| Message ID | 20231221185929.1307116-5-adhemerval.zanella@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | Improve fortify support with clang | expand |
On 2023-12-21 13:59, Adhemerval Zanella wrote: > It requires to be in a container tests to avoid logging bogus > information on the system. The syslog also requires to be checked in > a different process because the internal printf call will abort with > the internal syslog lock taken (which makes subsequent syslog calls > deadlock). > > Checked on aarch64, armhf, x86_64, and i686. > --- Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> > debug/Makefile | 5 ++ > debug/tst-fortify-syslog.c | 128 +++++++++++++++++++++++++++++++++++++ > 2 files changed, 133 insertions(+) > create mode 100644 debug/tst-fortify-syslog.c > > diff --git a/debug/Makefile b/debug/Makefile > index c49e5d86ec..fdc250e209 100644 > --- a/debug/Makefile > +++ b/debug/Makefile > @@ -179,6 +179,7 @@ CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 > CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 > CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 > CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 > +CFLAGS-tst-fortify-syslog.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 > > # _FORTIFY_SOURCE tests. > # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and > @@ -293,6 +294,10 @@ tests-time64 += \ > $(tests-all-time64-chk) \ > # tests-time64 > > +tests-container += \ > + tst-fortify-syslog \ > + # tests-container > + > ifeq ($(have-ssp),yes) > tests += tst-ssp-1 > endif > diff --git a/debug/tst-fortify-syslog.c b/debug/tst-fortify-syslog.c > new file mode 100644 > index 0000000000..26a93d9be8 > --- /dev/null > +++ b/debug/tst-fortify-syslog.c > @@ -0,0 +1,128 @@ > +/* Fortify tests for syslog interface. > + Copyright (C) 2023 Free Software Foundation, Inc. > + Copyright The GNU Toolchain Authors. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + <https://www.gnu.org/licenses/>. */ > + > +#include <stdarg.h> > +#include <setjmp.h> > +#include <syslog.h> > +#include <string.h> > +#include <unistd.h> > +#include <stdio.h> > + > +#include <support/check.h> > +#include <support/support.h> > +#include <support/capture_subprocess.h> > + > +static const char *str2 = "F"; > +static char buf2[10] = "%s"; > + > +static volatile int chk_fail_ok; > +static jmp_buf chk_fail_buf; > + > +static void > +handler (int sig) > +{ > + if (chk_fail_ok) > + { > + chk_fail_ok = 0; > + longjmp (chk_fail_buf, 1); > + } > + else > + _exit (127); > +} > + > +#define FAIL() \ > + do { \ > + printf ("Failure on line %d\n", __LINE__); \ > + support_record_failure (); \ > + } while (0) > +#define CHK_FAIL_START \ > + chk_fail_ok = 1; \ > + if (! setjmp (chk_fail_buf)) \ > + { > +#define CHK_FAIL_END \ > + chk_fail_ok = 0; \ > + FAIL (); \ > + } > + > +static void > +call_vsyslog (int priority, const char *format, ...) > +{ > + va_list va; > + va_start (va, format); > + vsyslog (priority, format, va); > + va_end (va); > +} > + > +static void > +run_syslog_chk (void *closure) > +{ > + int n1; > + CHK_FAIL_START > + syslog (LOG_USER | LOG_DEBUG, buf2, str2, &n1, str2, &n1); > + CHK_FAIL_END > +} > + > +static void > +run_vsyslog_chk (void *closure) > +{ > + int n1; > + CHK_FAIL_START > + call_vsyslog (LOG_USER | LOG_DEBUG, buf2, str2, &n1, str2, &n1); > + CHK_FAIL_END > +} > + > +static int > +do_test (void) > +{ > + set_fortify_handler (handler); > + > + int n1, n2; > + > + n1 = n2 = 0; > + syslog (LOG_USER | LOG_DEBUG, "%s%n%s%n", str2, &n1, str2, &n2); > + TEST_COMPARE (n1, 1); > + TEST_COMPARE (n2, 2); > + > + n1 = n2 = 0; > + call_vsyslog (LOG_USER | LOG_DEBUG, "%s%n%s%n", str2, &n1, str2, &n2); > + TEST_COMPARE (n1, 1); > + TEST_COMPARE (n2, 2); > + > + strcpy (buf2 + 2, "%n%s%n"); > + > + /* The wrapper