forked from picolibc/picolibc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Support for Annex K functions according to C11
Adding an implementation of the bounds-checking C functions (as specified in Annex K of the C11 standard) to the PicoLibc. These functions lower the risk of introducing security vulnerabilities such as buffer overflows and format string vulnerabilities into your code by providing clear and easy-to-use interfaces. For each C function a secure alternate function ending in a "_s" postfix is provided (e.g., strcpy_s). Use of these functions is recommended by security experts and secure coding standards. also, Implemented unit tests for the Annex-K functions to ensure their corrctness. Covered various scenarios including normal operation, boundary conditions, and error handling. Signed-off-by: Mostafa Salman <[email protected]>
- Loading branch information
1 parent
f494a5d
commit 6296619
Showing
40 changed files
with
3,212 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,6 +35,7 @@ SUCH DAMAGE. | |
|
||
#include <sys/cdefs.h> | ||
#include <sys/config.h> | ||
#include <sys/_types.h> | ||
|
||
_BEGIN_STD_C | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
/* | ||
* SPDX-License-Identifier: BSD-3-Clause | ||
* | ||
* Copyright © 2024, Synopsys Inc. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions | ||
* are met: | ||
* | ||
* 1. Redistributions of source code must retain the above copyright | ||
* notice, this list of conditions and the following disclaimer. | ||
* | ||
* 2. Redistributions in binary form must reproduce the above | ||
* copyright notice, this list of conditions and the following | ||
* disclaimer in the documentation and/or other materials provided | ||
* with the distribution. | ||
* | ||
* 3. Neither the name of the copyright holder nor the names of its | ||
* contributors may be used to endorse or promote products derived | ||
* from this software without specific prior written permission. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | ||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | ||
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | ||
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
* OF THE POSSIBILITY OF SUCH DAMAGE. | ||
*/ | ||
#define __STDC_WANT_LIB_EXT1__ 1 | ||
#include <stdlib.h> | ||
|
||
constraint_handler_t __cur_handler = abort_handler_s; | ||
|
||
void | ||
abort_handler_s(const char *restrict msg, void *restrict ptr, __errno_t error) | ||
{ | ||
(void)msg; | ||
(void)ptr; | ||
(void)error; | ||
abort(); | ||
} | ||
|
||
constraint_handler_t | ||
set_constraint_handler_s(constraint_handler_t handler) | ||
{ | ||
constraint_handler_t h = __cur_handler; | ||
|
||
if (handler == (constraint_handler_t)NULL) { | ||
__cur_handler = abort_handler_s; // null restores to default handler | ||
} else { | ||
__cur_handler = handler; | ||
} | ||
|
||
return h; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
/* | ||
* SPDX-License-Identifier: BSD-3-Clause | ||
* | ||
* Copyright © 2024, Synopsys Inc. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions | ||
* are met: | ||
* | ||
* 1. Redistributions of source code must retain the above copyright | ||
* notice, this list of conditions and the following disclaimer. | ||
* | ||
* 2. Redistributions in binary form must reproduce the above | ||
* copyright notice, this list of conditions and the following | ||
* disclaimer in the documentation and/or other materials provided | ||
* with the distribution. | ||
* | ||
* 3. Neither the name of the copyright holder nor the names of its | ||
* contributors may be used to endorse or promote products derived | ||
* from this software without specific prior written permission. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | ||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | ||
* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | ||
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
* OF THE POSSIBILITY OF SUCH DAMAGE. | ||
*/ | ||
#define __STDC_WANT_LIB_EXT1__ 1 | ||
#include <string.h> | ||
#include <stdbool.h> | ||
#include <stdint.h> | ||
#include <stdlib.h> | ||
|
||
__errno_t | ||
memcpy_s(void *restrict s1, rsize_t s1max, const void *restrict s2, rsize_t n) | ||
{ | ||
const char *msg = ""; | ||
constraint_handler_t handler = NULL; | ||
|
||
if (s1 == NULL) { | ||
msg = "memcpy_s: dest is NULL"; | ||
goto handle_error; | ||
} | ||
|
||
if (s1max > RSIZE_MAX) { | ||
msg = "memcpy_s: buffer size exceeds RSIZE_MAX"; | ||
goto handle_error; | ||
} | ||
|
||
if (s2 == NULL) { | ||
msg = "memcpy_s: source is NULL"; | ||
goto handle_error; | ||
} | ||
|
||
if (n > RSIZE_MAX) { | ||
msg = "memcpy_s: copy count exceeds RSIZE_MAX"; | ||
goto handle_error; | ||
} | ||
|
||
if (n > s1max) { | ||
msg = "memcpy_s: copy count exceeds buffer size"; | ||
goto handle_error; | ||
} | ||
|
||
const char *s1cp = (const char *)s1; | ||
const char *s2cp = (const char *)s2; | ||
const char *s1cp_limit = &s1cp[n]; | ||
const char *s2cp_limit = &s2cp[n]; | ||
|
||
if (((s1cp_limit <= s2cp) || (s2cp_limit <= s1cp)) == false) { | ||
msg = "memcpy_s: overlapping copy"; | ||
goto handle_error; | ||
} | ||
|
||
// Normal return path | ||
(void)memcpy(s1, s2, n); | ||
return 0; | ||
|
||
handle_error: | ||
handler = set_constraint_handler_s(NULL); | ||
(void)set_constraint_handler_s(handler); | ||
|
||
if (s1 != NULL) { | ||
(void)memset(s1, (int32_t)'\0', s1max); | ||
} | ||
|
||
if (handler != NULL) { | ||
handler(msg, NULL, -1); | ||
} | ||
|
||
return -1; | ||
} |
Oops, something went wrong.