Changeset 544
- Timestamp:
- Feb 17, 2019, 2:41:49 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Makefile.in
r534 r544 1659 1659 sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h 1660 1660 sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h 1661 sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h1661 sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h 1662 1662 sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h 1663 1663 sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h … … 1672 1672 encode.o: $(srcsrc)/encode.c Makefile 1673 1673 sstrip.o: $(srcsrc)/sstrip.c Makefile config.h 1674 trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/s h_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h1674 trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h 1675 1675 exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data 1676 1676 exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h -
trunk/aclocal.m4
r499 r544 1125 1125 AC_LANG_ASSERT(C) 1126 1126 if test "X$CC" != "X"; then 1127 AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector- all],1127 AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-strong], 1128 1128 ssp_cv_cc, 1129 1129 [ssp_old_cflags="$CFLAGS" 1130 CFLAGS="$CFLAGS -fstack-protector- all"1130 CFLAGS="$CFLAGS -fstack-protector-strong" 1131 1131 AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) 1132 1132 CFLAGS="$ssp_old_cflags" 1133 1133 ]) 1134 1134 if test $ssp_cv_cc = no; then 1135 AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector ],1135 AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all], 1136 1136 ssp_cv_cc, 1137 1137 [ssp_old_cflags="$CFLAGS" 1138 CFLAGS="$CFLAGS -fstack-protector "1138 CFLAGS="$CFLAGS -fstack-protector-all" 1139 1139 AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) 1140 1140 CFLAGS="$ssp_old_cflags" 1141 1141 ]) 1142 if test $ssp_cv_cc = yes; then 1143 CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" 1144 LDFLAGS="$LDFLAGS -fstack-protector" 1145 AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) 1142 if test $ssp_cv_cc = no; then 1143 AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], 1144 ssp_cv_cc, 1145 [ssp_old_cflags="$CFLAGS" 1146 CFLAGS="$CFLAGS -fstack-protector" 1147 AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) 1148 CFLAGS="$ssp_old_cflags" 1149 ]) 1150 if test $ssp_cv_cc = yes; then 1151 CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" 1152 LDFLAGS="$LDFLAGS -fstack-protector" 1153 AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) 1154 fi 1155 else 1156 if test $ssp_cv_cc = yes; then 1157 CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" 1158 LDFLAGS="$LDFLAGS -fstack-protector-all" 1159 AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) 1160 fi 1146 1161 fi 1147 1162 else 1148 1163 if test $ssp_cv_cc = yes; then 1149 CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector- all"1150 LDFLAGS="$LDFLAGS -fstack-protector- all"1164 CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-strong" 1165 LDFLAGS="$LDFLAGS -fstack-protector-strong" 1151 1166 AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) 1152 1167 fi … … 1211 1226 AC_LANG_ASSERT(C) 1212 1227 if test "X$CC" != "X"; then 1213 AC_CACHE_CHECK([whether ${CC} accepts -fstack-c heck],1228 AC_CACHE_CHECK([whether ${CC} accepts -fstack-clash-protection], 1214 1229 stackcheck_cv_cc, 1215 1230 [stackcheck_old_cflags="$CFLAGS" 1216 CFLAGS="$CFLAGS -fstack-c heck"1231 CFLAGS="$CFLAGS -fstack-clash-protection" 1217 1232 AC_TRY_COMPILE(,, stackcheck_cv_cc=yes, stackcheck_cv_cc=no) 1218 1233 CFLAGS="$stackcheck_old_cflags" 1219 1234 ]) 1220 1235 if test $stackcheck_cv_cc = yes; then 1221 CFLAGS="$CFLAGS -fstack-c heck"1236 CFLAGS="$CFLAGS -fstack-clash-protection" 1222 1237 fi 1223 1238 fi -
