Index: /trunk/Makefile.in =================================================================== --- /trunk/Makefile.in (revision 543) +++ /trunk/Makefile.in (revision 544) @@ -1659,5 +1659,5 @@ sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h -sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h @@ -1672,5 +1672,5 @@ encode.o: $(srcsrc)/encode.c Makefile sstrip.o: $(srcsrc)/sstrip.c Makefile config.h -trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h Index: /trunk/aclocal.m4 =================================================================== --- /trunk/aclocal.m4 (revision 543) +++ /trunk/aclocal.m4 (revision 544) @@ -1125,28 +1125,43 @@ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then - AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all], + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-strong], ssp_cv_cc, [ssp_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-protector-all" + CFLAGS="$CFLAGS -fstack-protector-strong" AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) CFLAGS="$ssp_old_cflags" ]) if test $ssp_cv_cc = no; then - AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all], ssp_cv_cc, [ssp_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-protector" + CFLAGS="$CFLAGS -fstack-protector-all" AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) CFLAGS="$ssp_old_cflags" ]) - if test $ssp_cv_cc = yes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" - LDFLAGS="$LDFLAGS -fstack-protector" - AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + if test $ssp_cv_cc = no; then + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], + ssp_cv_cc, + [ssp_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-protector" + AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) + CFLAGS="$ssp_old_cflags" + ]) + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" + LDFLAGS="$LDFLAGS -fstack-protector" + AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + fi + else + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" + LDFLAGS="$LDFLAGS -fstack-protector-all" + AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + fi fi else if test $ssp_cv_cc = yes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" - LDFLAGS="$LDFLAGS -fstack-protector-all" + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-strong" + LDFLAGS="$LDFLAGS -fstack-protector-strong" AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) fi @@ -1211,13 +1226,13 @@ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then - AC_CACHE_CHECK([whether ${CC} accepts -fstack-check], + AC_CACHE_CHECK([whether ${CC} accepts -fstack-clash-protection], stackcheck_cv_cc, [stackcheck_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-check" + CFLAGS="$CFLAGS -fstack-clash-protection" AC_TRY_COMPILE(,, stackcheck_cv_cc=yes, stackcheck_cv_cc=no) CFLAGS="$stackcheck_old_cflags" ]) if test $stackcheck_cv_cc = yes; then - CFLAGS="$CFLAGS -fstack-check" + CFLAGS="$CFLAGS -fstack-clash-protection" fi fi Index: /trunk/config.h.in =================================================================== --- /trunk/config.h.in (revision 543) +++ /trunk/config.h.in (revision 544) @@ -525,4 +525,10 @@ /* Define to 1 if you have the `endpwent' function. */ #undef HAVE_ENDPWENT + +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + +/* Define to 1 if you have the `explicit_memset' function. */ +#undef HAVE_EXPLICIT_MEMSET /* Define to 1 if you have the header file. */ Index: /trunk/configure.ac =================================================================== --- /trunk/configure.ac (revision 543) +++ /trunk/configure.ac (revision 544) @@ -12,5 +12,5 @@ dnl start dnl -AM_INIT_AUTOMAKE(samhain, 4.3.2) +AM_INIT_AUTOMAKE(samhain, 4.3.3) AC_DEFINE([SAMHAIN], 1, [Application is samhain]) AC_CANONICAL_HOST @@ -380,4 +380,5 @@ AC_FUNC_STRFTIME AC_CHECK_FUNCS(memcmp memcpy memmove memset getpwent endpwent fpurge \ + explicit_memset explicit_bzero \ gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ seteuid setreuid setresuid lstat getwd getcwd ptrace \ @@ -706,6 +707,8 @@ GCC_STACK_PROTECT_LIB GCC_STACK_PROTECT_CC -dnl GCC_STACK_CHECK_CC - GCC_PIE_CC + GCC_STACK_CHECK_CC + GCC_PIE_CC + GCC_FLAG_CHECK([-fexceptions]) + GCC_FLAG_CHECK([-mcet -fcf-protection]) fi @@ -1038,8 +1041,13 @@ tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' ` LIBS="${tmp_LIBS}" + AC_MSG_WARN([--enable-static: no support