README.md (3182B)
1 # What is it? 2 3 This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of 4 [fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html ). 5 It provides compile time buffer checks. 6 It is libc-agnostic and simply overlays the system headers by using the 7 [`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html) 8 extension found in GCC, and 9 [black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73) 10 on Clang. It was initially intended to be used on 11 [musl](http://www.musl-libc.org/) based 12 [Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e). 13 14 15 # Features 16 17 - It is portable, works on *BSD, Linux, Solaris and possibly others. 18 - It will only trap non-conformant programs. This means that fortify 19 level 2 is treated in the same way as level 1. 20 - Avoids making function calls when undefined behaviour has already been 21 invoked. This is handled by using `__builtin_trap()`. 22 - Support for out-of-bounds read interfaces, such as send(), write(), 23 fwrite() etc. 24 - No ABI is enforced. All of the fortify check functions are inlined 25 into the resulting binary. 26 - It has a [comprehensive suite of tests](https://github.com/jvoisin/fortify-headers/tree/master/tests), 27 running both on Clang and on GCC for every commit, with 28 [significant coverage](https://jvoisin.github.io/fortify-headers/) 29 - Defining `USE_NATIVE_CHK` will make use of compiler-provided builtin `_chk` 30 functions, which might be a bit better in term of diagnostics, 31 but won't necessarily provide the same amount of security checks. 32 - Defining `PEDANTIC_CHECKS` will enable pedantic checks, that while technically 33 correct, might break some programs relying on widely accepted 34 undefined-behaviours. 35 36 # Sample usage 37 38 If you want to quickly test it, you can try something like the following: 39 40 ``` 41 cat > fgets.c <<EOF 42 #include <stdio.h> 43 int 44 main(void) 45 { 46 char buf[BUFSIZ]; 47 fgets(buf, sizeof(buf) + 1, stdin); 48 return 0; 49 } 50 EOF 51 cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c 52 ./a.out 53 ``` 54 55 At this point, the program will safely crash. 56 57 58 # Supported interfaces 59 60 - `FD_CLR` 61 - `FD_SET` 62 - `asprintf` 63 - `bcopy` 64 - `bzero` 65 - `calloc` 66 - `confstr` 67 - `fdopen` 68 - `fgets` 69 - `fgetws` 70 - `fmemopen` 71 - `fopen` 72 - `fprintf` 73 - `fread` 74 - `fwrite` 75 - `getcwd` 76 - `getdomainname` 77 - `getgroups` 78 - `gethostname` 79 - `getlogin_r` 80 - `malloc` 81 - `mbsnrtowcs` 82 - `mbsrtowcs` 83 - `mbstowcs` 84 - `memchr` 85 - `memcpy` 86 - `memmove` 87 - `mempcpy` 88 - `memset` 89 - `poll` 90 - `popen` 91 - `ppoll` 92 - `pread` 93 - `printf` 94 - `pwrite` 95 - `qsort` 96 - `read` 97 - `readlink` 98 - `readlinkat` 99 - `realloc` 100 - `reallocarray` 101 - `realpath` 102 - `recv` 103 - `recvfrom` 104 - `select` 105 - `send` 106 - `sendto` 107 - `snprintf` 108 - `sprintf` 109 - `stpcpy` 110 - `stpncpy` 111 - `strcat` 112 - `strchr` 113 - `strcpy` 114 - `strlcat` 115 - `strlcpy` 116 - `strlen` 117 - `strncat` 118 - `strncpy` 119 - `strrchr` 120 - `tmpfile` 121 - `ttyname_r` 122 - `umask` 123 - `vfprintf` 124 - `vprintf` 125 - `vasprintf` 126 - `vsnprintf` 127 - `vsprintf` 128 - `wcrtomb` 129 - `wcscat` 130 - `wcscpy` 131 - `wcsncat` 132 - `wcsncpy` 133 - `wcsnrtombs` 134 - `wcsrtombs` 135 - `wcstombs` 136 - `wctomb` 137 - `wmemcpy` 138 - `wmemmove` 139 - `wmemset` 140 - `write`