| 1 | @node Overflow Protection |
|---|
| 2 | @chapter Overflow Protection |
|---|
| 3 | |
|---|
| 4 | @menu |
|---|
| 5 | * Stack Smashing Protection:: Checks enabled with -fstack-protector* |
|---|
| 6 | * Object Size Checking:: Checks enabled with _FORTIFY_SOURCE |
|---|
| 7 | @end menu |
|---|
| 8 | |
|---|
| 9 | @node Stack Smashing Protection |
|---|
| 10 | @section Stack Smashing Protection |
|---|
| 11 | Stack Smashing Protection is a compiler feature which emits extra code |
|---|
| 12 | to check for stack smashing attacks. It depends on a canary, which is |
|---|
| 13 | initialized with the process, and functions for process termination when |
|---|
| 14 | an overflow is detected. These are private entry points intended solely |
|---|
| 15 | for use by the compiler, and are used when any of the @code{-fstack-protector}, |
|---|
| 16 | @code{-fstack-protector-all}, @code{-fstack-protector-explicit}, or |
|---|
| 17 | @code{-fstack-protector-strong} compiler flags are enabled. |
|---|
| 18 | |
|---|
| 19 | @node Object Size Checking |
|---|
| 20 | @section Object Size Checking |
|---|
| 21 | Object Size Checking is a feature which wraps certain functions with checks |
|---|
| 22 | to prevent buffer overflows. These are enabled when compiling with |
|---|
| 23 | optimization (@code{-O1} and higher) and @code{_FORTIFY_SOURCE} defined |
|---|
| 24 | to 1, or for stricter checks, to 2. |
|---|
| 25 | |
|---|
| 26 | @cindex list of overflow protected functions |
|---|
| 27 | The following functions use object size checking to detect buffer overflows |
|---|
| 28 | when enabled: |
|---|
| 29 | |
|---|
| 30 | @example |
|---|
| 31 | @exdent @emph{String functions:} |
|---|
| 32 | bcopy memmove strcpy |
|---|
| 33 | bzero mempcpy strcat |
|---|
| 34 | explicit_bzero memset strncat |
|---|
| 35 | memcpy stpcpy strncpy |
|---|
| 36 | |
|---|
| 37 | @exdent @emph{Wide Character String functions:} |
|---|
| 38 | fgetws wcrtomb wcsrtombs |
|---|
| 39 | fgetws_unlocked wcscat wmemcpy |
|---|
| 40 | mbsnrtowcs wcscpy wmemmove |
|---|
| 41 | mbsrtowcs wcsncat wmempcpy |
|---|
| 42 | wcpcpy wcsncpy wmemset |
|---|
| 43 | wcpncpy wcsnrtombs |
|---|
| 44 | |
|---|
| 45 | @exdent @emph{Stdio functions:} |
|---|
| 46 | fgets fread_unlocked sprintf |
|---|
| 47 | fgets_unlocked gets vsnprintf |
|---|
| 48 | fread snprintf vsprintf |
|---|
| 49 | |
|---|
| 50 | @exdent @emph{Stdlib functions:} |
|---|
| 51 | mbstowcs wcstombs wctomb |
|---|
| 52 | |
|---|
| 53 | @exdent @emph{System functions:} |
|---|
| 54 | getcwd read ttyname_r |
|---|
| 55 | pread readlink |
|---|
| 56 | |
|---|
| 57 | @end example |
|---|
