Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD
- Reply: Shawn Webb : "Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD"
- Reply: Pedro Giffuni : "Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD"
- In reply to: Pedro Giffuni : "Re: git: be04fec42638 - main - Import _FORTIFY_SOURCE implementation from NetBSD"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 19 May 2024 02:08:48 UTC
On 5/18/24 20:09, Pedro Giffuni wrote:
> (sorry for top posting .. my mailer just sucks)
> Hi;
>
> I used to like the limited static checking FORTIFY_SOURCE provides and
> when I ran it over FreeBSD it did find a couple of minor issues. It only
> works for GCC though.
>
I don't think this is particularly true anymore; I haven't found a case
yet where __builtin_object_size(3) doesn't give me the correct size
while GCC did. I'd welcome counter-examples here, though -- we have
funding to both finish the project (widen the _FORTIFY_SOURCE net to
more of libc/libsys) and add tests to demonstrate that it's both
functional and correct. It would be useful to also document
deficiencies in the tests.
> I guess it doesn't really hurt to have FORTIFY_SOURCE around and NetBSD
> had the least intrusive implementation the last time I checked but I
> would certainly request it should never be activated by default,
> specially with clang. The GCC version has seen more development on glibc
> but I still think its a dead end.
>
I don't see a compelling reason to avoid enabling it by default; see
above, the functionality that we need in clang appears to be just fine
(and, iirc, was also fine when I checked at the beginning of working on
this in 2021) and it provides useful
> What I would like to see working on FreeBSD is Safestack as a
> replacement for the stack protector, which we were so very slow to adopt
> even when it was originally developed in FreeBSD. I think other projects
> based on FreeBSD (Chimera and hardenedBSD) have been using it but I
> don't know the details.
>
No comment there, though I think Shawn Webb / HardenedBSD had been
playing around with SafeStack (and might have enabled it? I haven't
actually looked in a while now).
> This is just all my $0.02
>
> Pedro.
Thanks,
Kyle Evans
>
> On Saturday, May 18, 2024 at 05:54:42 PM GMT-5, Kyle Evans
> <kaevans@fastmail.com> wrote:
>
>
>
>
> On May 18, 2024 13:42, Pedro Giffuni <pfg@freebsd.org> wrote:
>
> Oh no .. please not...
>
> We went into that in a GSoC:
>
> https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions <https://wiki.freebsd.org/SummerOfCode2015/FreeBSDLibcSecurityExtensions>
>
>
> Ultimately it proved to be useless since stack-protector-strong.
>
>
> Respectfully, I disagree with your conclusion here:
>
> 1.) _FORTIFY_SOURCE provides more granular detection of overflow; I
> don't have to overflow all the way into the canary at the end of the
> frame to be detected, so my minor bug now can be caught before something
> causes the stack frame to be rearranged and turn it into a security
> issue later
>
> 2.) __builtin_object_size doesn't work on heap objects, but it actually
> can work on subobjects from a heap allocation (e.g., &foo->name), so the
> coverage extends beyond the stack into starting to detect other kinds of
> overflow
>
> While the security value over stack-protector-strong may be marginal (I
> won't debate this specifically), the feature still has value in general.
>
> Thanks,
>
> Kyle Evans
>
> The NetBSD code was not well adapted to clang either.
>
> Ask me more if you really want to dig into it, but we don't want this.
>
> Pedro.
>
>
> On Monday, May 13, 2024 at 12:24:13 AM GMT-5, Kyle Evans
> <kevans@freebsd.org> wrote:
>
>
> The branch main has been updated by kevans:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928 <https://cgit.FreeBSD.org/src/commit/?id=be04fec42638f30f50b5b55fd8e3634c0fb89928>
>
> commit be04fec42638f30f50b5b55fd8e3634c0fb89928
> Author: Kyle Evans <kevans@FreeBSD.org <mailto:kevans@FreeBSD.org>>
> AuthorDate: 2024-05-13 05:23:49 +0000
> Commit: Kyle Evans <kevans@FreeBSD.org <mailto:kevans@FreeBSD.org>>
> CommitDate: 2024-05-13 05:23:49 +0000
>
> Import _FORTIFY_SOURCE implementation from NetBSD
>
> This is a mostly-unmodified copy of the various *_chk
> implementations
> and headers from NetBSD, without yet modifying system headers
> to start
> actually including them. A future commit will also apply the
> needed
> bits to fix ssp/unistd.h.
