Changeset 544

Timestamp:

Feb 17, 2019, 2:41:49 PM (6 years ago)

Author:

katerina

Message:

Fix for ticket #436 (new gcc compiler options, including LTO).

Location:

trunk

Files:

• Makefile.in (modified) (2 diffs)
• aclocal.m4 (modified) (2 diffs)
• config.h.in (modified) (1 diff)
• configure.ac (modified) (6 diffs)
• depend.dep (modified) (2 diffs)
• depend.sum (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• include/slib.h (modified) (1 diff)
• src/bignum.c (modified) (2 diffs)
• src/cutest_slib.c (modified) (1 diff)
• src/sh_calls.c (modified) (1 diff)
• src/sh_srp.c (modified) (10 diffs)
• src/sh_xfer_client.c (modified) (4 diffs)
• src/sh_xfer_server.c (modified) (4 diffs)
• src/slib.c (modified) (2 diffs)

trunk/Makefile.in

@@ -1659 +1659 @@
 sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h 
 sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h 
-sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h 
+sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h 
 sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h 
 sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h 
@@ -1672 +1672 @@
 encode.o: $(srcsrc)/encode.c Makefile 
 sstrip.o: $(srcsrc)/sstrip.c Makefile config.h 
-trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h 
+trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h 
 exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data 
 exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h 

trunk/aclocal.m4

@@ -1125 +1125 @@
   AC_LANG_ASSERT(C)
   if test "X$CC" != "X"; then
-    AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all],
+    AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-strong],
       ssp_cv_cc,
       [ssp_old_cflags="$CFLAGS"
-       CFLAGS="$CFLAGS -fstack-protector-all"
+       CFLAGS="$CFLAGS -fstack-protector-strong"
        AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no)
        CFLAGS="$ssp_old_cflags"
       ])
     if test $ssp_cv_cc = no; then
-      AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
+      AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all],
         ssp_cv_cc,
         [ssp_old_cflags="$CFLAGS"
-         CFLAGS="$CFLAGS -fstack-protector"
+         CFLAGS="$CFLAGS -fstack-protector-all"
          AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no)
          CFLAGS="$ssp_old_cflags"
         ])
-      if test $ssp_cv_cc = yes; then
-        CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector"
-        LDFLAGS="$LDFLAGS -fstack-protector"
-        AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
+      if test $ssp_cv_cc = no; then
+        AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
+          ssp_cv_cc,
+          [ssp_old_cflags="$CFLAGS"
+           CFLAGS="$CFLAGS -fstack-protector"
+           AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no)
+           CFLAGS="$ssp_old_cflags"
+          ])
+        if test $ssp_cv_cc = yes; then
+          CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector"
+          LDFLAGS="$LDFLAGS -fstack-protector"
+          AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
+        fi
+      else
+        if test $ssp_cv_cc = yes; then
+          CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+          LDFLAGS="$LDFLAGS -fstack-protector-all"
+          AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
+        fi
       fi
     else
       if test $ssp_cv_cc = yes; then
-        CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
-        LDFLAGS="$LDFLAGS -fstack-protector-all"
+        CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-strong"
+        LDFLAGS="$LDFLAGS -fstack-protector-strong"
         AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
       fi
@@ -1211 +1226 @@
   AC_LANG_ASSERT(C)
   if test "X$CC" != "X"; then
-    AC_CACHE_CHECK([whether ${CC} accepts -fstack-check],
+    AC_CACHE_CHECK([whether ${CC} accepts -fstack-clash-protection],
       stackcheck_cv_cc,
       [stackcheck_old_cflags="$CFLAGS"
-       CFLAGS="$CFLAGS -fstack-check"
+       CFLAGS="$CFLAGS -fstack-clash-protection"
        AC_TRY_COMPILE(,, stackcheck_cv_cc=yes, stackcheck_cv_cc=no)
        CFLAGS="$stackcheck_old_cflags"
       ])
     if test $stackcheck_cv_cc = yes; then
-      CFLAGS="$CFLAGS -fstack-check"
+      CFLAGS="$CFLAGS -fstack-clash-protection"
     fi
   fi

trunk/config.h.in

@@ -525 +525 @@
 /* Define to 1 if you have the `endpwent' function. */
 #undef HAVE_ENDPWENT
+
+/* Define to 1 if you have the `explicit_bzero' function. */
+#undef HAVE_EXPLICIT_BZERO
+
+/* Define to 1 if you have the `explicit_memset' function. */
+#undef HAVE_EXPLICIT_MEMSET
 
