debug/tst-chk1.c

   1 /* Copyright (C) 2004 Free Software Foundation, Inc.
   2    This file is part of the GNU C Library.
   3    Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
   4
   5    The GNU C Library is free software; you can redistribute it and/or
   6    modify it under the terms of the GNU Lesser General Public
   7    License as published by the Free Software Foundation; either
   8    version 2.1 of the License, or (at your option) any later version.
   9
  10    The GNU C Library is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13    Lesser General Public License for more details.
  14
  15    You should have received a copy of the GNU Lesser General Public
  16    License along with the GNU C Library; if not, write to the Free
  17    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
  18    02111-1307 USA.  */
  19
  20 #include <setjmp.h>
  21 #include <signal.h>
  22 #include <stdio.h>
  23 #include <stdlib.h>
  24 #include <string.h>
  25 #include <unistd.h>
  26
  27 char *temp_filename;
  28 static void do_prepare (void);
  29 static int do_test (void);
  30 #define PREPARE(argc, argv) do_prepare ()
  31 #define TEST_FUNCTION do_test ()
  32 #include "../test-skeleton.c"
  33
  34 static void
  35 do_prepare (void)
  36 {
  37   int temp_fd = create_temp_file ("tst-chk1.", &temp_filename);
  38   if (temp_fd == -1)
  39     {
  40       printf ("cannot create temporary file: %m\n");
  41       exit (1);
  42     }
  43
  44   const char *strs = "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
  45   if (write (temp_fd, strs, strlen (strs)) != strlen (strs))
  46     {
  47       puts ("could not write test strings into file");
  48       unlink (temp_filename);
  49       exit (1);
  50     }
  51 }
  52
  53 volatile int chk_fail_ok, ret;
  54 jmp_buf chk_fail_buf;
  55
  56 static void
  57 handler (int sig)
  58 {
  59   if (chk_fail_ok)
  60     {
  61       chk_fail_ok = 0;
  62       longjmp (chk_fail_buf, 1);
  63     }
  64   else
  65     _exit (127);
  66 }
  67
  68 char buf[10];
  69 volatile size_t l0;
  70 volatile char *p;
  71 const char *str1 = "JIHGFEDCBA";
  72 const char *str2 = "F";
  73 const char *str3 = "%s%n%s%n";
  74 const char *str4 = "Hello, ";
  75 const char *str5 = "World!\n";
  76 char buf2[10] = "%s";
  77 int num1 = 67;
  78 int num2 = 987654;
  79
  80 #define FAIL() \
  81   do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
  82 #define CHK_FAIL_START \
  83   chk_fail_ok = 1;                              \
  84   if (! setjmp (chk_fail_buf))                  \
  85     {
  86 #define CHK_FAIL_END \
  87       chk_fail_ok = 0;                          \
  88       FAIL ();                                  \
  89     }
  90 #if __USE_FORTIFY_LEVEL >= 2
  91 #define CHK_FAIL2_START CHK_FAIL_START
  92 #define CHK_FAIL2_END CHK_FAIL_END
  93 #else
  94 #define CHK_FAIL2_START
  95 #define CHK_FAIL2_END
  96 #endif
  97
  98 static int
  99 do_test (void)
 100 {
 101   struct sigaction sa;
 102   sa.sa_handler = handler;
 103   sa.sa_flags = 0;
 104   sigemptyset (&sa.sa_mask);
 105
 106   sigaction (SIGABRT, &sa, NULL);
 107
 108   struct A { char buf1[9]; char buf2[1]; } a;
 109
 110   printf ("Test checking routines at fortify level %d\n",
 111 #ifdef __USE_FORTIFY_LEVEL
 112           (int) __USE_FORTIFY_LEVEL
