From nobody Thu Nov 14 22:10:50 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XqDqv25cfz5dD2D;
	Thu, 14 Nov 2024 22:10:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XqDqt5nVwz4Jsq;
	Thu, 14 Nov 2024 22:10:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1731622250;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=B6H9g62+wcOwUmSMlYT3CoAMpA2RrFN0yG5gH8a5O3g=;
	b=fYaXVWHyehVyL19Q/XDmcIRVbI3lEvqXx4qZVcqueO37Yb8hQQtoJ4pIFaBGrdxZP03aMJ
	u9qDjgO693bom2QCUueroeSRLcaUoWqNVlH9Wv3maShuQBHGQqNMiLwTx/PBEW7IxmUKUH
	WL3zk8aIe3rFNFQQ+oA55T4EdG8BVb0capAgYCUKNrucNsE8b5xPL2wbrF5jVXo0/ez0F6
	ciIr/VP5oP/AUCPongmZm1a81PSCxmx86KzWyY9XqQ8KQSgOQg1740EsBMWNTnWyR1r16c
	MSfyrtBGvr5p6bzT/Lbn3L+xx/qUSR/zCmC3gNCYaMIGhIjCry00KcL2Isyknw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1731622250;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=B6H9g62+wcOwUmSMlYT3CoAMpA2RrFN0yG5gH8a5O3g=;
	b=r8nfNoHat2F3LarMsM83+WCRtaI4e5+T7Sg8KdQ2N1YleXneeGn2x29RR+EbAzaEeUmMGv
	5SucbLvOXQmq79K4Zcw7c+GNRjfRP4UBpNW3nKu3zZ7OyMbwezAtq20YxTGOTO7kh5fJrC
	KCwx/q/0A95rQmNtqxYVzDrUa8iLQSrm1+6QH5qcflZbQ39j/aZCyNndec0LbQqH18YXml
	zynGwr1yDohP9foD9ILVpKMzJ08ms7sIewG08t0fTvWd/lUcjUxB9IrqGA8IkVQTVBIsGT
	p7RmeS8AibsWHZNEYk8loTi0wIchco/dVzxWyOe6BXEOz70k4ub1c5F/QmLmaQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731622250; a=rsa-sha256; cv=none;
	b=Kb9T2MgDb2IQhD+gtlXsJxkco/VoYJRc+D2Enuj1otWeQZsiqFmQIWpfpxg7RXrSF1DfSK
	akXt7I4nDNx6X4eSlA2oOvLe0FrJuDTo0UDRXdl7vjN2yb/Q2m2TH5TKv+nav+JyJpI8KC
	rJDKvcsbUL2B0wxGBRvrbOXYMn5ThcNNjIF2LGTbcC+boL3GPddxxiRHMSUTjzgb7eTlSa
	LEw7UjKj3II/p/tmvzLYHFfoSOz8S+4luZRPhPrHHaTAb1WXySlMmoIscxAt5OvsmJDBKZ
	M8qnos5XmGofzX7F5LV6ewrYx+vAI9GSFKVUkD5DPV0sUOGO9f1nZZmceAsJAQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XqDqt5PbHzwgF;
	Thu, 14 Nov 2024 22:10:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AEMAo7i019368;
	Thu, 14 Nov 2024 22:10:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AEMAoLf019365;
	Thu, 14 Nov 2024 22:10:50 GMT
	(envelope-from git)
Date: Thu, 14 Nov 2024 22:10:50 GMT
Message-Id: <202411142210.4AEMAoLf019365@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Robert Clausecker <fuz@FreeBSD.org>
Subject: git: 8983acc8dee5 - main - lib/libc/string: apply SSP
  hardening and tests to memset_explicit
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: fuz
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 8983acc8dee56533f5281ca912e09a51dfacc35b
Auto-Submitted: auto-generated

The branch main has been updated by fuz:

URL: https://cgit.FreeBSD.org/src/commit/?id=8983acc8dee56533f5281ca912e09a51dfacc35b

commit 8983acc8dee56533f5281ca912e09a51dfacc35b
Author:     Robert Clausecker <fuz@FreeBSD.org>
AuthorDate: 2024-10-25 16:00:44 +0000
Commit:     Robert Clausecker <fuz@FreeBSD.org>
CommitDate: 2024-11-14 22:10:00 +0000

    lib/libc/string: apply SSP hardening and tests to memset_explicit
    
    Reviewed by:    emaste, kevans
    Differential Revision:  https://reviews.freebsd.org/D47286
---
 include/ssp/string.h                             |   2 +
 lib/libc/string/memset_explicit.c                |   3 +-
 lib/libc/tests/secure/fortify_string_test.c      | 132 +++++++++++++++++++++++
 lib/libc/tests/secure/generate-fortify-tests.lua |   9 ++
 4 files changed, 145 insertions(+), 1 deletion(-)

diff --git a/include/ssp/string.h b/include/ssp/string.h
index 9f24254d9c01..2999aed13cb1 100644
--- a/include/ssp/string.h
+++ b/include/ssp/string.h
@@ -109,6 +109,8 @@ __ssp_bos_icheck3_restrict(memcpy, void *, const void *)
 __ssp_bos_icheck3_restrict(mempcpy, void *, const void *)
 __ssp_bos_icheck3(memmove, void *, const void *)
 __ssp_bos_icheck3(memset, void *, int)
+__ssp_redirect(void *, memset_explicit, (void *__buf, int __ch, size_t __len),
+    (__buf, __ch, __len));
 __ssp_bos_icheck2_restrict(stpcpy, char *, const char *)
 __ssp_bos_icheck3_restrict(stpncpy, char *, const char *)
 __ssp_bos_icheck2_restrict(strcpy, char *, const char *)
diff --git a/lib/libc/string/memset_explicit.c b/lib/libc/string/memset_explicit.c
index ee6be0363981..b2b9a79c40c8 100644
--- a/lib/libc/string/memset_explicit.c
+++ b/lib/libc/string/memset_explicit.c
@@ -5,6 +5,7 @@
  */
 