 /* Define to 1 if you have the <ext2fs/ext2_fs.h> header file. */

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 4.3.2)
+AM_INIT_AUTOMAKE(samhain, 4.3.3)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST
@@ -380 +380 @@
 AC_FUNC_STRFTIME
 AC_CHECK_FUNCS(memcmp memcpy memmove memset getpwent endpwent fpurge \
+        explicit_memset explicit_bzero \
         gettimeofday strlcat strlcpy strstr strchr strerror strsignal \
         seteuid setreuid setresuid lstat getwd getcwd ptrace \
@@ -706 +707 @@
         GCC_STACK_PROTECT_LIB
         GCC_STACK_PROTECT_CC
-dnl   GCC_STACK_CHECK_CC
-      GCC_PIE_CC
+        GCC_STACK_CHECK_CC
+        GCC_PIE_CC
+        GCC_FLAG_CHECK([-fexceptions])
+        GCC_FLAG_CHECK([-mcet -fcf-protection])
    fi   
 
@@ -1038 +1041 @@
                   tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' `
                   LIBS="${tmp_LIBS}"
+                  AC_MSG_WARN([--enable-static: no support for Linux Auditing System])
                 fi
 
                 if test "x$GCC" = "xyes"; 
                 then
+                   if test -n "`echo "$CFLAGS" | grep "\-flto" 2> /dev/null`"
+                   then
+                        AC_MSG_ERROR([--enable-static: not compatible with link-time optimisation])
+                   fi
                    case "$host_os" in
 
@@ -1206 +1214 @@
         [  --with-database=[[mysql|postgresql|oracle|odbc]]     database support [[no]]],
         [
+        if test x"$enable_static" = xyes; then
+                AC_MSG_WARN([With --enable-static,  --with-database may fail to compile.])
+        fi
         if test x"$enable_xml_log" != xyes; then
                 AC_MSG_ERROR([With --with-database,  --enable-xml-log is required as well.])
@@ -1791 +1802 @@
            ;;
         *)
-           CFLAGS="$CFLAGS -Wall -W "
+           CFLAGS="$CFLAGS -Wall -W -Werror=implicit-function-declaration "
            ;;
      esac

trunk/depend.dep

@@ -28 +28 @@
 sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h 
 sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h 
-sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h 
+sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h 
 sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h 
 sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h 
@@ -41 +41 @@
 encode.o: $(srcsrc)/encode.c Makefile 
 sstrip.o: $(srcsrc)/sstrip.c Makefile config.h 
-trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h 
+trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h 
 exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data 
 exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h 

trunk/depend.sum

@@ -1 @@
-3903466696
+3038455203

trunk/docs/Changelog

@@ +1 @@
+4.3.3:
+        * fix some issues with link-time optimisation (option -flto with
+        recent gcc versions)
+        * fix compiler warning in sh_prelude.c
+        * add patch (by Kamel H.) to init for alternative root fs)
+
 4.3.2:
         * fix compile failure on OpenBSD (reported by Mithrond)

trunk/include/slib.h

@@ -227 +227 @@
    */
   int sl_strncmp(const char * a, const char * b, size_t n);
+  int sl_ts_strncmp(const char * a, const char * b, size_t n);
 
   int sl_strncasecmp(const char * a, const char * b, size_t n);

trunk/src/bignum.c

@@ -425 +425 @@
 {
     DIGIT *a_ptr, *b_ptr;
+    int retval = 0;
 
     if (a->dgs_used  == b->dgs_used)
@@ -437 +438 @@
         if (a_ptr < a->dp)
         {
-            return 0;
+            return retval;
         }
         else
         {
-            return (*a_ptr > *b_ptr) ? 1 : -1;
-        }
+            if (retval == 0)
+                retval = (*a_ptr > *b_ptr) ? 1 : -1;
+        }
+        return retval;
     }
     return (a->dgs_used > b->dgs_used) ? 1 : -1;