for Linux Auditing System]) fi if test "x$GCC" = "xyes"; then + if test -n "`echo "$CFLAGS" | grep "\-flto" 2> /dev/null`" + then + AC_MSG_ERROR([--enable-static: not compatible with link-time optimisation]) + fi case "$host_os" in @@ -1206,4 +1214,7 @@ [ --with-database=[[mysql|postgresql|oracle|odbc]] database support [[no]]], [ + if test x"$enable_static" = xyes; then + AC_MSG_WARN([With --enable-static, --with-database may fail to compile.]) + fi if test x"$enable_xml_log" != xyes; then AC_MSG_ERROR([With --with-database, --enable-xml-log is required as well.]) @@ -1791,5 +1802,5 @@ ;; *) - CFLAGS="$CFLAGS -Wall -W " + CFLAGS="$CFLAGS -Wall -W -Werror=implicit-function-declaration " ;; esac Index: /trunk/depend.dep =================================================================== --- /trunk/depend.dep (revision 543) +++ /trunk/depend.dep (revision 544) @@ -28,5 +28,5 @@ sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h -sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h @@ -41,5 +41,5 @@ encode.o: $(srcsrc)/encode.c Makefile sstrip.o: $(srcsrc)/sstrip.c Makefile config.h -trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h +trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h Index: /trunk/depend.sum =================================================================== --- /trunk/depend.sum (revision 543) +++ /trunk/depend.sum (revision 544) @@ -1,1 +1,1 @@ -3903466696 +3038455203 Index: /trunk/docs/Changelog =================================================================== --- /trunk/docs/Changelog (revision 543) +++ /trunk/docs/Changelog (revision 544) @@ -1,2 +1,8 @@ +4.3.3: + * fix some issues with link-time optimisation (option -flto with + recent gcc versions) + * fix compiler warning in sh_prelude.c + * add patch (by Kamel H.) to init for alternative root fs) + 4.3.2: * fix compile failure on OpenBSD (reported by Mithrond) Index: /trunk/include/slib.h =================================================================== --- /trunk/include/slib.h (revision 543) +++ /trunk/include/slib.h (revision 544) @@ -227,4 +227,5 @@ */ int sl_strncmp(const char * a, const char * b, size_t n); + int sl_ts_strncmp(const char * a, const char * b, size_t n); int sl_strncasecmp(const char * a, const char * b, size_t n); Index: /trunk/src/bignum.c =================================================================== --- /trunk/src/bignum.c (revision 543) +++ /trunk/src/bignum.c (revision 544) @@ -425,4 +425,5 @@ { DIGIT *a_ptr, *b_ptr; + int retval = 0; if (a->dgs_used == b->dgs_used) @@ -437,10 +438,12 @@ if (a_ptr < a->dp) { - return 0; + return retval; } else { - return (*a_ptr > *b_ptr) ? 1 : -1; - } + if (retval == 0) + retval = (*a_ptr > *b_ptr) ? 1 : -1; + } + return retval; } return (a->dgs_used > b->dgs_used) ? 1 : -1; Index: /trunk/src/cutest_slib.c =================================================================== --- /trunk/src/cutest_slib.c (revision 543) +++ /trunk/src/cutest_slib.c (revision 544) @@ -58,4 +58,25 @@ } +void Test_sl_ts_strncmp (CuTest *tc) { + char one[64], two[64]; + int res; + + strcpy(one, "foo"); + strcpy(two, "foo"); + res = sl_ts_strncmp(one, two, 3); + CuAssertIntEquals(tc, 0, res); + + strcpy(one, "fox"); + strcpy(two, "foo"); + res = sl_ts_strncmp(one, two, 2); + CuAssertIntEquals(tc, 0, res); + + strcpy(one, "f9o"); + strcpy(two, "foo"); + res = sl_ts_strncmp(one, two, 3); + CuAssertTrue(tc, 0 != res); + +} + void Test_sl_strcasecmp (CuTest *tc) { char one[64], two[64]; Index: /trunk/src/sh_calls.c =================================================================== --- /trunk/src/sh_calls.c (revision 543) +++ /trunk/src/sh_calls.c (revision 544) @@ -51,5 +51,4 @@ #include "samhain.h" #include "sh_error.h" -#include "sh_calls.h" #include "sh_ipvx.h" #include "sh_sub.h" Index: /trunk/src/sh_srp.c =================================================================== --- /trunk/src/sh_srp.c (revision 543) +++ /trunk/src/sh_srp.c (revision 544) @@ -48,5 +48,5 @@ #define bignum MP_INT -inline +static int big_create (bignum * a) { @@ -55,5 +55,5 @@ } -inline +static int big_zerop (bignum * a) { @@ -69,5 +69,5 @@ } -inline +static int big_trunc (bignum * a, bignum * b, bignum * q, bignum *r) { @@ -76,5 +76,5 @@ } -inline +static int big_exptmod (bignum * a, bignum * b, bignum * c, bignum *d) { @@ -136,5 +136,5 @@ } -inline +static int big_add(bignum * a, bignum * b, bignum * c) { @@ -143,5 +143,5 @@ } -inline +static int big_sub(bignum * a, bignum * b, bignum * c) { @@ -150,5 +150,5 @@ } -inline +static int big_mul(bignum * a, bignum * b, bignum * c) { @@ -157,5 +157,5 @@ } -inline +static int big_greaterp(bignum * a, bignum * b) { @@ -163,5 +163,5 @@ } -inline +static int big_set_big(bignum * a, bignum * b) { @@ -171,5 +171,5 @@ -inline +static int big_set_string(const char * str, int base, bignum * a) { Index: /trunk/src/sh_xfer_client.c =================================================================== --- /trunk/src/sh_xfer_client.c (revision 543) +++ /trunk/src/sh_xfer_client.c (revision 544) @@ -769,5 +769,5 @@ */ sh_passwd (nounce, NULL, NULL, temp); - if ( 0 != sl_strncmp(temp, answer, KEY_LEN)) + if ( 0 != sl_ts_strncmp(temp, answer, KEY_LEN)) flag_err = (-1); @@ -1003,5 +1003,5 @@ ); if (M != NULL && - 0 == sl_strncmp (answer, M, KEY_LEN+1)) + 0 == sl_ts_strncmp (answer, M, KEY_LEN+1)) { sl_strlcpy (skey->session, @@ -1083,5 +1083,5 @@ pos+1); flag_err = - sl_strncmp(&answer[KEY_LEN+pos], + sl_ts_strncmp(&answer[KEY_LEN+pos], sh_util_siggen(skey->session, buffer, @@ -1202,10 +1202,10 @@ (void) sl_strlcpy(buffer, errmsg, len); (void) sl_strlcat(buffer, nsrv, len); - flag_err = sl_strncmp(answer, - sh_util_siggen(skey->session, - buffer, - sl_strlen(buffer), - sigbuf, sizeof(sigbuf)), - KEY_LEN); + flag_err = sl_ts_strncmp(answer, + sh_util_siggen(skey->session, + buffer, + sl_strlen(buffer), + sigbuf, sizeof(sigbuf)), + KEY_LEN); TPT((0, FIL__, __LINE__, _("msg=\n"), sh_util_siggen(skey->session, buffer, Index: /trunk/src/sh_xfer_server.c =================================================================== --- /trunk/src/sh_xfer_server.c (revision 543) +++ /trunk/src/sh_xfer_server.c (revision 544) @@ -1198,5 +1198,5 @@ KEY_LEN+1); - if (0 != sl_strncmp(conn->K, conn->buf, KEY_LEN)) + if (0 != sl_ts_strncmp(conn->K, conn->buf, KEY_LEN)) { TPT((0, FIL__, __LINE__, _("msg=\n"), conn->buf)); @@ -1664,10 +1664,10 @@ */ buffer = sh_util_strconcat(conn->buf, conn->challenge, NULL); - i = sl_strncmp(hash, - sh_util_siggen(conn->client_entry->session_key, - buffer, - sl_strlen(buffer), - sigbuf, sizeof(sigbuf)), - KEY_LEN); + i = sl_ts_strncmp(hash, + sh_util_siggen(conn->client_entry->session_key, + buffer, + sl_strlen(buffer), + sigbuf, sizeof(sigbuf)), + KEY_LEN); TPT((0, FIL__, __LINE__, _("msg=\n"), sh_util_siggen(conn->client_entry->session_key, @@ -2088,5 +2088,5 @@ TPT((0, FIL__, __LINE__, _("msg=\n"), conn->M1)); - if ( 0 != sl_strncmp(conn->M1, conn->buf, KEY_LEN)) + if ( 0 != sl_ts_strncmp(conn->M1, conn->buf, KEY_LEN)) { sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_BADCONN, @@ -2414,5 +2414,5 @@ */ if (conn->buf != NULL && - sl_strncmp(conn->buf, conn->M1, KEY_LEN) == 0) + sl_ts_strncmp(conn->buf, conn->M1, KEY_LEN) == 0) { /* Index: /trunk/src/slib.c =================================================================== --- /trunk/src/slib.c (revision 543) +++ /trunk/src/slib.c (revision 544) @@ -588,9 +588,35 @@ /* * Have memset in a different translation unit (i.e. this) to prevent - * it to get optimized away + * it to get optimized away ...not safe with link-time optimisation... */ -void *sl_memset(void *s, int c, size_t n) -{ - return memset(s, c,n); +void * sl_memset(void *s, int c, size_t n) +{ + /* See: + * https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_zhaomo_yang.pdf + */ +#if defined(HAVE_EXPLICIT_MEMSET) + return explicit_memset(s, c, n); +#elif defined(HAVE_EXPLICIT_BZERO) + if (c == 0) { + explicit_bzero(s, n); + return s; + } else { + return memset(s, c, n); + } +#elif defined(__GNUC__) + memset(s, c, n); + __asm__ __volatile__ ("" ::"r"(s): "memory"); /* compiler barrier */ + return s; +#else + if (c == 0) { + size_t i; + volatile unsigned char * t_s = (volatile unsigned char *)s; + for (i=0; i 0, _("n > 0")); +#endif + + if (a != NULL && b != NULL) + { + const unsigned char *a1 = (const unsigned char *)a; + const unsigned char *b1 = (const unsigned char *)b; + size_t i; + int retval=0; + /* The simple index based access is optimized best by the + * compiler (tested with gcc 7.3.0). */ + for (i = 0; i < n; ++i) + { + if (a1[i] == '\0' || b1[i] == '\0') + break; + retval |= (a1[i] ^ b1[i]); + } + /* if (retval == 0) --> false (0) */ + return (retval != 0); + } else if (a == NULL && b != NULL) return (-1);