>
> Reviewed by: imp, pauamma_gundo.com (both previous
> versions), kib
> Sponsored by: Stormshield
> Sponsored by: Klara, Inc.
> Differential Revision: https://reviews.freebsd.org/D32306
> <https://reviews.freebsd.org/D32306>
> ---
> etc/mtree/BSD.include.dist | 2 +
> include/Makefile | 2 +-
> include/ssp/Makefile | 6 ++
> include/ssp/ssp.h | 91 ++++++++++++++++++++++++++
> include/ssp/stdio.h | 93 ++++++++++++++++++++++++++
> include/ssp/string.h | 129
> ++++++++++++++++++++++++++++++++++++
> include/ssp/strings.h | 67 +++++++++++++++++++
> include/ssp/unistd.h | 54 +++++++++++++++
> lib/libc/secure/Makefile.inc | 11 ++++
> lib/libc/secure/Symbol.map | 18 +++++
> lib/libc/secure/fgets_chk.c | 54 +++++++++++++++
> lib/libc/secure/gets_chk.c | 74 +++++++++++++++++++++
> lib/libc/secure/memcpy_chk.c | 53 +++++++++++++++
> lib/libc/secure/memmove_chk.c | 47 +++++++++++++
> lib/libc/secure/memset_chk.c | 46 +++++++++++++
> lib/libc/secure/snprintf_chk.c | 56 ++++++++++++++++
> lib/libc/secure/sprintf_chk.c | 61 +++++++++++++++++
> lib/libc/secure/ssp_internal.h | 37 +++++++++++
> lib/libc/secure/stpcpy_chk.c | 55 ++++++++++++++++
> lib/libc/secure/stpncpy_chk.c | 53 +++++++++++++++
> lib/libc/secure/strcat_chk.c | 60 +++++++++++++++++
> lib/libc/secure/strcpy_chk.c | 54 +++++++++++++++
> lib/libc/secure/strncat_chk.c | 70 ++++++++++++++++++++
> lib/libc/secure/strncpy_chk.c | 53 +++++++++++++++
> lib/libc/secure/vsnprintf_chk.c | 49 ++++++++++++++
> lib/libc/secure/vsprintf_chk.c | 58 ++++++++++++++++
> lib/libssp/Makefile | 20 +++++-
> lib/libssp/Symbol.map | 12 ++--
> lib/libssp/Versions.def | 5 ++
> lib/libssp/__builtin_object_size.3 | 110 +++++++++++++++++++++++++++++++
> lib/libssp/fortify_stubs.c | 131
> -------------------------------------
> lib/libssp/ssp.3 | 130
> ++++++++++++++++++++++++++++++++++++
> 32 files changed, 1621 insertions(+), 140 deletions(-)
>
> diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist
> index a6bd5880bf61..f8c83d6dde7a 100644
> --- a/etc/mtree/BSD.include.dist
> +++ b/etc/mtree/BSD.include.dist
> @@ -372,6 +372,8 @@
> mac_veriexec
> ..
> ..
> + ssp
> + ..
> sys
> disk
> ..
