From 009f38478e6a1c47aa355b0aed80b69ba91b9c61 Mon Sep 17 00:00:00 2001 From: Geremy Condra Date: Fri, 8 Jun 2012 14:39:11 -0700 Subject: Added actual event logging calls to the FORTIFY_SOURCE methods. Change-Id: I3bf4fa8678c33187cb8ce4b75e666ddcd24403ab --- libc/private/logd.h | 15 +++++++++++++++ libc/string/__memcpy_chk.c | 1 + libc/string/__memmove_chk.c | 1 + libc/string/__memset_chk.c | 1 + libc/string/__strcat_chk.c | 8 +++++++- libc/string/__strcpy_chk.c | 1 + libc/string/__strncat_chk.c | 8 +++++++- libc/string/__strncpy_chk.c | 1 + 8 files changed, 34 insertions(+), 2 deletions(-) diff --git a/libc/private/logd.h b/libc/private/logd.h index 37d4104..8970daf 100644 --- a/libc/private/logd.h +++ b/libc/private/logd.h @@ -30,6 +30,21 @@ #include +#define BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW 80100 +#define BIONIC_EVENT_STRCAT_BUFFER_OVERFLOW 80105 +#define BIONIC_EVENT_MEMMOVE_BUFFER_OVERFLOW 80110 +#define BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW 80115 +#define BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW 80120 +#define BIONIC_EVENT_MEMSET_BUFFER_OVERFLOW 80125 +#define BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW 80130 + +#define BIONIC_EVENT_STRCAT_INTEGER_OVERFLOW 80200 +#define BIONIC_EVENT_STRNCAT_INTEGER_OVERFLOW 80205 + +#define BIONIC_EVENT_RESOLVER_OLD_RESPONSE 80300 +#define BIONIC_EVENT_RESOLVER_WRONG_SERVER 80305 +#define BIONIC_EVENT_RESOLVER_WRONG_QUERY 80310 + enum { ANDROID_LOG_UNKNOWN = 0, ANDROID_LOG_DEFAULT, /* only for SetMinPriority() */ diff --git a/libc/string/__memcpy_chk.c b/libc/string/__memcpy_chk.c index aed3ec2..e79f6ac 100644 --- a/libc/string/__memcpy_chk.c +++ b/libc/string/__memcpy_chk.c @@ -47,6 +47,7 @@ void *__memcpy_chk (void *dest, const void *src, if (len > dest_len) { __libc_android_log_print(ANDROID_LOG_FATAL, "libc", "*** memcpy buffer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW); abort(); } diff --git a/libc/string/__memmove_chk.c b/libc/string/__memmove_chk.c index 5a6eb4d..529eb8f 100644 --- a/libc/string/__memmove_chk.c +++ b/libc/string/__memmove_chk.c @@ -47,6 +47,7 @@ void *__memmove_chk (void *dest, const void *src, if (len > dest_len) { __libc_android_log_print(ANDROID_LOG_FATAL, "libc", "*** memmove buffer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_MEMMOVE_BUFFER_OVERFLOW); abort(); } diff --git a/libc/string/__memset_chk.c b/libc/string/__memset_chk.c index 1ccfd46..0904c03 100644 --- a/libc/string/__memset_chk.c +++ b/libc/string/__memset_chk.c @@ -46,6 +46,7 @@ void *__memset_chk (void *dest, int c, size_t n, size_t dest_len) if (n > dest_len) { __libc_android_log_print(ANDROID_LOG_FATAL, "libc", "*** memset buffer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_MEMSET_BUFFER_OVERFLOW); abort(); } diff --git a/libc/string/__strcat_chk.c b/libc/string/__strcat_chk.c index 7d8c89f..4665d66 100644 --- a/libc/string/__strcat_chk.c +++ b/libc/string/__strcat_chk.c @@ -50,11 +50,17 @@ char *__strcat_chk (char *dest, const char *src, size_t dest_buf_size) size_t sum; // sum = src_len + dest_len + 1 (with overflow protection) - if (!safe_add3(&sum, src_len, dest_len, 1U)) abort(); + if (!safe_add3(&sum, src_len, dest_len, 1U)) { + __libc_android_log_print(ANDROID_LOG_FATAL, "libc", + "*** strcat integer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_STRCAT_INTEGER_OVERFLOW); + abort(); + } if (sum > dest_buf_size) { __libc_android_log_print(ANDROID_LOG_FATAL, "libc", "*** strcat buffer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW); abort(); } diff --git a/libc/string/__strcpy_chk.c b/libc/string/__strcpy_chk.c index 85aa19d..79486b4 100644 --- a/libc/string/__strcpy_chk.c +++ b/libc/string/__strcpy_chk.c @@ -48,6 +48,7 @@ char *__strcpy_chk (char *dest, const char *src, size_t dest_len) if (src_len > dest_len) { __libc_android_log_print(ANDROID_LOG_FATAL, "libc", "*** strcpy buffer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW); abort(); } diff --git a/libc/string/__strncat_chk.c b/libc/string/__strncat_chk.c index 0387626..2036c9f 100644 --- a/libc/string/__strncat_chk.c +++ b/libc/string/__strncat_chk.c @@ -54,11 +54,17 @@ char *__strncat_chk (char *dest, const char *src, size_t sum; // sum = src_len + dest_len + 1 (with overflow protection) - if (!safe_add3(&sum, src_len, dest_len, 1U)) abort(); + if (!safe_add3(&sum, src_len, dest_len, 1U)) { + __libc_android_log_print(ANDROID_LOG_FATAL, "libc", + "*** strncat integer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_INTEGER_OVERFLOW); + abort(); + } if (sum > dest_buf_size) { __libc_android_log_print(ANDROID_LOG_FATAL, "libc", "*** strncat buffer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW); abort(); } diff --git a/libc/string/__strncpy_chk.c b/libc/string/__strncpy_chk.c index b87ef4b..3f9e9fb 100644 --- a/libc/string/__strncpy_chk.c +++ b/libc/string/__strncpy_chk.c @@ -47,6 +47,7 @@ char *__strncpy_chk (char *dest, const char *src, if (len > dest_len) { __libc_android_log_print(ANDROID_LOG_FATAL, "libc", "*** strncpy buffer overflow detected ***\n"); + __libc_android_log_event_uid(BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW); abort(); } -- cgit v1.1