[PATCH v3 0/9] Add Stack Smashing Protection and Object Size Checking

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH v3 0/9] Add Stack Smashing Protection and Object Size Checking

Yaakov Selkowitz-2
This has also been pushed to the topic/ssp branch.

Yaakov Selkowitz (9):
  ssp: add APIs for Stack Smashing Protection
  ssp: add Object Size Checking common code
  ssp: add Object Size Checking for string.h functions
  ssp: add Object Size Checking for strings.h functions
  ssp: add Object Size Checking for stdio.h functions, part 1
  ssp: add Object Size Checking for unistd.h functions, part 1
  ssp: add build infrastructure
  cygwin: export SSP functions
  cygwin: create libssp compatibility import library

 newlib/Makefile.am                     |   4 +
 newlib/Makefile.in                     |   4 +
 newlib/libc/Makefile.am                |   4 +-
 newlib/libc/Makefile.in                |  15 +-
 newlib/libc/configure                  |   3 +-
 newlib/libc/configure.in               |   2 +-
 newlib/libc/include/ssp/ssp.h          |  72 ++++
 newlib/libc/include/ssp/stdio.h        |  83 ++++
 newlib/libc/include/ssp/string.h       | 114 ++++++
 newlib/libc/include/ssp/strings.h      |  55 +++
 newlib/libc/include/ssp/unistd.h       |  53 +++
 newlib/libc/include/stdio.h            |   6 +
 newlib/libc/include/string.h           |   4 +
 newlib/libc/include/strings.h          |   6 +-
 newlib/libc/include/sys/features.h     |  18 +-
 newlib/libc/include/sys/unistd.h       |  11 +
 newlib/libc/ssp/Makefile.am            |  71 ++++
 newlib/libc/ssp/Makefile.in            | 714 +++++++++++++++++++++++++++++++++
 newlib/libc/ssp/chk_fail.c             |  13 +
 newlib/libc/ssp/fgets_chk.c            |  55 +++
 newlib/libc/ssp/gets_chk.c             |  78 ++++
 newlib/libc/ssp/memcpy_chk.c           |  54 +++
 newlib/libc/ssp/memmove_chk.c          |  50 +++
 newlib/libc/ssp/mempcpy_chk.c          |  21 +
 newlib/libc/ssp/memset_chk.c           |  49 +++
 newlib/libc/ssp/snprintf_chk.c         |  59 +++
 newlib/libc/ssp/sprintf_chk.c          |  63 +++
 newlib/libc/ssp/stack_protector.c      |  45 +++
 newlib/libc/ssp/stpcpy_chk.c           |  58 +++
 newlib/libc/ssp/stpncpy_chk.c          |  56 +++
 newlib/libc/ssp/strcat_chk.c           |  62 +++
 newlib/libc/ssp/strcpy_chk.c           |  55 +++
 newlib/libc/ssp/strncat_chk.c          |  73 ++++
 newlib/libc/ssp/strncpy_chk.c          |  55 +++
 newlib/libc/ssp/vsnprintf_chk.c        |  51 +++
 newlib/libc/ssp/vsprintf_chk.c         |  60 +++
 winsup/cygwin/Makefile.in              |   5 +-
 winsup/cygwin/common.din               |  20 +
 winsup/cygwin/include/cygwin/version.h |   7 +-
 39 files changed, 2215 insertions(+), 13 deletions(-)
 create mode 100644 newlib/libc/include/ssp/ssp.h
 create mode 100644 newlib/libc/include/ssp/stdio.h
 create mode 100644 newlib/libc/include/ssp/string.h
 create mode 100644 newlib/libc/include/ssp/strings.h
 create mode 100644 newlib/libc/include/ssp/unistd.h
 create mode 100644 newlib/libc/ssp/Makefile.am
 create mode 100644 newlib/libc/ssp/Makefile.in
 create mode 100644 newlib/libc/ssp/chk_fail.c
 create mode 100644 newlib/libc/ssp/fgets_chk.c
 create mode 100644 newlib/libc/ssp/gets_chk.c
 create mode 100644 newlib/libc/ssp/memcpy_chk.c
 create mode 100644 newlib/libc/ssp/memmove_chk.c
 create mode 100644 newlib/libc/ssp/mempcpy_chk.c
 create mode 100644 newlib/libc/ssp/memset_chk.c
 create mode 100644 newlib/libc/ssp/snprintf_chk.c
 create mode 100644 newlib/libc/ssp/sprintf_chk.c
 create mode 100644 newlib/libc/ssp/stack_protector.c
 create mode 100644 newlib/libc/ssp/stpcpy_chk.c
 create mode 100644 newlib/libc/ssp/stpncpy_chk.c
 create mode 100644 newlib/libc/ssp/strcat_chk.c
 create mode 100644 newlib/libc/ssp/strcpy_chk.c
 create mode 100644 newlib/libc/ssp/strncat_chk.c
 create mode 100644 newlib/libc/ssp/strncpy_chk.c
 create mode 100644 newlib/libc/ssp/vsnprintf_chk.c
 create mode 100644 newlib/libc/ssp/vsprintf_chk.c

