[PATCH] build: improve stack protector check
Ralph Böhme
rb at sernet.de
Sat Sep 19 04:43:17 UTC 2015
On Fri, Sep 18, 2015 at 03:50:09PM -0700, Jeremy Allison wrote:
> On Fri, Sep 11, 2015 at 04:57:16PM -0300, Gustavo Zacarias wrote:
> > Testing a toolchain for proper -fstack-protector must go beyond ensuring
> > the compiler and linker accept the option.
> > If the test C program does nothing with the stack then guards aren't
> > inserted and/or are optimized away giving the false impression that it
> > works when in fact the libc might not support it.
> >
> > Update the check to a program that uses the stack, hence making a link
> > fail if proper support isn't available, for example in non-ssp enabled
> > uclibc toolchains like this:
> >
> > test.c:(.text.startup+0x64): undefined reference to `__stack_chk_fail'
> >
> > Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> > ---
> > buildtools/wafsamba/samba_autoconf.py | 20 +++++++++++++++++---
> > 1 file changed, 17 insertions(+), 3 deletions(-)
> >
> > diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
> > index c5f132c..ef34b00 100644
> > --- a/buildtools/wafsamba/samba_autoconf.py
> > +++ b/buildtools/wafsamba/samba_autoconf.py
> > @@ -657,9 +657,23 @@ def SAMBA_CONFIG_H(conf, path=None):
> > if not IN_LAUNCH_DIR(conf):
> > return
> >
> > - if conf.CHECK_CFLAGS(['-fstack-protector']) and conf.CHECK_LDFLAGS(['-fstack-protector']):
> > - conf.ADD_CFLAGS('-fstack-protector')
> > - conf.ADD_LDFLAGS('-fstack-protector')
> > + # we need to build real code that can't be optimized away to test
> > + if conf.check(fragment='''
> > + #include <stdio.h>
> > +
> > + int main(void)
> > + {
> > + char t[100000];
> > + while (fgets(t, sizeof(t), stdin));
> > + return 0;
> > + }
> > + ''',
> > + execute=0,
> > + ccflags='-fstack-protector',
> > + ldflags='-fstack-protector',
> > + msg='Checking if toolchain accepts -fstack-protector'):
> > + conf.ADD_CFLAGS('-fstack-protector')
> > + conf.ADD_LDFLAGS('-fstack-protector')
> >
> > if Options.options.debug:
> > conf.ADD_CFLAGS('-g', testflags=True)
> > --
> > 2.4.6
>
> Reviewed-by: Jeremy Allison <jra at samba.org>
>
> Can I get a second Team reviewer ?
reviewed-by-me.
-Ralph
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de
More information about the samba-technical
mailing list