> diff --git a/include/Makefile b/include/Makefile
> index 19e6beb95203..32774419f162 100644
> --- a/include/Makefile
> +++ b/include/Makefile
> @@ -4,7 +4,7 @@
>
> PACKAGE=clibs
> CLEANFILES= osreldate.h version
> -SUBDIR= arpa protocols rpcsvc rpc xlocale
> +SUBDIR= arpa protocols rpcsvc rpc ssp xlocale
> .if ${MACHINE_CPUARCH} == "amd64"
> SUBDIR+= i386
> INCLUDE_SUBDIRS+= i386
> diff --git a/include/ssp/Makefile b/include/ssp/Makefile
> new file mode 100644
> index 000000000000..dff19f43c920
> --- /dev/null
> +++ b/include/ssp/Makefile
> @@ -0,0 +1,6 @@
> +# $FreeBSD$
> +
> +INCS= ssp.h stdio.h string.h strings.h unistd.h
> +INCSDIR= ${INCLUDEDIR}/ssp
> +
> +.include <bsd.prog.mk>
> diff --git a/include/ssp/ssp.h b/include/ssp/ssp.h
> new file mode 100644
> index 000000000000..35a9aeee02df
> --- /dev/null
> +++ b/include/ssp/ssp.h
> @@ -0,0 +1,91 @@
> +/* $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_SSP_H_
> +#define _SSP_SSP_H_
> +
> +#include <sys/cdefs.h>
> +
> +#if !defined(__cplusplus)
> +# if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \
> + (__OPTIMIZE__ > 0 || defined(__clang__))
> +# if _FORTIFY_SOURCE > 1
> +# define __SSP_FORTIFY_LEVEL 2
> +# else
> +# define __SSP_FORTIFY_LEVEL 1
> +# endif
> +# else
> +# define __SSP_FORTIFY_LEVEL 0
> +# endif
> +#else
> +# define __SSP_FORTIFY_LEVEL 0
> +#endif
> +
> +#define __ssp_var(type) __CONCAT(__ssp_ ## type, __COUNTER__)
> +
> +/* __ssp_real is used by the implementation in libc */
> +#if __SSP_FORTIFY_LEVEL == 0
> +#define __ssp_real_(fun) fun
> +#else
> +#define __ssp_real_(fun) __ssp_real_ ## fun
> +#endif
> +#define __ssp_real(fun) __ssp_real_(fun)
> +
> +#define __ssp_inline static __inline __attribute__((__always_inline__))
> +
> +#define __ssp_bos(ptr) __builtin_object_size(ptr,
> __SSP_FORTIFY_LEVEL > 1)
> +#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)
> +
> +#define __ssp_check(buf, len, bos) \
> + if (bos(buf) != (size_t)-1 && len > bos(buf)) \
> + __chk_fail()
> +#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \
> +rtype __ssp_real_(fun) args __RENAME(symbol); \
> +__ssp_inline rtype fun args __RENAME(__ssp_protected_ ## fun); \
> +__ssp_inline rtype fun args { \
> + if (cond) \
> + __ssp_check(__buf, __len, bos); \
> + return __ssp_real_(fun) call; \
> +}
> +
> +#define __ssp_redirect(rtype, fun, args, call) \
> + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos)
> +#define __ssp_redirect0(rtype, fun, args, call) \
> + __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)
> +
> +__BEGIN_DECLS
> +void __stack_chk_fail(void) __dead2;
> +void __chk_fail(void) __dead2;
> +__END_DECLS
> +
> +#endif /* _SSP_SSP_H_ */
> diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h
> new file mode 100644
> index 000000000000..72e3236eac80
> --- /dev/null
> +++ b/include/ssp/stdio.h
> @@ -0,0 +1,93 @@
> +/* $NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_STDIO_H_
> +#define _SSP_STDIO_H_
> +
> +#include <ssp/ssp.h>
> +
> +__BEGIN_DECLS
> +int __sprintf_chk(char *__restrict, int, size_t, const char
> *__restrict, ...)
> + __printflike(4, 5);
> +int __vsprintf_chk(char *__restrict, int, size_t, const char
> *__restrict,
> + __va_list)
> + __printflike(4, 0);
> +int __snprintf_chk(char *__restrict, size_t, int, size_t,
> + const char *__restrict, ...)