 113 #else
 114           0
 115 #endif
 116           );
 117
 118   /* These ops can be done without runtime checking of object size.  */
 119   memcpy (buf, "abcdefghij", 10);
 120   memmove (buf + 1, buf, 9);
 121   if (memcmp (buf, "aabcdefghi", 10))
 122     FAIL ();
 123
 124   if (mempcpy (buf + 5, "abcde", 5) != buf + 10 || memcmp (buf, "aabcdabcde", 10))
 125     FAIL ();
 126
 127   memset (buf + 8, 'j', 2);
 128   if (memcmp (buf, "aabcdabcjj", 10))
 129     FAIL ();
 130
 131   strcpy (buf + 4, "EDCBA");
 132   if (memcmp (buf, "aabcEDCBA", 10))
 133     FAIL ();
 134
 135   if (stpcpy (buf + 8, "F") != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
 136     FAIL ();
 137
 138   strncpy (buf + 6, "X", 4);
 139   if (memcmp (buf, "aabcEDX\0\0", 10))
 140     FAIL ();
 141
 142   if (sprintf (buf + 7, "%s", "67") != 2 || memcmp (buf, "aabcEDX67", 10))
 143     FAIL ();
 144
 145   if (snprintf (buf + 7, 3, "%s", "987654") != 6
 146       || memcmp (buf, "aabcEDX98", 10))
 147     FAIL ();
 148
 149   /* These ops need runtime checking, but shouldn't __chk_fail.  */
 150   memcpy (buf, "abcdefghij", l0 + 10);
 151   memmove (buf + 1, buf, l0 + 9);
 152   if (memcmp (buf, "aabcdefghi", 10))
 153     FAIL ();
 154
 155   if (mempcpy (buf + 5, "abcde", l0 + 5) != buf + 10 || memcmp (buf, "aabcdabcde", 10))
 156     FAIL ();
 157
 158   memset (buf + 8, 'j', l0 + 2);
 159   if (memcmp (buf, "aabcdabcjj", 10))
 160     FAIL ();
 161
 162   strcpy (buf + 4, str1 + 5);
 163   if (memcmp (buf, "aabcEDCBA", 10))
 164     FAIL ();
 165
 166   if (stpcpy (buf + 8, str2) != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
 167     FAIL ();
 168
 169   strncpy (buf + 6, "X", l0 + 4);
 170   if (memcmp (buf, "aabcEDX\0\0", 10))
 171     FAIL ();
 172
 173   if (sprintf (buf + 7, "%d", num1) != 2 || memcmp (buf, "aabcEDX67", 10))
 174     FAIL ();
 175
 176   if (snprintf (buf + 7, 3, "%d", num2) != 6 || memcmp (buf, "aabcEDX98", 10))
 177     FAIL ();
 178
 179   buf[l0 + 8] = '\0';
 180   strcat (buf, "A");
 181   if (memcmp (buf, "aabcEDX9A", 10))
 182     FAIL ();
 183
 184   buf[l0 + 7] = '\0';
 185   strncat (buf, "ZYXWV", l0 + 2);
 186   if (memcmp (buf, "aabcEDXZY", 10))
 187     FAIL ();
 188
 189   memcpy (a.buf1, "abcdefghij", l0 + 10);
 190   memmove (a.buf1 + 1, a.buf1, l0 + 9);
 191   if (memcmp (a.buf1, "aabcdefghi", 10))
 192     FAIL ();
 193
 194   if (mempcpy (a.buf1 + 5, "abcde", l0 + 5) != a.buf1 + 10
 195       || memcmp (a.buf1, "aabcdabcde", 10))
 196     FAIL ();
 197
 198   memset (a.buf1 + 8, 'j', l0 + 2);
 199   if (memcmp (a.buf1, "aabcdabcjj", 10))
 200     FAIL ();
 201
 202 #if __USE_FORTIFY_LEVEL < 2
 203   /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
 204      and sufficient GCC support, as the string operations overflow
 205      from a.buf1 into a.buf2.  */
 206   strcpy (a.buf1 + 4, str1 + 5);
 207   if (memcmp (a.buf1, "aabcEDCBA", 10))
 208     FAIL ();
 209
 210   if (stpcpy (a.buf1 + 8, str2) != a.buf1 + 9 || memcmp (a.buf1, "aabcEDCBF", 10))
 211     FAIL ();
 212
 213   strncpy (a.buf1 + 6, "X", l0 + 4);
 214   if (memcmp (a.buf1, "aabcEDX\0\0", 10))
 215     FAIL ();
 216
 217   if (sprintf (a.buf1 + 7, "%d", num1) != 2 || memcmp (a.buf1, "aabcEDX67", 10))
 218     FAIL ();
 219
 220   if (snprintf (a.buf1 + 7, 3, "%d", num2) != 6