tests need to be in a subprocess because the abort called by > + printf does not unlock the internal syslog lock. */ > + { > + struct support_capture_subprocess result > + = support_capture_subprocess (run_syslog_chk, NULL); > + support_capture_subprocess_check (&result, "syslog", 0, sc_allow_stderr); > + support_capture_subprocess_free (&result); > + } > + > + { > + struct support_capture_subprocess result > + = support_capture_subprocess (run_vsyslog_chk, NULL); > + support_capture_subprocess_check (&result, "syslog", 0, sc_allow_stderr); > + support_capture_subprocess_free (&result); > + } > + > + return 0; > +} > + > +#include <support/test-driver.c>
diff --git a/debug/Makefile b/debug/Makefile index c49e5d86ec..fdc250e209 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -179,6 +179,7 @@ CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 +CFLAGS-tst-fortify-syslog.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 # _FORTIFY_SOURCE tests. # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and @@ -293,6 +294,10 @@ tests-time64 += \ $(tests-all-time64-chk) \ # tests-time64 +tests-container += \ + tst-fortify-syslog \ + # tests-container + ifeq ($(have-ssp),yes) tests += tst-ssp-1 endif diff --git a/debug/tst-fortify-syslog.c b/debug/tst-fortify-syslog.c new file mode 100644 index 0000000000..26a93d9be8 --- /dev/null +++ b/debug/tst-fortify-syslog.c @@ -0,0 +1,128 @@ +/* Fortify tests for syslog interface. + Copyright (C) 2023 Free Software Foundation, Inc. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <stdarg.h> +#include <setjmp.h> +#include <syslog.h> +#include <string.h> +#include <unistd.h> +#include <stdio.h> + +#include <support/check.h> +#include <support/support.h> +#include <support/capture_subprocess.h> + +static const char *str2 = "F"; +static char buf2[10] = "%s"; + +static volatile int chk_fail_ok; +static jmp_buf chk_fail_buf; + +static void +handler (int sig) +{ + if (chk_fail_ok) + { + chk_fail_ok = 0; + longjmp (chk_fail_buf, 1); + } + else + _exit (127); +} + +#define FAIL() \ + do { \ + printf ("Failure on line %d\n", __LINE__); \ + support_record_failure (); \ + } while (0) +#define CHK_FAIL_START \ + chk_fail_ok = 1; \ + if (! setjmp (chk_fail_buf)) \ + { +#define CHK_FAIL_END \ + chk_fail_ok = 0; \ + FAIL (); \ + } + +static void +call_vsyslog (int priority, const char *format, ...) +{ + va_list va; + va_start (va, format); + vsyslog (priority, format, va); + va_end (va); +} + +static void +run_syslog_chk (void *closure) +{ + int n1; + CHK_FAIL_START + syslog (LOG_USER | LOG_DEBUG, buf2, str2, &n1, str2, &n1); + CHK_FAIL_END +} + +static void +run_vsyslog_chk (void *closure) +{ + int n1; + CHK_FAIL_START + call_vsyslog (LOG_USER | LOG_DEBUG, buf2, str2, &n1, str2, &n1); + CHK_FAIL_END +} + +static int +do_test (void) +{ + set_fortify_handler (handler); + + int n1, n2; + + n1 = n2 = 0; + syslog (LOG_USER | LOG_DEBUG, "%s%n%s%n", str2, &n1, str2, &n2); + TEST_COMPARE (n1, 1); + TEST_COMPARE (n2, 2); + + n1 = n2 = 0; + call_vsyslog (LOG_USER | LOG_DEBUG, "%s%n%s%n", str2, &n1, str2, &n2); + TEST_COMPARE (n1, 1); + TEST_COMPARE (n2, 2); + + strcpy (buf2 + 2, "%n%s%n"); + + /* The wrapper tests need to be in a subprocess because the abort called by + printf does not unlock the internal syslog lock. */ + { + struct support_capture_subprocess result + = support_capture_subprocess (run_syslog_chk, NULL); + support_capture_subprocess_check (&result, "syslog", 0, sc_allow_stderr); + support_capture_subprocess_free (&result); + } + + { + struct support_capture_subprocess result + = support_capture_subprocess (run_vsyslog_chk, NULL); + support_capture_subprocess_check (&result, "syslog", 0, sc_allow_stderr); + support_capture_subprocess_free (&result); + } + + return 0; +} + +#include <support/test-driver.c>