Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix problems detected by fortified builds #232

Merged
merged 10 commits into from
Jun 9, 2022
Merged

Fix problems detected by fortified builds #232

merged 10 commits into from
Jun 9, 2022

Conversation

bbonev
Copy link
Member

@bbonev bbonev commented Jun 8, 2022
edited
Loading

  • do not overwrite memory (-pre versions trigger this)
  • do not use truncated strings
  • kill the warnings for unused result

tested on gcc 11.3 with:

CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2" \
CFLAGS="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security" \
LDFLAGS="-Wl,-z,relro -Wl,-z,now" \
./configure && \
make -j

@bbonev
Avoid buffer overrun with long version strings
9f99dba 
This condition may happen with version as 3.2.12-pre1 which would generate
udev-3.2.12-pre1 with length of 17 including the terminating 0, while
struct udev_ctrl.version is only 16 bytes
@bbonev
Refuse to generate truncated USB modalias
ed95424 
In case of invalid input the resulting modalias would exceed the buffer and be
truncated. Add checks to avoid generating truncated modalias.
@bbonev
Kill warnings for unused result
aaa76e5 
ftruncate and lockf are declared with attribute ‘warn_unused_result’.
Kill the warning and add a TODO comment.
@bbonev
Increase the path buffer and fail on truncation
1833f76 
Add a check to avoid creating files with path that may be truncated
@bbonev bbonev requested review from ArsenArsen and kaniini June 8, 2022 05:34
@bbonev bbonev changed the title Fix warnings detected by fortified builds Fix problems detected by fortified builds Jun 8, 2022
ArsenArsen
ArsenArsen approved these changes Jun 9, 2022
View reviewed changes
src/collect/collect.c Outdated Show resolved Hide resolved
src/collect/collect.c Show resolved Hide resolved
src/collect/collect.c Outdated Show resolved Hide resolved
src/collect/collect.c Outdated Show resolved Hide resolved
src/udev/udev-ctrl.c Outdated Show resolved Hide resolved
ArsenArsen
ArsenArsen requested changes Jun 9, 2022
View reviewed changes
Copy link
Member

@ArsenArsen ArsenArsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above, I selected the wrong option by mistake.

@bbonev
Fix code style
74b5af5 
Suggested-by: Arsen Arsenović <[email protected]>
@bbonev
Mark as safe to ignore
07afd28 
Suggested-by: Arsen Arsenović <[email protected]>
@bbonev
Do not try to lock a negative fd
9bffb8a
@bbonev
Change prepare to never return an unlocked fd
fe9bac1 
- fix coding style while at it
- add checks and fail in case lockf failed

Suggested-by: Arsen Arsenović <[email protected]>
@bbonev
Add error checking
20f79fa 
lseek and ftruncate may fail; do not continue the processing if that happens

Suggested-by: Arsen Arsenović <[email protected]>
@bbonev
Use snprintf (for posterity)
54d0df1 
Also fix code style of sizeof()

Suggested-by: Arsen Arsenović <[email protected]>
ArsenArsen
ArsenArsen approved these changes Jun 9, 2022
View reviewed changes
Copy link
Member

@ArsenArsen ArsenArsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks alright

@bbonev bbonev merged commit 3211655 into eudev-project:master Jun 9, 2022
@bbonev bbonev deleted the buffers branch June 11, 2022 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArsenArsen ArsenArsen ArsenArsen approved these changes

@kaniini kaniini Awaiting requested review from kaniini

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bbonev @ArsenArsen