trunk/config.h.in
r534 r544 525 525 /* Define to 1 if you have the `endpwent' function. */ 526 526 #undef HAVE_ENDPWENT 527 528 /* Define to 1 if you have the `explicit_bzero' function. */ 529 #undef HAVE_EXPLICIT_BZERO 530 531 /* Define to 1 if you have the `explicit_memset' function. */ 532 #undef HAVE_EXPLICIT_MEMSET 527 533 528 534 /* Define to 1 if you have the <ext2fs/ext2_fs.h> header file. */ -
trunk/configure.ac
r539 r544 12 12 dnl start 13 13 dnl 14 AM_INIT_AUTOMAKE(samhain, 4.3. 2)14 AM_INIT_AUTOMAKE(samhain, 4.3.3) 15 15 AC_DEFINE([SAMHAIN], 1, [Application is samhain]) 16 16 AC_CANONICAL_HOST … … 380 380 AC_FUNC_STRFTIME 381 381 AC_CHECK_FUNCS(memcmp memcpy memmove memset getpwent endpwent fpurge \ 382 explicit_memset explicit_bzero \ 382 383 gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ 383 384 seteuid setreuid setresuid lstat getwd getcwd ptrace \ … … 706 707 GCC_STACK_PROTECT_LIB 707 708 GCC_STACK_PROTECT_CC 708 dnl GCC_STACK_CHECK_CC 709 GCC_PIE_CC 709 GCC_STACK_CHECK_CC 710 GCC_PIE_CC 711 GCC_FLAG_CHECK([-fexceptions]) 712 GCC_FLAG_CHECK([-mcet -fcf-protection]) 710 713 fi 711 714 … … 1038 1041 tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' ` 1039 1042 LIBS="${tmp_LIBS}" 1043 AC_MSG_WARN([--enable-static: no support for Linux Auditing System]) 1040 1044 fi 1041 1045 1042 1046 if test "x$GCC" = "xyes"; 1043 1047 then 1048 if test -n "`echo "$CFLAGS" | grep "\-flto" 2> /dev/null`" 1049 then 1050 AC_MSG_ERROR([--enable-static: not compatible with link-time optimisation]) 1051 fi 1044 1052 case "$host_os" in 1045 1053 … … 1206 1214 [ --with-database=[[mysql|postgresql|oracle|odbc]] database support [[no]]], 1207 1215 [ 1216 if test x"$enable_static" = xyes; then 1217 AC_MSG_WARN([With --enable-static, --with-database may fail to compile.]) 1218 fi 1208 1219 if test x"$enable_xml_log" != xyes; then 1209 1220 AC_MSG_ERROR([With --with-database, --enable-xml-log is required as well.]) … … 1791 1802 ;; 1792 1803 *) 1793 CFLAGS="$CFLAGS -Wall -W "1804 CFLAGS="$CFLAGS -Wall -W -Werror=implicit-function-declaration " 1794 1805 ;; 1795 1806 esac -
trunk/depend.dep
r534 r544 28 28 sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h 29 29 sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h 30 sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h30 sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h 31 31 sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h 32 32 sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h … … 41 41 encode.o: $(srcsrc)/encode.c Makefile 42 42 sstrip.o: $(srcsrc)/sstrip.c Makefile config.h 43 trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/s h_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h43 trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h 44 44 exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data 45 45 exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h -
trunk/depend.sum
r534 r544 1 3 9034666961 3038455203 -
trunk/docs/Changelog
r539 r544 1 4.3.3: 2 * fix some issues with link-time optimisation (option -flto with 3 recent gcc versions) 4 * fix compiler warning in sh_prelude.c 5 * add patch (by Kamel H.) to init for alternative root fs) 6 1 7 4.3.2: 2 8 * fix compile failure on OpenBSD (reported by Mithrond) -
trunk/include/slib.h