> + __printflike(5, 6);
> +int __vsnprintf_chk(char *__restrict, size_t, int, size_t,
> + const char *__restrict, __va_list)
> + __printflike(5, 0);
> +char *__gets_chk(char *, size_t);
> +char *__fgets_chk(char *, int, size_t, FILE *);
> +__END_DECLS
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +
> +#define sprintf(str, ...) ({ \
> + char *_ssp_str = (str); \
> + __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), \
> + __VA_ARGS__); \
> +})
> +
> +#define vsprintf(str, fmt, ap) ({ \
> + char *_ssp_str = (str); \
> + __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),
> fmt, \
> + ap); \
> +})
> +
> +#define snprintf(str, len, ...) ({ \
> + char *_ssp_str = (str); \
> + __builtin___snprintf_chk(_ssp_str, len, 0,
> __ssp_bos(_ssp_str), \
> + __VA_ARGS__); \
> +})
> +
> +#define vsnprintf(str, len, fmt, ap) ({ \
> + char *_ssp_str = (str); \
> + __builtin___vsnprintf_chk(_ssp_str, len, 0,
> __ssp_bos(_ssp_str), \
> + fmt, ap); \
> +})
> +
> +#define gets(str) ({ \
> + char *_ssp_str = (str); \
> + __gets_chk(_ssp_str, __ssp_bos(_ssp_str)); \
> +})
> +
> +#define fgets(str, len, fp) ({ \
> + char *_ssp_str = (str); \
> + __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp); \
> +})
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +
> +#endif /* _SSP_STDIO_H_ */
> diff --git a/include/ssp/string.h b/include/ssp/string.h
> new file mode 100644
> index 000000000000..996020fda778
> --- /dev/null
> +++ b/include/ssp/string.h
> @@ -0,0 +1,129 @@
> +/* $NetBSD: string.h,v 1.14 2020/09/05 13:37:59 mrg Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_STRING_H_
> +#define _SSP_STRING_H_
> +
> +#include <ssp/ssp.h>
> +
> +__BEGIN_DECLS
> +void *__memcpy_chk(void *, const void *, size_t, size_t);
> +void *__memmove_chk(void *, const void *, size_t, size_t);
> +void *__memset_chk(void *, int, size_t, size_t);
> +char *__stpcpy_chk(char *, const char *, size_t);
> +char *__stpncpy_chk(char *, const char *, size_t, size_t);
> +char *__strcat_chk(char *, const char *, size_t);
> +char *__strcpy_chk(char *, const char *, size_t);
> +char *__strncat_chk(char *, const char *, size_t, size_t);
> +char *__strncpy_chk(char *, const char *, size_t, size_t);
> +__END_DECLS
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +
> +#define __ssp_bos_check3_typed_var(fun, dsttype, dsrvar, dst,
> srctype, srcvar, \
> + src, lenvar, len) ({ \
> + srctype srcvar = (src); \
> + dsttype dstvar = (dst); \
> + size_t lenvar = (len); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___ ## fun ## _chk(dstvar, srcvar, lenvar, \
> + __ssp_bos0(dstvar)) : \
> + __ ## fun ## _ichk(dstvar, srcvar, lenvar)); \
> +})
> +
> +#define __ssp_bos_check3_typed(fun, dsttype, dst, srctype, src,
> len) \
> + __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), dst, \
> + srctype, __ssp_var(srcv), src, __ssp_var(lenv), len)
> +
> +#define __ssp_bos_check3(fun, dst, src, len) \
> + __ssp_bos_check3_typed_var(fun, void *, __ssp_var(dstv), dst, \
> + const void *, __ssp_var(srcv), src, __ssp_var(lenv), len)
> +
> +#define __ssp_bos_check2_var(fun, dstvar, dst, srcvar, src) ({ \
> + const void *srcvar = (src); \
> + void *dstvar = (dst); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___ ## fun ## _chk(dstvar, srcvar, \
> + __ssp_bos0(dstvar)) : \
> + __ ## fun ## _ichk(dstvar, srcvar)); \
> +})
> +
> +#define __ssp_bos_check2(fun, dst, src) \
> + __ssp_bos_check2_var(fun, __ssp_var(dstv), dst,
> __ssp_var(srcv), src)
> +
> +#define __ssp_bos_icheck3_restrict(fun, type1, type2) \
> +static __inline type1 __ ## fun ## _ichk(type1 __restrict, type2
> __restrict, size_t); \
> +static __inline __attribute__((__always_inline__)) type1 \