 221       || memcmp (a.buf1, "aabcEDX98", 10))
 222     FAIL ();
 223
 224   a.buf1[l0 + 8] = '\0';
 225   strcat (a.buf1, "A");
 226   if (memcmp (a.buf1, "aabcEDX9A", 10))
 227     FAIL ();
 228
 229   a.buf1[l0 + 7] = '\0';
 230   strncat (a.buf1, "ZYXWV", l0 + 2);
 231   if (memcmp (a.buf1, "aabcEDXZY", 10))
 232     FAIL ();
 233
 234 #endif
 235
 236 #if __USE_FORTIFY_LEVEL >= 1
 237   /* Now check if all buffer overflows are caught at runtime.  */
 238
 239   CHK_FAIL_START
 240   memcpy (buf + 1, "abcdefghij", l0 + 10);
 241   CHK_FAIL_END
 242
 243   CHK_FAIL_START
 244   memmove (buf + 2, buf + 1, l0 + 9);
 245   CHK_FAIL_END
 246
 247   CHK_FAIL_START
 248   p = mempcpy (buf + 6, "abcde", l0 + 5);
 249   CHK_FAIL_END
 250
 251   CHK_FAIL_START
 252   memset (buf + 9, 'j', l0 + 2);
 253   CHK_FAIL_END
 254
 255   CHK_FAIL_START
 256   strcpy (buf + 5, str1 + 5);
 257   CHK_FAIL_END
 258
 259   CHK_FAIL_START
 260   p = stpcpy (buf + 9, str2);
 261   CHK_FAIL_END
 262
 263   CHK_FAIL_START
 264   strncpy (buf + 7, "X", l0 + 4);
 265   CHK_FAIL_END
 266
 267   CHK_FAIL_START
 268   sprintf (buf + 8, "%d", num1);
 269   CHK_FAIL_END
 270
 271   CHK_FAIL_START
 272   snprintf (buf + 8, l0 + 3, "%d", num2);
 273   CHK_FAIL_END
 274
 275   memcpy (buf, str1 + 2, l0 + 9);
 276   CHK_FAIL_START
 277   strcat (buf, "AB");
 278   CHK_FAIL_END
 279
 280   memcpy (buf, str1 + 3, l0 + 8);
 281   CHK_FAIL_START
 282   strncat (buf, "ZYXWV", l0 + 3);
 283   CHK_FAIL_END
 284
 285   CHK_FAIL_START
 286   memcpy (a.buf1 + 1, "abcdefghij", l0 + 10);
 287   CHK_FAIL_END
 288
 289   CHK_FAIL_START
 290   memmove (a.buf1 + 2, a.buf1 + 1, l0 + 9);
 291   CHK_FAIL_END
 292
 293   CHK_FAIL_START
 294   p = mempcpy (a.buf1 + 6, "abcde", l0 + 5);
 295   CHK_FAIL_END
 296
 297   CHK_FAIL_START
 298   memset (a.buf1 + 9, 'j', l0 + 2);
 299   CHK_FAIL_END
 300
 301 #if __USE_FORTIFY_LEVEL >= 2
 302 # define O 0
 303 #else
 304 # define O 1
 305 #endif
 306
 307   CHK_FAIL_START
 308   strcpy (a.buf1 + (O + 4), str1 + 5);
 309   CHK_FAIL_END
 310
 311   CHK_FAIL_START
 312   p = stpcpy (a.buf1 + (O + 8), str2);
 313   CHK_FAIL_END
 314
 315   CHK_FAIL_START
 316   strncpy (a.buf1 + (O + 6), "X", l0 + 4);
 317   CHK_FAIL_END
 318
 319   CHK_FAIL_START
 320   sprintf (a.buf1 + (O + 7), "%d", num1);
 321   CHK_FAIL_END
 322
 323   CHK_FAIL_START
 324   snprintf (a.buf1 + (O + 7), l0 + 3, "%d", num2);
 325   CHK_FAIL_END
 326
 327   memcpy (a.buf1, str1 + (3 - O), l0 + 8 + O);
 328   CHK_FAIL_START
 329   strcat (a.buf1, "AB");
 330   CHK_FAIL_END
 331
 332   memcpy (a.buf1, str1 + (4 - O), l0 + 7 + O);
 333   CHK_FAIL_START
 334   strncat (a.buf1, "ZYXWV", l0 + 3);
 335   CHK_FAIL_END
 336 #endif
 337
 338   /* Now checks for %n protection.  */
 339
 340   /* Constant literals passed directly are always ok
 341      (even with warnings about possible bugs from GCC).  */
 342   int n1, n2;
 343   if (sprintf (buf, "%s%n%s%n", str2, &n1, str2, &n2) != 2
 344       || n1 != 1 || n2 != 2)
 345     FAIL ();
 346
 347   /* In this case the format string is not known at compile time,
 348      but resides in read-only memory, so is ok.  */
 349   if (snprintf (buf, 4, str3, str2, &n1, str2, &n2) != 2
 350       || n1 != 1 || n2 != 2)
 351     FAIL ();
 352
 353   strcpy (buf2 + 2, "%n%s%n");
 354   /* When the format string is writable and contains %n,
