Bug 1032523 - libbsd: fortify support for string functions
Summary: libbsd: fortify support for string functions
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: libbsd
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Eric Smith
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1032518 1731545
TreeView+ depends on / blocked
 
Reported: 2013-11-20 10:54 UTC by Florian Weimer
Modified: 2019-07-25 22:47 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-19 20:51:29 UTC


Attachments (Terms of Use)

Description Florian Weimer 2013-11-20 10:54:10 UTC
All str* and wide string functions which take char * arguments should have _FORTIFY_SOURCE=2 support (wrappers that tell GCC to supply buffer size information obtained using __builtin_object_size).  This includes strlcpy, strvis and wcslcpy, for example.

Comment 2 Eric Smith 2013-12-17 05:29:36 UTC
It is unclear to me how FORTIFY_SOURCE will help strlcpy and wcslcpy, since they are by definition immune to the sort of problems that FORTIFY_SOURCE protects against. I can imagine FORTIFY_SOURCE being useful with other string functions.

In any case, is there documentation somewhere on how to add FORTIFY_SOURCE support in cases like this? My searches only turn up how to take advantage of FORTIFY_SOURCE in code that calls string functions, which isn't what I need here.

Comment 3 Lukáš Tinkl 2014-01-27 13:29:26 UTC
Closing as fixed as the current snapshot trees also don't require nor contain libbsd anymore.

Comment 4 Florian Weimer 2014-01-27 13:38:22 UTC
opendkim has now a build-requirement on libbsd-devel.

Comment 5 Florian Weimer 2014-11-11 11:11:01 UTC
(In reply to Eric Smith from comment #2)
> It is unclear to me how FORTIFY_SOURCE will help strlcpy and wcslcpy, since
> they are by definition immune to the sort of problems that FORTIFY_SOURCE
> protects against. I can imagine FORTIFY_SOURCE being useful with other
> string functions.

We have seen cases where the user-supplied size is incorrect and the compiler knows better.

> In any case, is there documentation somewhere on how to add FORTIFY_SOURCE
> support in cases like this? My searches only turn up how to take advantage
> of FORTIFY_SOURCE in code that calls string functions, which isn't what I
> need here.

_FORTIFY_SOURCE uses __builtin_object_size from GCC, which is documented in the GCC manual.

I'll revive this glibc patch soon.  If it is accepted, the definitions can eventually be removed from libbsd:

  <https://sourceware.org/ml/libc-alpha/2014-09/msg00426.html>

Comment 6 Jaroslav Reznik 2015-03-03 15:13:11 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 7 Fedora End Of Life 2016-07-19 20:51:29 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 8 Conrad Meyer 2017-07-21 00:43:57 UTC
Did your strlcpy patch ever make it into glibc, Florian?

Comment 9 Florian Weimer 2017-07-21 08:32:16 UTC
(In reply to Conrad Meyer from comment #8)
> Did your strlcpy patch ever make it into glibc, Florian?

Not yet.  Still working on it.

Comment 10 Conrad Meyer 2018-06-21 16:32:42 UTC
Any update?  Should we patch libbsd to use FORTIFY_SOURCE in the interim?


Note You need to log in before you can comment on or make changes to this bug.