1 /* Copyright (C) 2004 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
30 static void do_prepare (void);
31 static int do_test (void);
32 #define PREPARE(argc, argv) do_prepare ()
33 #define TEST_FUNCTION do_test ()
34 #include "../test-skeleton.c"
39 int temp_fd = create_temp_file ("tst-chk1.", &temp_filename);
42 printf ("cannot create temporary file: %m\n");
46 const char *strs = "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
47 if (write (temp_fd, strs, strlen (strs)) != strlen (strs))
49 puts ("could not write test strings into file");
50 unlink (temp_filename);
55 volatile int chk_fail_ok;
65 longjmp (chk_fail_buf, 1);
74 const char *str1 = "JIHGFEDCBA";
75 const char *str2 = "F";
76 const char *str3 = "%s%n%s%n";
77 const char *str4 = "Hello, ";
78 const char *str5 = "World!\n";
84 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
85 #define CHK_FAIL_START \
87 if (! setjmp (chk_fail_buf)) \
89 #define CHK_FAIL_END \
93 #if __USE_FORTIFY_LEVEL >= 2
94 #define CHK_FAIL2_START CHK_FAIL_START
95 #define CHK_FAIL2_END CHK_FAIL_END
97 #define CHK_FAIL2_START
105 sa.sa_handler = handler;
107 sigemptyset (&sa.sa_mask);
109 sigaction (SIGABRT, &sa, NULL);
111 /* Avoid all the buffer overflow messages on stderr. */
112 int fd = open (_PATH_DEVNULL, O_WRONLY);
114 close (STDERR_FILENO);
117 dup2 (fd, STDERR_FILENO);
120 setenv ("LIBC_FATAL_STDERR_", "1", 1);
122 struct A { char buf1[9]; char buf2[1]; } a;
124 printf ("Test checking routines at fortify level %d\n",
125 #ifdef __USE_FORTIFY_LEVEL
126 (int) __USE_FORTIFY_LEVEL
132 /* These ops can be done without runtime checking of object size. */
133 memcpy (buf, "abcdefghij", 10);
134 memmove (buf + 1, buf, 9);
135 if (memcmp (buf, "aabcdefghi", 10))
138 if (mempcpy (buf + 5, "abcde", 5) != buf + 10 || memcmp (buf, "aabcdabcde", 10))
141 memset (buf + 8, 'j', 2);
142 if (memcmp (buf, "aabcdabcjj", 10))
145 strcpy (buf + 4, "EDCBA");
146 if (memcmp (buf, "aabcEDCBA", 10))
149 if (stpcpy (buf + 8, "F") != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
152 strncpy (buf + 6, "X", 4);
153 if (memcmp (buf, "aabcEDX\0\0", 10))
156 if (sprintf (buf + 7, "%s", "67") != 2 || memcmp (buf, "aabcEDX67", 10))
159 if (snprintf (buf + 7, 3, "%s", "987654") != 6
160 || memcmp (buf, "aabcEDX98", 10))
163 /* These ops need runtime checking, but shouldn't __chk_fail. */
164 memcpy (buf, "abcdefghij", l0 + 10);
165 memmove (buf + 1, buf, l0 + 9);
166 if (memcmp (buf, "aabcdefghi", 10))
169 if (mempcpy (buf + 5, "abcde", l0 + 5) != buf + 10 || memcmp (buf, "aabcdabcde", 10))
172 memset (buf + 8, 'j', l0 + 2);
173 if (memcmp (buf, "aabcdabcjj", 10))
176 strcpy (buf + 4, str1 + 5);
177 if (memcmp (buf, "aabcEDCBA", 10))
180 if (stpcpy (buf + 8, str2) != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
183 strncpy (buf + 6, "X", l0 + 4);
184 if (memcmp (buf, "aabcEDX\0\0", 10))
187 if (sprintf (buf + 7, "%d", num1) != 2 || memcmp (buf, "aabcEDX67", 10))
190 if (snprintf (buf + 7, 3, "%d", num2) != 6 || memcmp (buf, "aabcEDX98", 10))
195 if (memcmp (buf, "aabcEDX9A", 10))
199 strncat (buf, "ZYXWV", l0 + 2);
200 if (memcmp (buf, "aabcEDXZY", 10))
203 memcpy (a.buf1, "abcdefghij", l0 + 10);
204 memmove (a.buf1 + 1, a.buf1, l0 + 9);
205 if (memcmp (a.buf1, "aabcdefghi", 10))
208 if (mempcpy (a.buf1 + 5, "abcde", l0 + 5) != a.buf1 + 10
209 || memcmp (a.buf1, "aabcdabcde", 10))
212 memset (a.buf1 + 8, 'j', l0 + 2);
213 if (memcmp (a.buf1, "aabcdabcjj", 10))
216 #if __USE_FORTIFY_LEVEL < 2
217 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
218 and sufficient GCC support, as the string operations overflow
219 from a.buf1 into a.buf2. */
220 strcpy (a.buf1 + 4, str1 + 5);
221 if (memcmp (a.buf1, "aabcEDCBA", 10))
224 if (stpcpy (a.buf1 + 8, str2) != a.buf1 + 9 || memcmp (a.buf1, "aabcEDCBF", 10))
227 strncpy (a.buf1 + 6, "X", l0 + 4);
228 if (memcmp (a.buf1, "aabcEDX\0\0", 10))
231 if (sprintf (a.buf1 + 7, "%d", num1) != 2 || memcmp (a.buf1, "aabcEDX67", 10))
234 if (snprintf (a.buf1 + 7, 3, "%d", num2) != 6
235 || memcmp (a.buf1, "aabcEDX98", 10))