 #include <string.h>
+#include <ssp/ssp.h>
 
 __attribute__((weak)) void __memset_explicit_hook(void *, int, size_t);
 
@@ -17,7 +18,7 @@ __memset_explicit_hook(void *buf, int ch, size_t len)
 }
 
 void *
-memset_explicit(void *buf, int ch, size_t len)
+__ssp_real(memset_explicit)(void *buf, int ch, size_t len)
 {
 	memset(buf, ch, len);
 	__memset_explicit_hook(buf, ch, len);
diff --git a/lib/libc/tests/secure/fortify_string_test.c b/lib/libc/tests/secure/fortify_string_test.c
index cc87ae56488d..ae68c4b89a38 100644
--- a/lib/libc/tests/secure/fortify_string_test.c
+++ b/lib/libc/tests/secure/fortify_string_test.c
@@ -685,6 +685,133 @@ monitor:
 
 }
 
+ATF_TC_WITHOUT_HEAD(memset_explicit_before_end);
+ATF_TC_BODY(memset_explicit_before_end, tc)
+{
+#define BUF &__stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char __buf[42];
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(__stack.__buf);
+	const size_t __len = 42 - 1;
+	const size_t __idx __unused = __len - 1;
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_end);
+ATF_TC_BODY(memset_explicit_end, tc)
+{
+#define BUF &__stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char __buf[42];
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(__stack.__buf);
+	const size_t __len = 42;
+	const size_t __idx __unused = __len - 1;
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_heap_before_end);
+ATF_TC_BODY(memset_explicit_heap_before_end, tc)
+{
+#define BUF __stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char * __buf;
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
+	const size_t __len = 42 - 1;
+	const size_t __idx __unused = __len - 1;
+
+	__stack.__buf = malloc(__bufsz);
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_heap_end);
+ATF_TC_BODY(memset_explicit_heap_end, tc)
+{
+#define BUF __stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char * __buf;
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
+	const size_t __len = 42;
+	const size_t __idx __unused = __len - 1;
+
+	__stack.__buf = malloc(__bufsz);
+
+	memset_explicit(__stack.__buf, 0, __len);
+#undef BUF
+
+}
+
+ATF_TC_WITHOUT_HEAD(memset_explicit_heap_after_end);
+ATF_TC_BODY(memset_explicit_heap_after_end, tc)
+{
+#define BUF __stack.__buf
+	struct {
+		uint8_t padding_l;
+		unsigned char * __buf;
+		uint8_t padding_r;
+	} __stack;
+	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
+	const size_t __len = 42 + 1;
+	const size_t __idx __unused = __len - 1;
+	pid_t __child;
+	int __status;
+
+	__child = fork();
+	ATF_REQUIRE(__child >= 0);
+	if (__child > 0)
+		goto monitor;
+
+	/* Child */
+	disable_coredumps();
+	__stack.__buf = malloc(__bufsz);
+
+	memset_explicit(__stack.__buf, 0, __len);
+	_exit(EX_SOFTWARE);	/* Should have aborted. */
+
+monitor:
+	while (waitpid(__child, &__status, 0) != __child) {
+		ATF_REQUIRE_EQ(EINTR, errno);
+	}
+
+	if (!WIFSIGNALED(__status)) {
+		switch (WEXITSTATUS(__status)) {
+		case EX_SOFTWARE:
+			atf_tc_fail("FORTIFY_SOURCE failed to abort");
+			break;
+		case EX_OSERR:
+			atf_tc_fail("setrlimit(2) failed");
+			break;
+		default:
+			atf_tc_fail("child exited with status %d",
+			    WEXITSTATUS(__status));
+		}
+	} else {
+		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
+	}
+#undef BUF
+
+}
+
 ATF_TC_WITHOUT_HEAD(stpcpy_before_end);
 ATF_TC_BODY(stpcpy_before_end, tc)
 {
@@ -1899,6 +2026,11 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, memset_heap_before_end);
 	ATF_TP_ADD_TC(tp, memset_heap_end);
 	ATF_TP_ADD_TC(tp, memset_heap_after_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_before_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_heap_before_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_heap_end);
+	ATF_TP_ADD_TC(tp, memset_explicit_heap_after_end);
 	ATF_TP_ADD_TC(tp, stpcpy_before_end);
 	ATF_TP_ADD_TC(tp, stpcpy_end);
 	ATF_TP_ADD_TC(tp, stpcpy_heap_before_end);
diff --git a/lib/libc/tests/secure/generate-fortify-tests.lua b/lib/libc/tests/secure/generate-fortify-tests.lua
index eec5f7253f73..0e46b8867862 100755
--- a/lib/libc/tests/secure/generate-fortify-tests.lua
+++ b/lib/libc/tests/secure/generate-fortify-tests.lua
@@ -630,6 +630,15 @@ local all_tests = {
 			},
 			exclude = excludes_stack_overflow,
 		},
+		{
+			func = "memset_explicit",
+			arguments = {
+				"__buf",
+				"0",
+				"__len",
+			},
+			exclude = excludes_stack_overflow,
+		},
 		{
 			func = "stpcpy",
 			arguments = {