r525 r544 227 227 */ 228 228 int sl_strncmp(const char * a, const char * b, size_t n); 229 int sl_ts_strncmp(const char * a, const char * b, size_t n); 229 230 230 231 int sl_strncasecmp(const char * a, const char * b, size_t n); -
trunk/src/bignum.c
r454 r544 425 425 { 426 426 DIGIT *a_ptr, *b_ptr; 427 int retval = 0; 427 428 428 429 if (a->dgs_used == b->dgs_used) … … 437 438 if (a_ptr < a->dp) 438 439 { 439 return 0;440 return retval; 440 441 } 441 442 else 442 443 { 443 return (*a_ptr > *b_ptr) ? 1 : -1; 444 } 444 if (retval == 0) 445 retval = (*a_ptr > *b_ptr) ? 1 : -1; 446 } 447 return retval; 445 448 } 446 449 return (a->dgs_used > b->dgs_used) ? 1 : -1; -
trunk/src/cutest_slib.c
r248 r544 58 58 } 59 59 60 void Test_sl_ts_strncmp (CuTest *tc) { 61 char one[64], two[64]; 62 int res; 63 64 strcpy(one, "foo"); 65 strcpy(two, "foo"); 66 res = sl_ts_strncmp(one, two, 3); 67 CuAssertIntEquals(tc, 0, res); 68 69 strcpy(one, "fox"); 70 strcpy(two, "foo"); 71 res = sl_ts_strncmp(one, two, 2); 72 CuAssertIntEquals(tc, 0, res); 73 74 strcpy(one, "f9o"); 75 strcpy(two, "foo"); 76 res = sl_ts_strncmp(one, two, 3); 77 CuAssertTrue(tc, 0 != res); 78 79 } 80 60 81 void Test_sl_strcasecmp (CuTest *tc) { 61 82 char one[64], two[64]; -
trunk/src/sh_calls.c
r509 r544 51 51 #include "samhain.h" 52 52 #include "sh_error.h" 53 #include "sh_calls.h"54 53 #include "sh_ipvx.h" 55 54 #include "sh_sub.h" -
trunk/src/sh_srp.c
r474 r544 48 48 #define bignum MP_INT 49 49 50 inline 50 static 51 51 int big_create (bignum * a) 52 52 { … … 55 55 } 56 56 57 inline 57 static 58 58 int big_zerop (bignum * a) 59 59 { … … 69 69 } 70 70 71 inline 71 static 72 72 int big_trunc (bignum * a, bignum * b, bignum * q, bignum *r) 73 73 { … … 76 76 } 77 77 78 inline 78 static 79 79 int big_exptmod (bignum * a, bignum * b, bignum * c, bignum *d) 80 80 { … … 136 136 } 137 137 138 inline138 static 139 139 int big_add(bignum * a, bignum * b, bignum * c) 140 140 { … … 143 143 } 144 144 145 inline145 static 146 146 int big_sub(bignum * a, bignum * b, bignum * c) 147 147 { … … 150 150 } 151 151 152 inline152 static 153 153 int big_mul(bignum * a, bignum * b, bignum * c) 154 154 { … … 157 157 } 158 158 159 inline159 static 160 160 int big_greaterp(bignum * a, bignum * b) 161 161 { … … 163 163 } 164 164 165 inline165 static 166 166 int big_set_big(bignum * a, bignum * b) 167 167 { … … 171 171 172 172 173 inline173 static 174 174 int big_set_string(const char * str, int base, bignum * a) 175 175 { -
trunk/src/sh_xfer_client.c
r541 r544 769 769 */ 770 770 sh_passwd (nounce, NULL, NULL, temp); 771 if ( 0 != sl_ strncmp(temp, answer, KEY_LEN))771 if ( 0 != sl_ts_strncmp(temp, answer, KEY_LEN)) 772 772 flag_err = (-1); 773 773 … … 1003 1003 ); 1004 1004 if (M != NULL && 1005 0 == sl_ strncmp (answer, M, KEY_LEN+1))1005 0 == sl_ts_strncmp (answer, M, KEY_LEN+1)) 1006 1006 { 1007 1007 sl_strlcpy (skey->session, … … 1083 1083 pos+1); 1084 1084 flag_err = 1085 sl_ strncmp(&answer[KEY_LEN+pos],1085 sl_ts_strncmp(&answer[KEY_LEN+pos], 1086 1086 sh_util_siggen(skey->session, 1087 1087 buffer, … … 1202 1202 (void) sl_strlcpy(buffer, errmsg, len); 1203 1203 (void) sl_strlcat(buffer, nsrv, len); 1204 flag_err = sl_ strncmp(answer,1205 sh_util_siggen(skey->session,1206 buffer,1207 sl_strlen(buffer),1208 sigbuf, sizeof(sigbuf)),1209 KEY_LEN);1204 flag_err = sl_ts_strncmp(answer, 1205 sh_util_siggen(skey->session, 1206 buffer, 1207 sl_strlen(buffer), 1208 sigbuf, sizeof(sigbuf)), 1209 KEY_LEN); 1210 1210 TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"), 1211 1211 sh_util_siggen(skey->session, buffer, -