 355      with -D_FORTIFY_SOURCE=2 it causes __chk_fail.  */
 356   CHK_FAIL2_START
 357   if (sprintf (buf, buf2, str2, &n1, str2, &n1) != 2)
 358     FAIL ();
 359   CHK_FAIL2_END
 360
 361   CHK_FAIL2_START
 362   if (snprintf (buf, 3, buf2, str2, &n1, str2, &n1) != 2)
 363     FAIL ();
 364   CHK_FAIL2_END
 365
 366   /* But if there is no %n, even writable format string
 367      should work.  */
 368   buf2[6] = '\0';
 369   if (sprintf (buf, buf2 + 4, str2) != 1)
 370     FAIL ();
 371
 372   /* Constant literals passed directly are always ok
 373      (even with warnings about possible bugs from GCC).  */
 374   if (printf ("%s%n%s%n", str4, &n1, str5, &n2) != 14
 375       || n1 != 7 || n2 != 14)
 376     FAIL ();
 377
 378   /* In this case the format string is not known at compile time,
 379      but resides in read-only memory, so is ok.  */
 380   if (printf (str3, str4, &n1, str5, &n2) != 14
 381       || n1 != 7 || n2 != 14)
 382     FAIL ();
 383
 384   strcpy (buf2 + 2, "%n%s%n");
 385   /* When the format string is writable and contains %n,
 386      with -D_FORTIFY_SOURCE=2 it causes __chk_fail.  */
 387   CHK_FAIL2_START
 388   if (printf (buf2, str4, &n1, str5, &n1) != 14)
 389     FAIL ();
 390   CHK_FAIL2_END
 391
 392   /* But if there is no %n, even writable format string
 393      should work.  */
 394   buf2[6] = '\0';
 395   if (printf (buf2 + 4, str5) != 7)
 396     FAIL ();
 397
 398   FILE *fp = stdout;
 399
 400   /* Constant literals passed directly are always ok
 401      (even with warnings about possible bugs from GCC).  */
 402   if (fprintf (fp, "%s%n%s%n", str4, &n1, str5, &n2) != 14
 403       || n1 != 7 || n2 != 14)
 404     FAIL ();
 405
 406   /* In this case the format string is not known at compile time,
 407      but resides in read-only memory, so is ok.  */
 408   if (fprintf (fp, str3, str4, &n1, str5, &n2) != 14
 409       || n1 != 7 || n2 != 14)
 410     FAIL ();
 411
 412   strcpy (buf2 + 2, "%n%s%n");
 413   /* When the format string is writable and contains %n,
 414      with -D_FORTIFY_SOURCE=2 it causes __chk_fail.  */
 415   CHK_FAIL2_START
 416   if (fprintf (fp, buf2, str4, &n1, str5, &n1) != 14)
 417     FAIL ();
 418   CHK_FAIL2_END
 419
 420   /* But if there is no %n, even writable format string
 421      should work.  */
 422   buf2[6] = '\0';
 423   if (fprintf (fp, buf2 + 4, str5) != 7)
 424     FAIL ();
 425
 426   if (freopen (temp_filename, "r", stdin) == NULL)
 427     {
 428       puts ("could not open temporary file");
 429       exit (1);
 430     }
 431
 432   if (gets (buf) != buf || memcmp (buf, "abcdefgh", 9))
 433     FAIL ();
 434   if (gets (buf) != buf || memcmp (buf, "ABCDEFGHI", 10))
 435     FAIL ();
 436
 437 #if __USE_FORTIFY_LEVEL >= 1
 438   CHK_FAIL_START
 439   if (gets (buf) != buf)
 440     FAIL ();
 441   CHK_FAIL_END
 442 #endif
 443
 444   if (freopen (temp_filename, "r", stdin) == NULL)
 445     {
 446       puts ("could not open temporary file");
 447       exit (1);
 448     }
 449
 450   if (fseek (stdin, 9 + 10 + 11, SEEK_SET))
 451     {
 452       puts ("could not seek in test file");
 453       exit (1);
 454     }
 455
 456 #if __USE_FORTIFY_LEVEL >= 1
 457   CHK_FAIL_START
 458   if (gets (buf) != buf)
 459     FAIL ();
 460   CHK_FAIL_END
 461 #endif
 462
 463   return ret;
 464 }