
424 if (fprintf (fp
, str3
, str4
, &n1
, str5
, &n2
) != 14
425 || n1
!= 7 || n2
!= 14)
428 strcpy (buf2
+ 2, "%n%s%n");
429 /* When the format string is writable and contains %n,
430 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
432 if (fprintf (fp
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
436 /* But if there is no %n, even writable format string
439 if (fprintf (fp
, buf2
+ 4, str5
) != 7)
442 if (freopen (temp_filename
, "r", stdin
) == NULL
)
444 puts ("could not open temporary file");
448 if (gets (buf
) != buf
|| memcmp (buf
, "abcdefgh", 9))
450 if (gets (buf
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
453 #if __USE_FORTIFY_LEVEL >= 1
455 if (gets (buf
) != buf
)
462 if (fgets (buf
, sizeof (buf
), stdin
) != buf
463 || memcmp (buf
, "abcdefgh\n", 10))
465 if (fgets (buf
, sizeof (buf
), stdin
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
470 if (fgets (buf
, l0
+ sizeof (buf
), stdin
) != buf
471 || memcmp (buf
, "abcdefgh\n", 10))
474 #if __USE_FORTIFY_LEVEL >= 1
476 if (fgets (buf
, sizeof (buf
) + 1, stdin
) != buf
)
481 if (fgets (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
488 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
489 || memcmp (buf
, "abcdefgh\n", 10))
491 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
492 || memcmp (buf
, "ABCDEFGHI", 10))
497 if (fgets_unlocked (buf
, l0
+ sizeof (buf
), stdin
) != buf
498 || memcmp (buf
, "abcdefgh\n", 10))
501 #if __USE_FORTIFY_LEVEL >= 1
503 if (fgets_unlocked (buf
, sizeof (buf
) + 1, stdin
) != buf
)
508 if (fgets_unlocked (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
513 lseek (fileno (stdin
), 0, SEEK_SET
);
515 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
516 || memcmp (buf
, "abcdefgh\n", 9))
518 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
519 || memcmp (buf
, "ABCDEFGHI", 9))
522 lseek (fileno (stdin
), 0, SEEK_SET
);
524 if (read (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1) != sizeof (buf
) - 1
525 || memcmp (buf
, "abcdefgh\n", 9))
528 #if __USE_FORTIFY_LEVEL >= 1
530 if (read (fileno (stdin
), buf
, sizeof (buf
) + 1) != sizeof (buf
) + 1)
535 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
537 || memcmp (buf
, "\nABCDEFGH", 9))
539 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
540 || memcmp (buf
, "abcdefgh\n", 9))
542 if (pread (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
544 || memcmp (buf
, "h\nABCDEFG", 9))
547 #if __USE_FORTIFY_LEVEL >= 1
549 if (pread (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
555 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
557 || memcmp (buf
, "\nABCDEFGH", 9))
559 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
560 || memcmp (buf
, "abcdefgh\n", 9))
562 if (pread64 (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
564 || memcmp (buf
, "h\nABCDEFG", 9))
567 #if __USE_FORTIFY_LEVEL >= 1
569 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
575 if (freopen (temp_filename
, "r", stdin
) == NULL
)
577 puts ("could not open temporary file");
581 if (fseek (stdin
, 9 + 10 + 11, SEEK_SET
))
583 puts ("could not seek in test file");
587 #if __USE_FORTIFY_LEVEL >= 1
589 if (gets (buf
) != buf
)
594 /* Check whether missing N$ formats are detected. */
596 printf ("%3$d\n", 1, 2, 3, 4);
600 fprintf (stdout
, "%3$d\n", 1, 2, 3, 4);
604 sprintf (buf
, "%3$d\n", 1, 2, 3, 4);
608 snprintf (buf
, sizeof (buf
), "%3$d\n", 1, 2, 3, 4);
612 if (socketpair (PF_UNIX
, SOCK_STREAM
, 0, sp
))
616 const char *sendstr
= "abcdefgh\nABCDEFGH\n0123456789\n";
617 if (send (sp
[0], sendstr
, strlen (sendstr
), 0) != strlen (sendstr
))
621 if (recv (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
)
623 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
626 if (recv (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
)
627 != sizeof recvbuf
- 7
628 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
631 #if __USE_FORTIFY_LEVEL >= 1
633 if (recv (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
)
639 if (recv (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
)
640 != sizeof recvbuf
- 3)
646 struct sockaddr_un sa_un
;
649 if (recvfrom (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
, &sa_un
, &sl
)
651 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
655 if (recvfrom (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
,
656 &sa_un
, &sl
) != sizeof recvbuf
- 7
657 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
660 #if __USE_FORTIFY_LEVEL >= 1
663 if (recvfrom (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
, &sa_un
, &sl
)
670 if (recvfrom (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
,
671 &sa_un
, &sl
) != sizeof recvbuf
- 3)
680 char fname
[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
681 char *enddir
= strchr (fname
, '\0');
682 if (mkdtemp (fname
) == NULL
)
684 printf ("mkdtemp failed: %m\n");
688 if (symlink ("bar", fname
) != 0)
692 if (readlink (fname
, readlinkbuf
, 4) != 3
693 || memcmp (readlinkbuf
, "bar", 3) != 0)
695 if (readlink (fname
, readlinkbuf
+ 1, l0
+ 3) != 3
696 || memcmp (readlinkbuf
, "bbar", 4) != 0)
699 #if __USE_FORTIFY_LEVEL >= 1
701 if (readlink (fname
, readlinkbuf
+ 2, l0
+ 3) != 3)
706 if (readlink (fname
, readlinkbuf
+ 3, 4) != 3)
711 char *cwd1
= getcwd (NULL
, 0);
715 char *cwd2
= getcwd (NULL
, 250);
721 if (strcmp (cwd1
, cwd2
) != 0)
728 char *cwd3
= getcwd (NULL
, 0);
731 if (strcmp (fname
, cwd3
) != 0)
732 printf ("getcwd after chdir is '%s' != '%s',"
733 "get{c,}wd tests skipped\n", cwd3
, fname
);
736 char getcwdbuf
[sizeof fname
- 3];
738 char *cwd4
= getcwd (getcwdbuf
, sizeof getcwdbuf
);
739 if (cwd4
!= getcwdbuf
740 || strcmp (getcwdbuf
, fname
) != 0)
743 cwd4
= getcwd (getcwdbuf
+ 1, l0
+ sizeof getcwdbuf
- 1);
744 if (cwd4
!= getcwdbuf
+ 1
745 || getcwdbuf
[0] != fname
[0]
746 || strcmp (getcwdbuf
+ 1, fname
) != 0)
749 #if __USE_FORTIFY_LEVEL >= 1
751 if (getcwd (getcwdbuf
+ 2, l0
+ sizeof getcwdbuf
)
757 if (getcwd (getcwdbuf
+ 2, sizeof getcwdbuf
)
763 if (getwd (getcwdbuf
) != getcwdbuf
764 || strcmp (getcwdbuf
, fname
) != 0)
767 if (getwd (getcwdbuf
+ 1) != getcwdbuf
+ 1
768 || strcmp (getcwdbuf
+ 1, fname
) != 0)
771 #if __USE_FORTIFY_LEVEL >= 1
773 if (getwd (getcwdbuf
+ 2) != getcwdbuf
+ 2)
779 if (chdir (cwd1
) != 0)
787 if (unlink (fname
) != 0)
791 if (rmdir (fname
) != 0)