238 a.buf1[l0 + 8] = '\0';
239 strcat (a.buf1, "A");
240 if (memcmp (a.buf1, "aabcEDX9A", 10))
243 a.buf1[l0 + 7] = '\0';
244 strncat (a.buf1, "ZYXWV", l0 + 2);
245 if (memcmp (a.buf1, "aabcEDXZY", 10))
250 #if __USE_FORTIFY_LEVEL >= 1
251 /* Now check if all buffer overflows are caught at runtime. */
254 memcpy (buf + 1, "abcdefghij", l0 + 10);
258 memmove (buf + 2, buf + 1, l0 + 9);
262 p = mempcpy (buf + 6, "abcde", l0 + 5);
266 memset (buf + 9, 'j', l0 + 2);
270 strcpy (buf + 5, str1 + 5);
274 p = stpcpy (buf + 9, str2);
278 strncpy (buf + 7, "X", l0 + 4);
282 sprintf (buf + 8, "%d", num1);
286 snprintf (buf + 8, l0 + 3, "%d", num2);
289 memcpy (buf, str1 + 2, l0 + 9);
294 memcpy (buf, str1 + 3, l0 + 8);
296 strncat (buf, "ZYXWV", l0 + 3);
300 memcpy (a.buf1 + 1, "abcdefghij", l0 + 10);
304 memmove (a.buf1 + 2, a.buf1 + 1, l0 + 9);
308 p = mempcpy (a.buf1 + 6, "abcde", l0 + 5);
312 memset (a.buf1 + 9, 'j', l0 + 2);
315 #if __USE_FORTIFY_LEVEL >= 2
322 strcpy (a.buf1 + (O + 4), str1 + 5);
326 p = stpcpy (a.buf1 + (O + 8), str2);
330 strncpy (a.buf1 + (O + 6), "X", l0 + 4);
334 sprintf (a.buf1 + (O + 7), "%d", num1);
338 snprintf (a.buf1 + (O + 7), l0 + 3, "%d", num2);
341 memcpy (a.buf1, str1 + (3 - O), l0 + 8 + O);
343 strcat (a.buf1, "AB");
346 memcpy (a.buf1, str1 + (4 - O), l0 + 7 + O);
348 strncat (a.buf1, "ZYXWV", l0 + 3);
352 /* Now checks for %n protection. */
354 /* Constant literals passed directly are always ok
355 (even with warnings about possible bugs from GCC). */
357 if (sprintf (buf, "%s%n%s%n", str2, &n1, str2, &n2) != 2
358 || n1 != 1 || n2 != 2)
361 /* In this case the format string is not known at compile time,
362 but resides in read-only memory, so is ok. */
363 if (snprintf (buf, 4, str3, str2, &n1, str2, &n2) != 2
364 || n1 != 1 || n2 != 2)
367 strcpy (buf2 + 2, "%n%s%n");
368 /* When the format string is writable and contains %n,
369 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
371 if (sprintf (buf, buf2, str2, &n1, str2, &n1) != 2)
376 if (snprintf (buf, 3, buf2, str2, &n1, str2, &n1) != 2)
380 /* But if there is no %n, even writable format string
383 if (sprintf (buf, buf2 + 4, str2) != 1)
386 /* Constant literals passed directly are always ok
387 (even with warnings about possible bugs from GCC). */
388 if (printf ("%s%n%s%n", str4, &n1, str5, &n2) != 14
389 || n1 != 7 || n2 != 14)
392 /* In this case the format string is not known at compile time,
393 but resides in read-only memory, so is ok. */
394 if (printf (str3, str4, &n1, str5, &n2) != 14
395 || n1 != 7 || n2 != 14)
398 strcpy (buf2 + 2, "%n%s%n");
399 /* When the format string is writable and contains %n,
400 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
402 if (printf (buf2, str4, &n1, str5, &n1) != 14)
406 /* But if there is no %n, even writable format string
409 if (printf (buf2 + 4, str5) != 7)
414 /* Constant literals passed directly are always ok
415 (even with warnings about possible bugs from GCC). */
416 if (fprintf (fp, "%s%n%s%n", str4, &n1, str5, &n2) != 14
417 || n1 != 7 || n2 != 14)
420 /* In this case the format string is not known at compile time,
421 but resides in read-only memory, so is ok. */
422 if (fprintf (fp, str3, str4, &n1, str5, &n2) != 14
423 || n1 != 7 || n2 != 14)
426 strcpy (buf2 + 2, "%n%s%n");
427 /* When the format string is writable and contains %n,
428 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
430 if (fprintf (fp, buf2, str4, &n1, str5, &n1) != 14)
434 /* But if there is no %n, even writable format string
437 if (fprintf (fp, buf2 + 4, str5) != 7)
440 if (freopen (temp_filename, "r", stdin) == NULL)
442 puts ("could not open temporary file");
446 if (gets (buf) != buf || memcmp (buf, "abcdefgh", 9))
448 if (gets (buf) != buf || memcmp (buf, "ABCDEFGHI", 10))
451 #if __USE_FORTIFY_LEVEL >= 1
453 if (gets (buf) != buf)
458 if (freopen (temp_filename, "r", stdin) == NULL)
460 puts ("could not open temporary file");
464 if (fseek (stdin, 9 + 10 + 11, SEEK_SET))
466 puts ("could not seek in test file");
470 #if __USE_FORTIFY_LEVEL >= 1
472 if (gets (buf) != buf)