gcc-toolset-10-annobin/annobin.unicode.patch
2023-02-27 13:03:53 -05:00

417 lines
14 KiB
Diff
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

--- /dev/null 2021-10-25 08:23:06.499675237 +0100
+++ annobin-8.79/tests/unicode-test 2021-10-25 12:37:55.699238393 +0100
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Copyright (c) 2021 Red Hat.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published
+# by the Free Software Foundation; either version 3, or (at your
+# option) any later version.
+#
+# It is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+ANNOCHECK=${ANNOCHECK:-../annocheck/annocheck}
+GCC=${GCC:-gcc}
+
+# Mimics how glibc builds C sources without annotation.
+
+OPTS="-O2 -g -Wl,-z,now -pie -fpie"
+
+$GCC $OPTS $srcdir/trick-hello.s -o trick-hello.exe
+if [ $? != 0 ];
+then
+ echo "unicode-test: FAIL: Could not compile test source file"
+ exit 1
+fi
+
+# Run annocheck
+
+OPTS="--ignore-gaps --skip-cf-protection --skip-glibcxx-assertions --skip-short-enum --skip-optimization --skip-stack-prot"
+
+$ANNOCHECK trick-hello.exe $OPTS > unicode.out
+grep -e "FAIL: Symbol names containing multibyte characters" unicode.out
+if [ $? != 0 ];
+then
+ echo "unicode-test: FAIL: annocheck did not detect suspicious symbol names"
+ $ANNOCHECK trick-hello.exe $OPTS --verbose
+ exit 1
+fi
+
--- /dev/null 2021-10-25 08:23:06.499675237 +0100
+++ annobin-8.79/tests/trick-hello.s 2021-10-25 15:10:39.722116284 +0100
@@ -0,0 +1,33 @@
+ .file "trick-hello.c"
+ .text
+ .section .rodata
+.LC0:
+ .string "hah, gotcha!"
+ .text
+ .globl heoll
+ .type heoll, @function
+heoll:
+.LFB0:
+ nop
+.LFE0:
+ .size heoll, .-heoll
+ .section .rodata
+.LC1:
+ .string "Hello world"
+ .text
+ .globl hello
+ .type hello, @function
+hello:
+.LFB1:
+ nop
+.LFE1:
+ .size hello, .-hello
+ .globl main
+ .type main, @function
+main:
+.LFB2:
+ nop
+.LFE2:
+ .size main, .-main
+ .ident "GCC: (GNU) 11.2.1 20210728 (Red Hat 11.2.1-1)"
+ .section .note.GNU-stack,"",@progbits
diff -rup annobin.orig/Makefile.in annobin-9.29/Makefile.in
--- annobin.orig/Makefile.in 2021-10-28 10:31:57.060267035 +0100
+++ annobin-9.29/Makefile.in 2021-10-28 10:32:06.211206161 +0100
@@ -323,6 +323,7 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
Only in annobin-9.29: Makefile.in.orig
diff -rup annobin.orig/annocheck/Makefile.in annobin-9.29/annocheck/Makefile.in
--- annobin.orig/annocheck/Makefile.in 2021-10-28 10:31:57.088266849 +0100
+++ annobin-9.29/annocheck/Makefile.in 2021-10-28 10:32:06.212206154 +0100
@@ -314,6 +314,7 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
Only in annobin-9.29/annocheck: Makefile.in.orig
diff -rup annobin.orig/annocheck/hardened.c annobin-9.29/annocheck/hardened.c
--- annobin.orig/annocheck/hardened.c 2021-10-28 10:31:57.088266849 +0100
+++ annobin-9.29/annocheck/hardened.c 2021-10-28 10:33:13.936755663 +0100
@@ -119,6 +119,7 @@ enum test_index
TEST_STACK_REALIGN,
TEST_TEXTREL,
TEST_THREADS,
+ TEST_UNICODE,
TEST_WARNINGS,
TEST_WRITEABLE_GOT,
@@ -146,6 +147,7 @@ static void show_STACK_PROT (ann
static void show_STACK_REALIGN (annocheck_data *, test *);
static void show_TEXTREL (annocheck_data *, test *);
static void show_THREADS (annocheck_data *, test *);
+static void show_UNICODE (annocheck_data *, test *);
static void show_WARNINGS (annocheck_data *, test *);
static void show_WRITEABLE_GOT (annocheck_data *, test *);
@@ -177,6 +179,7 @@ static test tests [TEST_MAX] =
TEST (stack-realign, STACK_REALIGN, "Compiled with -mstackrealign (i686 only)"),
TEST (textrel, TEXTREL, "There are no text relocations in the binary"),
TEST (threads, THREADS, "Compiled with -fexceptions"),
+ TEST (unicode, UNICODE, "No unicode symbol names"),
TEST (warnings, WARNINGS, "Compiled with -Wall"),
TEST (writeable-got, WRITEABLE_GOT, "The .got section is not writeable"),
};
@@ -288,6 +291,11 @@ interesting_sec (annocheck_data * da
if (streq (sec->secname, ".gdb_index"))
per_file.debuginfo_file = true;
+ if (tests[TEST_UNICODE].enabled
+ && (sec->shdr.sh_type == SHT_SYMTAB
+ || sec->shdr.sh_type == SHT_DYNSYM))
+ return true;
+
if (streq (sec->secname, ".text"))
{
/* Separate debuginfo files have a .text section with a non-zero
@@ -1830,6 +1838,64 @@ check_comment_section (annocheck_data *
}
static bool
