Commit 17cef944 authored by Fabian Wolff's avatar Fabian Wolff

New upstream version 0.09

parent 84df3c76
......@@ -15,6 +15,7 @@ t/logs/arch-ia64
t/logs/arch-mipsel
t/logs/bad
t/logs/bad-cflags
t/logs/bad-cflags-stackprotector
t/logs/bad-cppflags
t/logs/bad-ldflags
t/logs/bad-library
......
......@@ -36,6 +36,6 @@
"http://www.gnu.org/licenses/old-licenses/gpl-1.0.txt"
]
},
"version" : "0.08",
"version" : "0.09",
"x_serialization_backend" : "JSON::PP version 2.27400_02"
}
......@@ -21,5 +21,5 @@ requires:
Text::ParseWords: '0'
resources:
license: http://www.gnu.org/licenses/old-licenses/gpl-1.0.txt
version: '0.08'
version: '0.09'
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
NEWS
====
Version 0.09
------------
- Detect restore of -D_FORTIFY_SOURCE=2 after it was overwritten by
-D_FORTIFY_SOURCE=0 or 1 or -U_FORTIFY_SOURCE; reported by Mike Hommey
(Debian bug #898332).
- Detect overwrite of -fstack-protector options with -fno-stack-protector
(same for -fstack-protector-all and -fstack-protector-strong).
- Don't treat hexdumps which contain "cc" as compiler lines; reported by Kurt
Roeckx (Debian bug #899137).
Version 0.08
------------
......
......@@ -24,7 +24,7 @@ use warnings;
use Getopt::Long ();
use Text::ParseWords ();
our $VERSION = '0.08';
our $VERSION = '0.09';
# CONSTANTS/VARIABLES
......@@ -222,11 +222,17 @@ my @def_cflags_fortify = (
# fortify needs at least -O1, but -O2 is recommended anyway
);
my @def_cflags_stack = (
'-fstack-protector',
'-fstack-protector', # keep first, used by cflags_stack_broken()
'--param[= ]ssp-buffer-size=4',
);
my @def_cflags_stack_strong = (
'-fstack-protector-strong',
'-fstack-protector-strong', # keep first, used by cflags_stack_broken()
);
my @def_cflags_stack_bad = (
# Blacklist all stack protector options for simplicity.
'-fno-stack-protector',
'-fno-stack-protector-all',
'-fno-stack-protector-strong',
);
my @def_cflags_pie = (
'-fPIE',
......@@ -270,6 +276,7 @@ my @flag_refs = (
\@def_cflags_fortify,
\@def_cflags_stack,
\@def_cflags_stack_strong,
\@def_cflags_stack_bad,
\@def_cflags_pie,
\@def_cxxflags,
\@def_cppflags,
......@@ -427,21 +434,61 @@ sub all_flags_used {
@{$missing_flags_ref} = @missing_flags;
return 0;
}
# Check if any of \@bad_flags occurs after $good_flag. Doesn't check if
# $good_flag is present.
sub flag_overwritten {
my ($line, $good_flag, $bad_flags) = @_;
if (not any_flags_used($line, @{$bad_flags})) {
return 0;
}
my $bad_pos = 0;
foreach my $flag (@{$bad_flags}) {
while ($line =~ /$flag/g) {
if ($bad_pos < $+[0]) {
$bad_pos = $+[0];
}
}
}
my $good_pos = 0;
while ($line =~ /$good_flag/g) {
$good_pos = $+[0];
}
if ($good_pos > $bad_pos) {
return 0;
}
return 1;
}
sub cppflags_fortify_broken {
my ($line, $missing_flags) = @_;
# This doesn't take the position into account, but is a simple solution.
# And if the build system tries to force -D_FORTIFY_SOURCE=0/1, something
# is wrong anyway.
# $def_cppflags_fortify[0] must be -D_FORTIFY_SOURCE=2!
my $fortify_source = $def_cppflags_fortify[0];
if (any_flags_used($line, @def_cppflags_fortify_bad)) {
# $def_cppflags_fortify[0] must be -D_FORTIFY_SOURCE=2!
push @{$missing_flags}, $def_cppflags_fortify[0];
return 1;
# Some build systems enable/disable fortify source multiple times, check
# the final result.
if (not flag_overwritten($line,
$fortify_source,
\@def_cppflags_fortify_bad)) {
return 0;
}
push @{$missing_flags}, $fortify_source;
return 1;
}
return 0;
sub cflags_stack_broken {
my ($line, $missing_flags, $strong) = @_;
my $flag = $strong ? $def_cflags_stack_strong[0]
: $def_cflags_stack[0];
if (not flag_overwritten($line, $flag, \@def_cflags_stack_bad)) {
return 0;
}
push @{$missing_flags}, $flag;
return 1;
}
# Modifies $missing_flags_ref array.
......@@ -1026,7 +1073,9 @@ foreach my $file (@ARGV) {
# treated as a normal compiler line.
next if $line =~ m{^\s*rm\s+};
# Some build systems emit "gcc > file".
next if $line =~ m{$cc_regex_normal\s*>\s*\S+};
next if $line =~ m{$cc_regex_normal\s*>\s*\S+}o;
# Hex output may contain "cc".
next if $line =~ m#(?:\b[0-9a-fA-F]{2,}\b\s*){5}#;
# Check if additional hardening options were used. Used to ensure
# they are used for the complete build.
......@@ -1329,7 +1378,10 @@ LINE:
# Check hardening flags.
my @missing;
if ($compile and not all_flags_used($line, \@missing, @cflags)
if ($compile and (not all_flags_used($line, \@missing, @cflags)
or (($harden_stack or $harden_stack_strong)
and cflags_stack_broken($line, \@missing,
$harden_stack_strong)))
# Libraries linked with -fPIC don't have to (and can't) be
# linked with -fPIE as well. It's no error if only PIE flags
# are missing.
......
