fortify-headers

standalone fortify-source implementation
git clone git://git.2f30.org/fortify-headers
Log | Files | Refs | README | LICENSE

commit c2bb9e106a32619726cfc5052a1509e96b90de9f
parent c7e82d4863992c2f3bbb6f5a31fa8e5fd0e1643f
Author: Natanael Copa <ncopa@alpinelinux.org>
Date:   Thu,  7 May 2015 14:50:03 +0200

fix realpath when stdlib.h is included before limits.h

If program includes stdlib.h before limits.h without _XOPEN_SOURCE,
_GNU_SOURCE or _BSD_SOURCE explicitly set, then will it always trigger
the trap with musl libc.

This is becase stdlib.h will pull in features.h which will set
_GNU_SOURCE. This means that the fortify stdlib.h will not include
limits.h but it will still trigger the fortified realpath(), but without
PATH_MAX set.

We fix this by including system stdlib.h before testing if limits.h
should be included.

Since PATH_MAX is known at compile time we can also error at compile
time, instead of compiling a broken realpath().

Diffstat:
Minclude/stdlib.h | 6+++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/stdlib.h b/include/stdlib.h @@ -1,12 +1,12 @@ #ifndef _FORTIFY_STDLIB_H #define _FORTIFY_STDLIB_H +#include_next <stdlib.h> + #if defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE) #include_next <limits.h> #endif -#include_next <stdlib.h> - #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 #ifdef __cplusplus @@ -23,7 +23,7 @@ char *realpath(const char *path, char *resolved) if (resolved) { #ifndef PATH_MAX - __builtin_trap(); +# error PATH_MAX unset. A fortified realpath will not work. #else bos = __builtin_object_size(resolved, 0); if (PATH_MAX > bos)