--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 1/9] ssp: add APIs for Stack Smashing Protection

Yaakov Selkowitz-2
Compiling with any of the -fstack-protector* flags requires the
__stack_chk_guard data import (which needs to be initialized) and the
__stack_chk_fail{,_local} functions.  While GCC's own libssp can provide
these, it is better that we provide these ourselves.  The implementation
is custom due to being OS-specific.

Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 newlib/libc/ssp/stack_protector.c | 45 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 newlib/libc/ssp/stack_protector.c

diff --git a/newlib/libc/ssp/stack_protector.c b/newlib/libc/ssp/stack_protector.c
new file mode 100644
index 000000000..ee014b69d
--- /dev/null
+++ b/newlib/libc/ssp/stack_protector.c
@@ -0,0 +1,45 @@
+#include <sys/cdefs.h>
+#include <sys/param.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+uintptr_t __stack_chk_guard = 0;
+
+void
+__attribute__((__constructor__))
+__stack_chk_init (void)
+{
+  if (__stack_chk_guard != 0)
+    return;
+
+#if defined(__CYGWIN__) || defined(__rtems__)
+  arc4random_buf(&__stack_chk_guard, sizeof(__stack_chk_guard));
+#else
+  /* If getentropy is not available, use the "terminator canary". */
+  ((unsigned char *)&__stack_chk_guard)[0] = 0;
+  ((unsigned char *)&__stack_chk_guard)[1] = 0;
+  ((unsigned char *)&__stack_chk_guard)[2] = '\n';
+  ((unsigned char *)&__stack_chk_guard)[3] = 255;
+#endif
+}
+
+void
+__attribute__((__noreturn__))
+__stack_chk_fail (void)
+{
+  char msg[] = "*** stack smashing detected ***: terminated\n";
+  write (2, msg, strlen (msg));
+  raise (SIGABRT);
+  _exit (127);
+}
+
+#ifdef __ELF__
+void
+__attribute__((visibility ("hidden")))
+__stack_chk_fail_local (void)
+{
+ __stack_chk_fail();
+}
+#endif
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 2/9] ssp: add Object Size Checking common code

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
The Object Size Checking (-D_FORTIFY_SOURCE=*) functionality provides
wrappers around functions suspectible to buffer overflows.  While
independent from Stack Smashing Protection (-fstack-protector*), they
are often used and implemented together.

While GCC also provides an implementation in libssp, it is completely
broken (CVE-2016-4973, RHBZ#1324759) and seemingly unfixable, as there
is no reliable way for a preprocessor macro to trigger a link flag.
Therefore, adding this here is necessary to make it work.

Note that this does require building gcc with --disable-libssp and
gcc_cv_libc_provides_ssp=yes.

Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 newlib/libc/include/ssp/ssp.h      | 72 ++++++++++++++++++++++++++++++++++++++
 newlib/libc/include/sys/features.h | 18 +++++++++-
 newlib/libc/ssp/chk_fail.c         | 13 +++++++
 3 files changed, 102 insertions(+), 1 deletion(-)
 create mode 100644 newlib/libc/include/ssp/ssp.h
 create mode 100644 newlib/libc/ssp/chk_fail.c

diff --git a/newlib/libc/include/ssp/ssp.h b/newlib/libc/include/ssp/ssp.h
new file mode 100644
index 000000000..399cf8962
--- /dev/null
+++ b/newlib/libc/include/ssp/ssp.h
@@ -0,0 +1,72 @@
+/* $NetBSD: ssp.h,v 1.13 2015/09/03 20:43:47 plunky Exp $ */
+
+/*-
+ * Copyright (c) 2006, 2011 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_SSP_H_
+#define _SSP_SSP_H_
+
+#include <sys/cdefs.h>
+
+/* __ssp_real is used by the implementation in libc */
+#if __SSP_FORTIFY_LEVEL == 0
+#define __ssp_real_(fun) fun
+#else
+#define __ssp_real_(fun) __ssp_real_ ## fun
+#endif
+#define __ssp_real(fun) __ssp_real_(fun)
+
+#define __ssp_bos(ptr) __builtin_object_size(ptr, __SSP_FORTIFY_LEVEL > 1)
+#define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)
+
+#define __ssp_check(buf, len, bos) \
+ if (bos(buf) != (size_t)-1 && len > bos(buf)) \
+ __chk_fail()
+#define __ssp_redirect_raw(rtype, fun, symbol, args, call, cond, bos) \
+rtype __ssp_real_(fun) args __asm__(__ASMNAME(#symbol)); \
+_ELIDABLE_INLINE rtype fun args __asm__(__ASMNAME("__ssp_protected_" #fun)); \
+_ELIDABLE_INLINE rtype fun args { \
+ if (cond) \
+ __ssp_check(__buf, __len, bos); \
+ return __ssp_real_(fun) call; \
+}
+
+#define __ssp_redirect(rtype, fun, args, call) \
+    __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos)
+#define __ssp_redirect0(rtype, fun, args, call) \
+    __ssp_redirect_raw(rtype, fun, fun, args, call, 1, __ssp_bos0)
+
+#define __ssp_overlap(a, b, l) \
+    (((a) <= (b) && (b) < (a) + (l)) || ((b) <= (a) && (a) < (b) + (l)))
+
+__BEGIN_DECLS
+void __stack_chk_fail(void) __dead2;
+void __chk_fail(void) __dead2;
+__END_DECLS
+
+#endif /* _SSP_SSP_H_ */
diff --git a/newlib/libc/include/sys/features.h b/newlib/libc/include/sys/features.h
index c9133af57..084bf2183 100644
--- a/newlib/libc/include/sys/features.h
+++ b/newlib/libc/include/sys/features.h
@@ -100,6 +100,9 @@ extern "C" {
  * _SVID_SOURCE (deprecated by _DEFAULT_SOURCE)
  * _DEFAULT_SOURCE (or none of the above)
  * POSIX-1.2008 with BSD and SVr4 extensions
+ *
+ * _FORTIFY_SOURCE = 1 or 2
+ * Object Size Checking function wrappers
  */
 
 #ifdef _GNU_SOURCE
@@ -233,9 +236,11 @@ extern "C" {
  * __GNU_VISIBLE
  * GNU extensions; enabled with _GNU_SOURCE.
  *
+ * __SSP_FORTIFY_LEVEL
+ * Object Size Checking; defined to 0 (off), 1, or 2.
+ *
  * In all cases above, "enabled by default" means either by defining
  * _DEFAULT_SOURCE, or by not defining any of the public feature test macros.
- * Defining _GNU_SOURCE makes all of the above avaliable.
  */
 
 #ifdef _ATFILE_SOURCE
@@ -314,6 +319,17 @@ extern "C" {
 #define __XSI_VISIBLE 0
 #endif
 
+#if _FORTIFY_SOURCE > 0 && !defined(__cplusplus) && !defined(__lint__) && \
+   (__OPTIMIZE__ > 0 || defined(__clang__)) && __GNUC_PREREQ__(4, 1)
+#  if _FORTIFY_SOURCE > 1
+#    define __SSP_FORTIFY_LEVEL 2
+#  else
+#    define __SSP_FORTIFY_LEVEL 1
+#  endif
+#else
+#  define __SSP_FORTIFY_LEVEL 0
+#endif
+
 /* RTEMS adheres to POSIX -- 1003.1b with some features from annexes.  */
 