trunk/src/sh_xfer_server.c
r541 r544 1198 1198 KEY_LEN+1); 1199 1199 1200 if (0 != sl_ strncmp(conn->K, conn->buf, KEY_LEN))1200 if (0 != sl_ts_strncmp(conn->K, conn->buf, KEY_LEN)) 1201 1201 { 1202 1202 TPT((0, FIL__, __LINE__, _("msg=<clt %s>\n"), conn->buf)); … … 1664 1664 */ 1665 1665 buffer = sh_util_strconcat(conn->buf, conn->challenge, NULL); 1666 i = sl_ strncmp(hash,1667 sh_util_siggen(conn->client_entry->session_key,1668 buffer,1669 sl_strlen(buffer),1670 sigbuf, sizeof(sigbuf)),1671 KEY_LEN);1666 i = sl_ts_strncmp(hash, 1667 sh_util_siggen(conn->client_entry->session_key, 1668 buffer, 1669 sl_strlen(buffer), 1670 sigbuf, sizeof(sigbuf)), 1671 KEY_LEN); 1672 1672 TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"), 1673 1673 sh_util_siggen(conn->client_entry->session_key, … … 2088 2088 TPT((0, FIL__, __LINE__, _("msg=<c/r: P = %s>\n"), conn->M1)); 2089 2089 2090 if ( 0 != sl_ strncmp(conn->M1, conn->buf, KEY_LEN))2090 if ( 0 != sl_ts_strncmp(conn->M1, conn->buf, KEY_LEN)) 2091 2091 { 2092 2092 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_BADCONN, … … 2414 2414 */ 2415 2415 if (conn->buf != NULL && 2416 sl_ strncmp(conn->buf, conn->M1, KEY_LEN) == 0)2416 sl_ts_strncmp(conn->buf, conn->M1, KEY_LEN) == 0) 2417 2417 { 2418 2418 /* -
trunk/src/slib.c
r539 r544 588 588 /* 589 589 * Have memset in a different translation unit (i.e. this) to prevent 590 * it to get optimized away 590 * it to get optimized away ...not safe with link-time optimisation... 591 591 */ 592 void *sl_memset(void *s, int c, size_t n) 593 { 594 return memset(s, c,n); 592 void * sl_memset(void *s, int c, size_t n) 593 { 594 /* See: 595 * https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_zhaomo_yang.pdf 596 */ 597 #if defined(HAVE_EXPLICIT_MEMSET) 598 return explicit_memset(s, c, n); 599 #elif defined(HAVE_EXPLICIT_BZERO) 600 if (c == 0) { 601 explicit_bzero(s, n); 602 return s; 603 } else { 604 return memset(s, c, n); 605 } 606 #elif defined(__GNUC__) 607 memset(s, c, n); 608 __asm__ __volatile__ ("" ::"r"(s): "memory"); /* compiler barrier */ 609 return s; 610 #else 611 if (c == 0) { 612 size_t i; 613 volatile unsigned char * t_s = (volatile unsigned char *)s; 614 for (i=0; i<n; ++i) 615 t_s[i] = 0; 616 return s; 617 } else { 618 return memset(s, c, n); 619 } 620 #endif 595 621 } 596 622 … … 1071 1097 if (a != NULL && b != NULL) 1072 1098 return (strcmp(a, b)); 1099 else if (a == NULL && b != NULL) 1100 return (-1); 1101 else if (a != NULL && b == NULL) 1102 return (1); 1103 else 1104 return (-7); /* default to not equal */ 1105 } 1106 1107 /* Does not report sign. */ 1108 int sl_ts_strncmp(const char * a, const char * b, size_t n) 1109 { 1110 #ifdef SL_FAIL_ON_ERROR 1111 SL_REQUIRE (a != NULL, _("a != NULL")); 1112 SL_REQUIRE (b != NULL, _("b != NULL")); 1113 SL_REQUIRE (n > 0, _("n > 0")); 1114 #endif 1115 1116 if (a != NULL && b != NULL) 1117 { 1118 const unsigned char *a1 = (const unsigned char *)a; 1119 const unsigned char *b1 = (const unsigned char *)b; 1120 size_t i; 1121 int retval=0; 1122 /* The simple index based access is optimized best by the 1123 * compiler (tested with gcc 7.3.0). */ 1124 for (i = 0; i < n; ++i) 1125 { 1126 if (a1[i] == '\0' || b1[i] == '\0') 1127 break; 1128 retval |= (a1[i] ^ b1[i]); 1129 } 1130 /* if (retval == 0) --> false (0) */ 1131 return (retval != 0); 1132 } 1073 1133 else if (a == NULL && b != NULL) 1074 1134 return (-1);
Note:
See TracChangeset
for help on using the changeset viewer.