trunk/src/cutest_slib.c

@@ -58 +58 @@
 }
 
+void Test_sl_ts_strncmp (CuTest *tc) {
+  char one[64], two[64];
+  int  res;
+
+  strcpy(one, "foo");
+  strcpy(two, "foo");
+  res = sl_ts_strncmp(one, two, 3);
+  CuAssertIntEquals(tc, 0, res);
+
+  strcpy(one, "fox");
+  strcpy(two, "foo");
+  res = sl_ts_strncmp(one, two, 2);
+  CuAssertIntEquals(tc, 0, res);
+  
+  strcpy(one, "f9o");
+  strcpy(two, "foo");
+  res = sl_ts_strncmp(one, two, 3);
+  CuAssertTrue(tc, 0 != res);
+
+}
+
 void Test_sl_strcasecmp (CuTest *tc) {
   char one[64], two[64];

trunk/src/sh_calls.c

@@ -51 +51 @@
 #include "samhain.h"
 #include "sh_error.h"
-#include "sh_calls.h"
 #include "sh_ipvx.h"
 #include "sh_sub.h"

trunk/src/sh_srp.c

@@ -48 +48 @@
 #define bignum MP_INT
 
-inline
+static
 int big_create (bignum * a)
 {
@@ -55 +55 @@
 }
 
-inline
+static
 int big_zerop (bignum * a)
 {
@@ -69 +69 @@
 }
 
-inline
+static
 int big_trunc (bignum * a, bignum * b, bignum * q, bignum *r)
 {
@@ -76 +76 @@
 }
 
-inline
+static
 int big_exptmod (bignum * a, bignum * b, bignum * c, bignum *d)
 {
@@ -136 +136 @@
 }
 
-inline 
+static 
 int big_add(bignum * a, bignum * b, bignum * c)
 {
@@ -143 +143 @@
 }
 
-inline 
+static 
 int big_sub(bignum * a, bignum * b, bignum * c)
 {
@@ -150 +150 @@
 }
 
-inline 
+static 
 int big_mul(bignum * a, bignum * b, bignum * c)
 {
@@ -157 +157 @@
 }
 
-inline 
+static 
 int big_greaterp(bignum * a, bignum * b)
 {
@@ -163 +163 @@
 }
 
-inline 
+static 
 int big_set_big(bignum * a, bignum * b)
 {
@@ -171 +171 @@
 
 
-inline 
+static 
 int big_set_string(const char * str, int base, bignum * a)
 {

trunk/src/sh_xfer_client.c

@@ -769 +769 @@
    */
   sh_passwd (nounce, NULL, NULL, temp);
-  if ( 0 != sl_strncmp(temp, answer, KEY_LEN))
+  if ( 0 != sl_ts_strncmp(temp, answer, KEY_LEN))
     flag_err = (-1);
   
@@ -1003 +1003 @@
                                     );
                       if (M != NULL && 
-                          0 == sl_strncmp (answer, M, KEY_LEN+1))
+                          0 == sl_ts_strncmp (answer, M, KEY_LEN+1))
                         {
                           sl_strlcpy (skey->session, 
@@ -1083 +1083 @@
                         pos+1);
       flag_err = 
-        sl_strncmp(&answer[KEY_LEN+pos],
+        sl_ts_strncmp(&answer[KEY_LEN+pos],
                    sh_util_siggen(skey->session, 
                                   buffer,
@@ -1202 +1202 @@
       (void) sl_strlcpy(buffer, errmsg, len);
       (void) sl_strlcat(buffer, nsrv,   len);
-      flag_err = sl_strncmp(answer,
-                            sh_util_siggen(skey->session, 
-                                           buffer,
-                                           sl_strlen(buffer),
-                                           sigbuf, sizeof(sigbuf)),
-                            KEY_LEN);
+      flag_err = sl_ts_strncmp(answer,
+                               sh_util_siggen(skey->session, 
+                                              buffer,
+                                              sl_strlen(buffer),
+                                              sigbuf, sizeof(sigbuf)),
+                               KEY_LEN);
       TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"),
            sh_util_siggen(skey->session, buffer, 

trunk/src/sh_xfer_server.c

@@ -1198 +1198 @@
               KEY_LEN+1);
   