> +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src,
> size_t len) { \
> + return __builtin___ ## fun ## _chk(dst, src, len,
> __ssp_bos0(dst)); \
> +}
> +
> +#define __ssp_bos_icheck3(fun, type1, type2) \
> +static __inline type1 __ ## fun ## _ichk(type1, type2, size_t); \
> +static __inline __attribute__((__always_inline__)) type1 \
> +__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \
> + return __builtin___ ## fun ## _chk(dst, src, len,
> __ssp_bos0(dst)); \
> +}
> +
> +#define __ssp_bos_icheck2_restrict(fun, type1, type2) \
> +static __inline type1 __ ## fun ## _ichk(type1, type2); \
> +static __inline __attribute__((__always_inline__)) type1 \
> +__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \
> + return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \
> +}
> +
> +__BEGIN_DECLS
> +__ssp_bos_icheck3_restrict(memcpy, void *, const void *)
> +__ssp_bos_icheck3(memmove, void *, const void *)
> +__ssp_bos_icheck3(memset, void *, int)
> +__ssp_bos_icheck2_restrict(stpcpy, char *, const char *)
> +__ssp_bos_icheck3_restrict(stpncpy, char *, const char *)
> +__ssp_bos_icheck2_restrict(strcpy, char *, const char *)
> +__ssp_bos_icheck2_restrict(strcat, char *, const char *)
> +__ssp_bos_icheck3_restrict(strncpy, char *, const char *)
> +__ssp_bos_icheck3_restrict(strncat, char *, const char *)
> +__END_DECLS
> +
> +#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
> +#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len)
> +#define memset(dst, val, len) \
> + __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
> +#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src)
> +#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len)
> +#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src)
> +#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src)
> +#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len)
> +#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len)
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +#endif /* _SSP_STRING_H_ */
> diff --git a/include/ssp/strings.h b/include/ssp/strings.h
> new file mode 100644
> index 000000000000..06c9c7cc0a09
> --- /dev/null
> +++ b/include/ssp/strings.h
> @@ -0,0 +1,67 @@
> +/* $NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2007 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_STRINGS_H_
> +#define _SSP_STRINGS_H_
> +
> +#include <ssp/ssp.h>
> +#include <string.h>
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +
> +#define _ssp_bcopy(srcvar, src, dstvar, dst, lenvar, len) ({ \
> + const void *srcvar = (src); \
> + void *dstvar = (dst); \
> + size_t lenvar = (len); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___memmove_chk(dstvar, srcvar, lenvar, \
> + __ssp_bos0(dstvar)) : \
> + __memmove_ichk(dstvar, srcvar, lenvar)); \
> +})
> +
> +#define bcopy(src, dst, len) \
> + _ssp_bcopy(__ssp_var(srcv), src, __ssp_var(dstv), dst,
> __ssp_var(lenv), len)
> +
> +#define _ssp_bzero(dstvar, dst, lenvar, len) ({ \
> + void *dstvar = (dst); \
> + size_t lenvar = (len); \
> + ((__ssp_bos0(dstvar) != (size_t)-1) ? \
> + __builtin___memset_chk(dstvar, 0, lenvar, \
> + __ssp_bos0(dstvar)) : \
> + __memset_ichk(dstvar, 0, lenvar)); \
> +})
> +
> +#define bzero(dst, len) _ssp_bzero(__ssp_var(dstv), dst,
> __ssp_var(lenv), len)
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +#endif /* _SSP_STRINGS_H_ */
> diff --git a/include/ssp/unistd.h b/include/ssp/unistd.h
> new file mode 100644
> index 000000000000..2414e2baa96b
> --- /dev/null
> +++ b/include/ssp/unistd.h
> @@ -0,0 +1,54 @@
> +/* $NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $ */
> +
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#ifndef _SSP_UNISTD_H_
