1 | @node Overflow Protection |
---|
2 | @chapter Overflow Protection |
---|
3 | |
---|
4 | @menu |
---|
5 | * Stack Smashing Protection:: Checks enabled with -fstack-protector* |
---|
6 | * Object Size Checking:: Checks enabled with _FORTIFY_SOURCE |
---|
7 | @end menu |
---|
8 | |
---|
9 | @node Stack Smashing Protection |
---|
10 | @section Stack Smashing Protection |
---|
11 | Stack Smashing Protection is a compiler feature which emits extra code |
---|
12 | to check for stack smashing attacks. It depends on a canary, which is |
---|
13 | initialized with the process, and functions for process termination when |
---|
14 | an overflow is detected. These are private entry points intended solely |
---|
15 | for use by the compiler, and are used when any of the @code{-fstack-protector}, |
---|
16 | @code{-fstack-protector-all}, @code{-fstack-protector-explicit}, or |
---|
17 | @code{-fstack-protector-strong} compiler flags are enabled. |
---|
18 | |
---|
19 | @node Object Size Checking |
---|
20 | @section Object Size Checking |
---|
21 | Object Size Checking is a feature which wraps certain functions with checks |
---|
22 | to prevent buffer overflows. These are enabled when compiling with |
---|
23 | optimization (@code{-O1} and higher) and @code{_FORTIFY_SOURCE} defined |
---|
24 | to 1, or for stricter checks, to 2. |
---|
25 | |
---|
26 | @cindex list of overflow protected functions |
---|
27 | The following functions use object size checking to detect buffer overflows |
---|
28 | when enabled: |
---|
29 | |
---|
30 | @example |
---|
31 | @exdent @emph{String functions:} |
---|
32 | bcopy memmove strcpy |
---|
33 | bzero mempcpy strcat |
---|
34 | explicit_bzero memset strncat |
---|
35 | memcpy stpcpy strncpy |
---|
36 | |
---|
37 | @exdent @emph{Wide Character String functions:} |
---|
38 | fgetws wcrtomb wcsrtombs |
---|
39 | fgetws_unlocked wcscat wmemcpy |
---|
40 | mbsnrtowcs wcscpy wmemmove |
---|
41 | mbsrtowcs wcsncat wmempcpy |
---|
42 | wcpcpy wcsncpy wmemset |
---|
43 | wcpncpy wcsnrtombs |
---|
44 | |
---|
45 | @exdent @emph{Stdio functions:} |
---|
46 | fgets fread_unlocked sprintf |
---|
47 | fgets_unlocked gets vsnprintf |
---|
48 | fread snprintf vsprintf |
---|
49 | |
---|
50 | @exdent @emph{Stdlib functions:} |
---|
51 | mbstowcs wcstombs wctomb |
---|
52 | |
---|
53 | @exdent @emph{System functions:} |
---|
54 | getcwd read ttyname_r |
---|
55 | pread readlink |
---|
56 | |
---|
57 | @end example |
---|