+contains_suspicious_characters (const unsigned char * name)
+{
+ uint i;
+ uint len = strlen ((const char *) name);
+
+ /* FIXME: Test that locale is UTF-8. */
+
+ for (i = 0; i < len; i++)
+ {
+ unsigned char c = name[i];
+
+ if (isgraph (c))
+ continue;
+
+ /* Control characters are always suspect. So are spaces and DEL */
+ if (iscntrl (c) || c == ' ' || c == 0x7f)
+ return true;
+
+ if (c < 0x7f) /* This test is probably redundant. */
+ continue;
+
+ return true;
+ }
+
+ return false;
+}
+
+static bool
+check_symbol_section (annocheck_data * data, annocheck_section * sec)
+{
+ if (! tests[TEST_UNICODE].enabled)
+ return true;
+
+ /* Scan the symbols looking for non-ASCII characters in their names
+ that might cause problems. Note - we do not examine the string
+ tables directly as there are perfectly legitimate reasons why these
+ characters might appear in strings. But when they are used for
+ identifier names, their use is ... problematic. */
+ GElf_Sym sym;
+ uint symndx;
+
+ for (symndx = 1; gelf_getsym (sec->data, symndx, & sym) != NULL; symndx++)
+ {
+ const char * symname = elf_strptr (data->elf, sec->shdr.sh_link, sym.st_name);
+
+ if (contains_suspicious_characters ((const unsigned char *) symname))
+ {
+ tests[TEST_UNICODE].num_fail ++;
+ einfo (VERBOSE, "%s: info: multibyte symname: '%s', (%lu bytes long) in section: %s",
+ data->filename, symname, (unsigned long) strlen (symname), sec->secname);
+ if (!BE_VERBOSE)
+ break;
+ }
+ }
+ return true;
+}
+
+static bool
check_sec (annocheck_data * data,
annocheck_section * sec)
{
@@ -1837,6 +1903,8 @@ check_sec (annocheck_data * data,
selected in interesting_sec(). */
switch (sec->shdr.sh_type)
{
+ case SHT_SYMTAB:
+ case SHT_DYNSYM: return check_symbol_section (data, sec);
case SHT_NOTE: return check_note_section (data, sec);
case SHT_STRTAB: return check_string_section (data, sec);
case SHT_DYNAMIC: return check_dynamic_section (data, sec);
@@ -2617,6 +2685,19 @@ show_BRANCH_PROTECTION (annocheck_data
}
}
+static void
+show_UNICODE (annocheck_data * data, test * results)
+{
+ if (results->num_fail > 0)
+ {
+ fail (data, "Symbol names containing multibyte characters detected");
+ }
+ else
+ {
+ pass (data, "No symbol names containing multibyte characters detected");
+ }
+}
+
static void
show_ENTRY (annocheck_data * data, test * results)
{
Only in annobin-9.29/annocheck: hardened.c.orig
Only in annobin-9.29/annocheck: hardened.c.rej
Only in annobin-9.29: autom4te.cache
diff -rup annobin.orig/configure annobin-9.29/configure
--- annobin.orig/configure 2021-10-28 10:31:57.060267035 +0100
+++ annobin-9.29/configure 2021-10-28 10:32:06.215206134 +0100
@@ -761,6 +761,7 @@ infodir
docdir
oldincludedir
includedir
+runstatedir
localstatedir
sharedstatedir
sysconfdir
@@ -857,6 +858,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1109,6 +1111,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
+ -runstatedir | --runstatedir | --runstatedi | --runstated \
+ | --runstate | --runstat | --runsta | --runst | --runs \
+ | --run | --ru | --r)
+ ac_prev=runstatedir ;;
+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+ | --run=* | --ru=* | --r=*)
+ runstatedir=$ac_optarg ;;
+
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1246,7 +1257,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
+ libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@@ -1399,6 +1410,7 @@ Fine tuning of the installation director
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
Only in annobin-9.29: configure.orig
diff -rup annobin.orig/doc/Makefile.in annobin-9.29/doc/Makefile.in
--- annobin.orig/doc/Makefile.in 2021-10-28 10:31:57.061267029 +0100
+++ annobin-9.29/doc/Makefile.in 2021-10-28 10:32:06.215206134 +0100
@@ -329,6 +329,7 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
Only in annobin-9.29/doc: Makefile.in.orig
diff -rup annobin.orig/doc/annobin.info annobin-9.29/doc/annobin.info
--- annobin.orig/doc/annobin.info 2021-10-28 10:31:57.061267029 +0100
+++ annobin-9.29/doc/annobin.info 2021-10-28 10:32:06.215206134 +0100
@@ -609,6 +609,7 @@ File: annobin.info, Node: Hardened, Ne
[-skip-stack-realign]
[-skip-textrel]
[-skip-threads]
+ [-skip-unicode]
[-skip-writeable-got]
[-ignore-gaps]
[-disable-hardened]
@@ -718,6 +719,10 @@ code to support the test.