> +#define _SSP_UNISTD_H_
> +
> +#include <ssp/ssp.h>
> +
> +#if __SSP_FORTIFY_LEVEL > 0
> +__BEGIN_DECLS
> +
> +__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \
> + (__fd, __buf, __len));
> +
> +__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \
> + char *__restrict __buf, size_t __len), (__path, __buf, __len));
> +
> +__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len),
> + (__buf, __len), __buf != 0, __ssp_bos);
> +
> +__END_DECLS
> +
> +#endif /* __SSP_FORTIFY_LEVEL > 0 */
> +#endif /* _SSP_UNISTD_H_ */
> diff --git a/lib/libc/secure/Makefile.inc b/lib/libc/secure/Makefile.inc
> index 8574c5a05dc5..3b1ad879c715 100644
> --- a/lib/libc/secure/Makefile.inc
> +++ b/lib/libc/secure/Makefile.inc
> @@ -3,6 +3,17 @@
>
> .PATH: ${LIBC_SRCTOP}/secure
>
> +# _FORTIFY_SOURCE
> +SRCS+= gets_chk.c fgets_chk.c memcpy_chk.c memmove_chk.c
> memset_chk.c \
> + snprintf_chk.c sprintf_chk.c stpcpy_chk.c stpncpy_chk.c \
> + strcat_chk.c strcpy_chk.c strncat_chk.c strncpy_chk.c \
> + vsnprintf_chk.c vsprintf_chk.c
> +
> +CFLAGS.snprintf_chk.c+= -Wno-unused-parameter
> +CFLAGS.sprintf_chk.c+= -Wno-unused-parameter
> +CFLAGS.vsnprintf_chk.c+= -Wno-unused-parameter
> +CFLAGS.vsprintf_chk.c+= -Wno-unused-parameter
> +
> # Sources common to both syscall interfaces:
> SRCS+= stack_protector.c \
> stack_protector_compat.c
> diff --git a/lib/libc/secure/Symbol.map b/lib/libc/secure/Symbol.map
> index 641f451b5421..7859fcee3821 100644
> --- a/lib/libc/secure/Symbol.map
> +++ b/lib/libc/secure/Symbol.map
> @@ -3,3 +3,21 @@ FBSD_1.0 {
> __stack_chk_fail;
> __stack_chk_guard;
> };
> +
> +FBSD_1.8 {
> + __gets_chk;
> + __fgets_chk;
> + __memcpy_chk;
> + __memmove_chk;
> + __memset_chk;
> + __snprintf_chk;
> + __sprintf_chk;
> + __stpcpy_chk;
> + __stpncpy_chk;
> + __strcat_chk;
> + __strcpy_chk;
> + __strncat_chk;
> + __strncpy_chk;
> + __vsnprintf_chk;
> + __vsprintf_chk;
> +};
> diff --git a/lib/libc/secure/fgets_chk.c b/lib/libc/secure/fgets_chk.c
> new file mode 100644
> index 000000000000..72aa1d816ce1
> --- /dev/null
> +++ b/lib/libc/secure/fgets_chk.c
> @@ -0,0 +1,54 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $");
> +
> +#include <limits.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include <ssp/stdio.h>
> +#include <ssp/string.h>
> +#undef fgets
> +
> +char *
> +__fgets_chk(char * __restrict buf, int len, size_t slen, FILE *fp)
> +{
> + if (slen >= (size_t)INT_MAX)
> + return (fgets(buf, len, fp));
> +
> + if (len >= 0 && (size_t)len > slen)
> + __chk_fail();
> +
> + return (fgets(buf, len, fp));
> +}
> diff --git a/lib/libc/secure/gets_chk.c b/lib/libc/secure/gets_chk.c
> new file mode 100644
> index 000000000000..18c1e2d18f43
> --- /dev/null
> +++ b/lib/libc/secure/gets_chk.c
> @@ -0,0 +1,74 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp
> $");
> +
> +#include <limits.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include <ssp/stdio.h>
> +#include <ssp/string.h>
> +
> +char *__gets_unsafe(char *);
> +
> +char *
> +__gets_chk(char * __restrict buf, size_t slen)
> +{
> + char *abuf;
> + size_t len;
> +
> + if (slen >= (size_t)INT_MAX)
> + return (__gets_unsafe(buf));
> +
> + if ((abuf = malloc(slen + 1)) == NULL)
> + return (__gets_unsafe(buf));
> +
> + if (fgets(abuf, (int)(slen + 1), stdin) == NULL) {
> + free(abuf);
> + return (NULL);
> + }
> +
> + len = strlen(abuf);
> + if (len > 0 && abuf[len - 1] == '\n')
> + --len;
> +
> + if (len >= slen)
> + __chk_fail();
> +
> + (void)memcpy(buf, abuf, len);
> +
> + buf[len] = '\0';
> + free(abuf);
> + return (buf);
> +}
> diff --git a/lib/libc/secure/memcpy_chk.c b/lib/libc/secure/memcpy_chk.c
> new file mode 100644
> index 000000000000..99cf2d5f13ff
