| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
sig2str(3)
Reviewed by: imp, kib, des, jilles
Pull Request: https://github.com/freebsd/freebsd-src/pull/1696
Closes: https://github.com/freebsd/freebsd-src/pull/1696
|
| |
|
|
|
|
|
|
|
|
| |
This is a calque of the NetBSD function of the same name.
MFC after: never
Relontes: yes
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D49979
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of relying on any particular domainname and hostname to succeed,
spin up a jail before we execute the test with them set to some known,
fixed values. This allows them to be meaningfully tested -- previously,
they were skipped much more often than not.
Reported by: jlduran
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49237
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
An upcoming test will require root to create a jail with its own
domainname/hostname to avoid external requirements on the test runner
as we want to fetch them with valid and plausible sizes.
Generate test headers for all cases to reduce churn in future diffs as
metadata is added to individual tests, or in case other test options
are added to correspond to different metadata to set.
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49236
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All of these are simple shadowing that don't need to happen; we're
passing the shadowed value through in every case anyways, just use it
in the closure in a more lua-natural fashion.
While we're here, lint the generator every time we generate tests to
ensure that we don't regress without having to remember to manually
run luacheck.
Reported by: jlduran
Reviewed by: jlduran, markj
Differential Revision: https://reviews.freebsd.org/D49235
|
| |
|
|
|
| |
Reviewed by: emaste, kevans
Differential Revision: https://reviews.freebsd.org/D47286
|
| |
|
|
|
|
|
|
|
|
| |
The entire recv*() implementation set is ripe for opportunities to
validate, so do what we can with what we have.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45686
|
| |
|
|
|
|
|
|
|
|
| |
Notably sanity check indices passed to the FD_*() macros against the
size of the fd_set itself.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45685
|
| |
|
|
|
|
|
|
|
|
| |
Check both the buffer size of the iov object itself, as well as that
of each indidvidually io base.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45684
|
| |
|
|
|
|
|
|
|
| |
That is to say, fortify getrandom(2).
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45683
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This includes all of the w*() equivalents to str*()/mem*() implemented
in more or less the same way. For these ones, we'll just use
header-only implementations from the start to stop further cluttering
the libc symbol table.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45682
|
| |
|
|
|
|
|
|
|
|
|
| |
The immediately obvious and attractive targets from <stdlib.h> are
arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal
much else of interest.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45681
|
| |
|
|
|
|
|
|
|
|
| |
For poll/ppoll we just need to bounds-check the poll array that we're
about to write out to.
Reviewed by: kib, markj (earlier version)
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45680
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ssp/ssp.h needed some improvements:
- `len` isn't always a size_t, it may need casted
- In some cases we may want to use a len that isn't specified as a
parameter (e.g., L_ctermid), so __ssp_redirect() should be more
flexible.
- In other cases we may want additional checking, so pull all of the
declaration bits out of __ssp_redirect_raw() so that some functions
can implement the body themselves.
strlcat/strlcpy should be the last of the fortified functions that get
their own __*_chk symbols, and these cases are only done to be
consistent with the rest of the str*() set.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45679
|
|
|
The _FORTIFY_SOURCE tests will be generated by a lua script to avoid a
lot of redundancy in writing these tests. For each function that we're
fortifying, the plan is to test at least the following three scenarios:
- Writing up to one byte before the end of the buffer,
- Writing up to the end of the buffer,
- Writing one byte past the end of the buffer
The buffer is shoved into a struct on the stack to guarantee a stack
layout in which we have a valid byte after the buffer so that level 2
fortification will trip and we can have confidence that it wasn't some
other stack/memory protection instead.
The generated tests are divided roughly into which header we're
attributing them to so that we can parallelize the build -- the full set
is a bit over 9000 lines of C and takes 11s to build on the hardware
that I'm testing on if it's a single monolothic file.
Reviewed by: markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45678
|