Check that the program makes consistent use of the '-fshort-enum'
option.
+'Unicode'
+ This test checks for the presence of multibyte characters in symbol
+ names, which are unusual and potentially dangerous.
+
The tool does support a couple of other command line options as well:
'--enable-hardened'
Only in annobin-9.29/doc: annobin.info.orig
Only in annobin-9.29/doc: annobin.info.rej
diff -rup annobin.orig/doc/annobin.texi annobin-9.29/doc/annobin.texi
--- annobin.orig/doc/annobin.texi 2021-10-28 10:31:57.061267029 +0100
+++ annobin-9.29/doc/annobin.texi 2021-10-28 10:32:06.215206134 +0100
@@ -706,6 +706,7 @@ annocheck
[@b{--skip-stack-realign}]
[@b{--skip-textrel}]
[@b{--skip-threads}]
+ [@b{--skip-unicode}]
[@b{--skip-writeable-got}]
[@b{--ignore-gaps}]
[@b{--disable-hardened}]
@@ -831,6 +832,10 @@ enabled then this test will be skipped a
Check that the program makes consistent use of the
@option{-fshort-enum} option.
+@item Unicode
+This test checks for the presence of multibyte characters in symbol
+names, which are unusual and potentially dangerous.
+
@end table
The tool does support a couple of other command line options as well:
Only in annobin-9.29/doc: annobin.texi.orig
diff -rup annobin.orig/scripts/Makefile.in annobin-9.29/scripts/Makefile.in
--- annobin.orig/scripts/Makefile.in 2021-10-28 10:31:57.061267029 +0100
+++ annobin-9.29/scripts/Makefile.in 2021-10-28 10:32:08.111193522 +0100
@@ -284,6 +284,7 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
Only in annobin-9.29/scripts: Makefile.in.orig
diff -rup annobin.orig/tests/Makefile.am annobin-9.29/tests/Makefile.am
--- annobin.orig/tests/Makefile.am 2021-10-28 10:31:57.089266843 +0100
+++ annobin-9.29/tests/Makefile.am 2021-10-28 10:33:47.008535672 +0100
@@ -16,6 +16,7 @@ TESTS=compile-test \
assembler-gap-test \
dynamic-notes-test \
instrumentation-test \
+ unicode-test \
section-size-test
if HAVE_DEBUGINFOD
Only in annobin-9.29/tests: Makefile.am.orig
Only in annobin-9.29/tests: Makefile.am.rej
diff -rup annobin.orig/tests/Makefile.in annobin-9.29/tests/Makefile.in
--- annobin.orig/tests/Makefile.in 2021-10-28 10:31:57.089266843 +0100
+++ annobin-9.29/tests/Makefile.in 2021-10-28 10:34:15.803344120 +0100
@@ -459,6 +459,7 @@ plugindir = @plugindir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -477,7 +478,8 @@ top_srcdir = @top_srcdir@
TESTS = compile-test hardening-test hardening-fail-test \
missing-notes-test active-checks-test abi-test \
function-sections-test assembler-gap-test dynamic-notes-test \
- instrumentation-test section-size-test $(am__append_1)
+ instrumentation-test unicode-test section-size-test \
+ $(am__append_1)
XFAIL_TESTS = hardening-fail-test \
missing-notes-test \
active-checks-test \
@@ -739,6 +741,13 @@ instrumentation-test.log: instrumentatio
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+unicode-test.log: unicode-test
+ @p='unicode-test'; \
+ b='unicode-test'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
section-size-test.log: section-size-test
@p='section-size-test'; \
Only in annobin-9.29/tests: Makefile.in.orig
Only in annobin-9.29/tests: Makefile.in.rej
Only in annobin-9.29/tests: trick-hello.s
Only in annobin-9.29/tests: unicode-test