> --- /dev/null
> +++ b/lib/libc/secure/memcpy_chk.c
> @@ -0,0 +1,53 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $");
> +
> +#include <string.h>
> +
> +#include <ssp/string.h>
> +#undef memcpy
> +
> +#include "ssp_internal.h"
> +
> +void *
> +__memcpy_chk(void * __restrict dst, const void * __restrict src,
> size_t len,
> + size_t slen)
> +{
> + if (len > slen)
> + __chk_fail();
> +
> + if (__ssp_overlap((const char *)src, (const char *)dst, len))
> + __chk_fail();
> +
> + return (memcpy(dst, src, len));
> +}
> diff --git a/lib/libc/secure/memmove_chk.c
> b/lib/libc/secure/memmove_chk.c
> new file mode 100644
> index 000000000000..07f965d608fc
> --- /dev/null
> +++ b/lib/libc/secure/memmove_chk.c
> @@ -0,0 +1,47 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: memmove_chk.c,v 1.6 2020/09/05 13:37:59 mrg Exp $");
> +
> +#include <string.h>
> +
> +#include <ssp/string.h>
> +#undef memmove
> +
> +void *
> +__memmove_chk(void *dst, const void *src, size_t len,
> + size_t slen)
> +{
> + if (len > slen)
> + __chk_fail();
> + return (memmove(dst, src, len));
> +}
> diff --git a/lib/libc/secure/memset_chk.c b/lib/libc/secure/memset_chk.c
> new file mode 100644
> index 000000000000..f337be98b46d
> --- /dev/null
> +++ b/lib/libc/secure/memset_chk.c
> @@ -0,0 +1,46 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
> +
> +#include <string.h>
> +
> +#include <ssp/string.h>
> +#undef memset
> +
> +void *
> +__memset_chk(void * __restrict dst, int val, size_t len, size_t slen)
> +{
> + if (len > slen)
> + __chk_fail();
> + return (memset(dst, val, len));
> +}
> diff --git a/lib/libc/secure/snprintf_chk.c
> b/lib/libc/secure/snprintf_chk.c
> new file mode 100644
> index 000000000000..52ef874ede5b
> --- /dev/null
> +++ b/lib/libc/secure/snprintf_chk.c
> @@ -0,0 +1,56 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> + * by Christos Zoulas.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer
> in the
> + * documentation and/or other materials provided with the
> distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
> CONTRIBUTORS
> + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED
> + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
> PARTICULAR
> + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
> CONTRIBUTORS
> + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
> EXEMPLARY, OR
> + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
> + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
> BUSINESS
> + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
> WHETHER IN
> + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
> OTHERWISE)
> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
> ADVISED OF THE
> + * POSSIBILITY OF SUCH DAMAGE.
> + */
> +#include <sys/cdefs.h>
> +__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin
> Exp $");
> +
> +#include <stdarg.h>
> +#include <stdio.h>
> +
> +#include <ssp/stdio.h>
> +#undef vsnprintf
> +
> +int
> +__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t
> slen,
> + const char * __restrict fmt, ...)
> +{
> + va_list ap;
> + int rv;
> +
> + if (len > slen)
> + __chk_fail();
> +
> + va_start(ap, fmt);
> + rv = vsnprintf(buf, len, fmt, ap);
> + va_end(ap);
> +
> + return (rv);
> +}
> diff --git a/lib/libc/secure/sprintf_chk.c
> b/lib/libc/secure/sprintf_chk.c
> new file mode 100644
> index 000000000000..d4c42ccba3ce
> --- /dev/null
> +++ b/lib/libc/secure/sprintf_chk.c
> @@ -0,0 +1,61 @@
> +/*-
> + *
> + * SPDX-License-Identifier: BSD-2-Clause
> + *
> + * Copyright (c) 2006 The NetBSD Foundation, Inc.
> + * All rights reserved.
> + *
> + * This code is derived from software contributed to The NetBSD
> Foundation
> *** 1063 LINES SKIPPED ***
>
>