dpkg-buildpackage: source package test
gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector test-a.c
gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-all test-a.c
gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-strong test-a.c
......@@ -13,9 +13,8 @@ gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector-strong -Wformat -Werror=format-
gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c test-b.c
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=1 -c test-c.c
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c
gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c test-g.c
gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-h.c
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -c test-i.c
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -U_FORTIFY_SOURCE -c test-i.c
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=1 -c test-i.c
......@@ -45,3 +45,21 @@ GNU C++ (Debian 4.9.1-17) version 4.9.1 (x86_64-linux-gnu)
compiled by GNU C version 4.9.1, GMP version 6.0.0, MPFR version 3.1.2-p3, MPC version 1.0.2
GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
Compiler executable checksum: 26648cf2c5cb5e5907eedabc7a0be2ce
# hexdump
0300 - 41 0f ec 2f 28 ea be ac-a1 33 91 ca cc 35 6d 63 A../(....3...5mc
0310 - 57 e9 0a d6 1a 41 1b d2-89 b2 87 ef 9a fb 77 6b W....A........wk
0320 - 80 c3 b8 bc 5d 86 ce b6-2f b0 6c 46 ba 7b 03 cc ....].../.lF.{..
0330 - 0f 85 8c 0a 6e 16 b8 90-80 29 13 49 00 c1 43 51 ....n....).I..CQ
0340 - b9 59 53 8b 20 1d 0c e2-3d 0d 75 11 77 63 96 0a .YS. ...=.u.wc..
0350 - 12 82 f0 da b8 82 57 4b-71 6a e1 8d 6e ce cc 69 ......WKqj..n..i
0360 - a0 ab 2b 9c 95 18 77 f2-6c 48 cf 7f fc 28 5f 3e ..+...w.lH...(_>
0370 - 7e 01 4c c7 a5 3a 68 b5-a3 95 ff 5f fb 16 ae 97 ~.L..:h...._....
0380 - 1d 5a a0 a1 d6 65 cb 0c-63 5e a0 b5 0c 9e 5f de .Z...e..c^...._.
0390 - eb f4 06 ab 35 e2 61 73-ea b8 e5 9e c1 c4 bf 88 ....5.as........
03a0 - 41 aa 93 84 bd 5a a5 9a-88 d7 86 9a 68 97 d1 f3 A....Z......h...
03b0 - e2 6e 5d a0 cc 46 14 df-74 c8 8b 77 ff c2 1e f5 .n]..F..t..w....
03c0 - f9 11 0d 38 23 3c 31 6d-1c 7a 2b 28 8f 3c 04 22 ...8#<1m.z+(.<."
03d0 - 6e 57 7b cb f1 2d ec 4a-82 b6 b6 49 be 63 56 1a nW{..-.J...I.cV.
03e0 - 8c 1d af 9a e6 5c 5f 6e-03 f8 8e 9b 0b 30 b6 c0 .....\_n.....0..
03f0 - 42 b6 a1 d9 b0 59 09 81-74 b1 1f c0 9c 3f c6 f1 B....Y..t....?..
......@@ -49,3 +49,12 @@ command --cc test
gcc -MM test.c > test.d
gcc -MM -MT test.d test.c
gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-h.c
gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -c test-i.c
gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector -fstack-protector-strong test-a.c
gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-all -fstack-protector-strong test-a.c
gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-strong -fstack-protector-strong test-a.c
......@@ -19,7 +19,7 @@
use strict;
use warnings;
use Test::More tests => 234;
use Test::More tests => 236;
sub is_blhc {
......@@ -67,7 +67,7 @@ is_blhc '', '', 2,
$usage;
is_blhc '', '--version', 0,
'blhc 0.08 Copyright (C) 2012-2018 Simon Ruderich
'blhc 0.09 Copyright (C) 2012-2018 Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -492,6 +492,11 @@ CFLAGS missing (-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-se
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): (gcc -Wl,-z,relro -o test.output test.c)
LDFLAGS missing (-fPIE -pie -Wl,-z,now): (gcc -Wl,-z,relro -o test.output test.c)
';
is_blhc 'bad-cflags-stackprotector', '', 8,
'CFLAGS missing (-fstack-protector-strong): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector test-a.c
CFLAGS missing (-fstack-protector-strong): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-all test-a.c
CFLAGS missing (-fstack-protector-strong): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c -fno-stack-protector-strong test-a.c
';
is_blhc 'bad-cppflags', '', 8,
'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 -fstack-protector-strong -Wformat -Wformat-security -Werror=format-security -c test-a.c
......@@ -503,11 +508,10 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-p
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c test-b.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=1 -c test-c.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c test-g.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-h.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -c test-i.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -U_FORTIFY_SOURCE -c test-i.c
CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=1 -c test-i.c
';
is_blhc 'bad-cppflags', '--ignore-flag -D_FORTIFY_SOURCE=2', 0,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment