Hi Niels,
On 22/05/12 14:05, Niels Thykier wrote:
> [2] // Poor man's strdup
> #include <stdio.h>
> #include <string.h>
> #include <stdlib.h>
>
> int main(int argc, char **argv) {
> const char *s = argv[0];
> size_t l = strlen(s);
> char *cpy = malloc (l + 1);
> if (!cpy)
> return 1;
> strcpy(cpy, s);
> cpy[0] = 'b';
> printf("%s\n", cpy);
> return 0;
> }
I've been playing around with your example a bit. Since I stumbled upon some
cases where gcc didn't replace calls to memset and memmove with their hardened
versions, I modified your example to use memset and memmove. I ended up with the
following:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char** argv)
{
const char* s = argv[0];
size_t l = strlen(s);
char* cpy = malloc(l + 1);
if (!cpy)
return 1;
memset(cpy, s[0], l);
cpy[l] = 0;
printf("%s\n", cpy);
memmove(cpy, s, l);
cpy[0] = 'b';
printf("%s\n", cpy);
return 0;
}
Regardless of the flags passed to gcc [1], hardening-check reports the following
[2]:
Fortify Source functions: no, only unprotected functions found!
unprotected: memset
unprotected: memmove
So maybe memset and memmove are good candidates for the while list as well.
Cheers
[1] `dpkg-buildflags --get CFLAGS` `dpkg-buildflags --get CPPFLAGS`
`dpkg-buildflags --get LDFLAGS` and iterated over all the possible -O.
[2] With -Os the call to memset is optimized and not present at all.
--
Sebastian Ramacher
Attachment:
signature.asc
Description: OpenPGP digital signature