-  if (0 != sl_strncmp(conn->K, conn->buf, KEY_LEN))
+  if (0 != sl_ts_strncmp(conn->K, conn->buf, KEY_LEN))
     {
       TPT((0, FIL__, __LINE__, _("msg=<clt %s>\n"), conn->buf));
@@ -1664 +1664 @@
            */
           buffer = sh_util_strconcat(conn->buf, conn->challenge, NULL);
-          i =  sl_strncmp(hash, 
-                          sh_util_siggen(conn->client_entry->session_key,
-                                         buffer,
-                                         sl_strlen(buffer),
-                                         sigbuf, sizeof(sigbuf)),
-                          KEY_LEN);
+          i =  sl_ts_strncmp(hash, 
+                             sh_util_siggen(conn->client_entry->session_key,
+                                            buffer,
+                                            sl_strlen(buffer),
+                                            sigbuf, sizeof(sigbuf)),
+                             KEY_LEN);
           TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"),
                sh_util_siggen(conn->client_entry->session_key,
@@ -2088 +2088 @@
       TPT((0, FIL__, __LINE__, _("msg=<c/r: P = %s>\n"), conn->M1));
       
-      if ( 0 != sl_strncmp(conn->M1, conn->buf, KEY_LEN))
+      if ( 0 != sl_ts_strncmp(conn->M1, conn->buf, KEY_LEN))
         {
           sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_BADCONN,
@@ -2414 +2414 @@
        */
       if (conn->buf != NULL && 
-          sl_strncmp(conn->buf, conn->M1, KEY_LEN) == 0)
+          sl_ts_strncmp(conn->buf, conn->M1, KEY_LEN) == 0)
         {
           /*

trunk/src/slib.c

@@ -588 +588 @@
 /*
  * Have memset in a different translation unit (i.e. this) to prevent 
- * it to get optimized away
+ * it to get optimized away ...not safe with link-time optimisation...
  */
-void *sl_memset(void *s, int c, size_t n)
-{
-  return memset(s, c,n);
+void * sl_memset(void *s, int c, size_t n)
+{
+  /* See:
+   * https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_zhaomo_yang.pdf
+   */
+#if defined(HAVE_EXPLICIT_MEMSET)
+  return explicit_memset(s, c, n);
+#elif defined(HAVE_EXPLICIT_BZERO)
+  if (c == 0) {
+    explicit_bzero(s, n);
+    return s;
+  } else {
+    return memset(s, c, n);
+  }
+#elif defined(__GNUC__)
+  memset(s, c, n);
+  __asm__  __volatile__ ("" ::"r"(s): "memory"); /* compiler barrier */
+  return s;
+#else
+  if (c == 0) {
+    size_t i;
+    volatile unsigned char * t_s = (volatile unsigned char *)s;
+    for (i=0; i<n; ++i)
+      t_s[i] = 0;
+    return s;
+  } else {
+    return memset(s, c, n);
+  }
+#endif  
 }
 
@@ -1071 +1097 @@
   if (a != NULL && b != NULL)
     return (strcmp(a, b));
+  else if (a == NULL && b != NULL)
+    return (-1);
+  else if (a != NULL && b == NULL)
+    return (1);
+  else
+    return (-7); /* default to not equal */
+}
+
+/* Does not report sign. */
+int sl_ts_strncmp(const char * a, const char * b, size_t n)
+{
+#ifdef SL_FAIL_ON_ERROR
+  SL_REQUIRE (a != NULL, _("a != NULL"));
+  SL_REQUIRE (b != NULL, _("b != NULL"));
+  SL_REQUIRE (n > 0, _("n > 0"));
+#endif
+
+  if (a != NULL && b != NULL)
+    {
+      const unsigned char *a1 = (const unsigned char *)a;
+      const unsigned char *b1 = (const unsigned char *)b;
+      size_t i;
+      int  retval=0;
+      /* The simple index based access is optimized best by the
+       * compiler (tested with gcc 7.3.0). */
+      for (i = 0; i < n; ++i)
+        {
+          if (a1[i] == '\0' || b1[i] == '\0')
+            break;
+          retval |= (a1[i] ^ b1[i]);
+        }
+      /* if (retval == 0) --> false (0) */ 
+      return (retval != 0);
+    }
   else if (a == NULL && b != NULL)
     return (-1);