 #ifdef __rtems__
diff --git a/newlib/libc/ssp/chk_fail.c b/newlib/libc/ssp/chk_fail.c
new file mode 100644
index 000000000..b1f8e42a6
--- /dev/null
+++ b/newlib/libc/ssp/chk_fail.c
@@ -0,0 +1,13 @@
+#include <signal.h>
+#include <string.h>
+#include <unistd.h>
+
+void
+__attribute__((__noreturn__))
+__chk_fail(void)
+{
+  char msg[] = "*** buffer overflow detected ***: terminated\n";
+  write (2, msg, strlen (msg));
+  raise (SIGABRT);
+  _exit (127);
+}
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 3/9] ssp: add Object Size Checking for string.h functions

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
The implementation is from NetBSD, with the addition of mempcpy (a GNU
extension) for parity with glibc and libssp.

Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 newlib/libc/include/ssp/string.h | 114 +++++++++++++++++++++++++++++++++++++++
 newlib/libc/include/string.h     |   4 ++
 newlib/libc/ssp/memcpy_chk.c     |  54 +++++++++++++++++++
 newlib/libc/ssp/memmove_chk.c    |  50 +++++++++++++++++
 newlib/libc/ssp/mempcpy_chk.c    |  21 ++++++++
 newlib/libc/ssp/memset_chk.c     |  49 +++++++++++++++++
 newlib/libc/ssp/stpcpy_chk.c     |  58 ++++++++++++++++++++
 newlib/libc/ssp/stpncpy_chk.c    |  56 +++++++++++++++++++
 newlib/libc/ssp/strcat_chk.c     |  62 +++++++++++++++++++++
 newlib/libc/ssp/strcpy_chk.c     |  55 +++++++++++++++++++
 newlib/libc/ssp/strncat_chk.c    |  73 +++++++++++++++++++++++++
 newlib/libc/ssp/strncpy_chk.c    |  55 +++++++++++++++++++
 12 files changed, 651 insertions(+)
 create mode 100644 newlib/libc/include/ssp/string.h
 create mode 100644 newlib/libc/ssp/memcpy_chk.c
 create mode 100644 newlib/libc/ssp/memmove_chk.c
 create mode 100644 newlib/libc/ssp/mempcpy_chk.c
 create mode 100644 newlib/libc/ssp/memset_chk.c
 create mode 100644 newlib/libc/ssp/stpcpy_chk.c
 create mode 100644 newlib/libc/ssp/stpncpy_chk.c
 create mode 100644 newlib/libc/ssp/strcat_chk.c
 create mode 100644 newlib/libc/ssp/strcpy_chk.c
 create mode 100644 newlib/libc/ssp/strncat_chk.c
 create mode 100644 newlib/libc/ssp/strncpy_chk.c

diff --git a/newlib/libc/include/ssp/string.h b/newlib/libc/include/ssp/string.h
new file mode 100644
index 000000000..349703605
--- /dev/null
+++ b/newlib/libc/include/ssp/string.h
@@ -0,0 +1,114 @@
+/* $NetBSD: string.h,v 1.13 2014/11/29 13:23:48 pooka Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STRING_H_
+#define _SSP_STRING_H_
+
+#include <sys/cdefs.h>
+#include <ssp/ssp.h>
+
+__BEGIN_DECLS
+void *__memcpy_chk(void *, const void *, size_t, size_t);
+void *__memmove_chk(void *, void *, size_t, size_t);
+void *__memset_chk(void *, int, size_t, size_t);
+char *__stpcpy_chk(char *, const char *, size_t);
+char *__strcat_chk(char *, const char *, size_t);
+char *__strcpy_chk(char *, const char *, size_t);
+char *__strncat_chk(char *, const char *, size_t, size_t);
+char *__strncpy_chk(char *, const char *, size_t, size_t);
+__END_DECLS
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+#define __ssp_bos_check3(fun, dst, src, len) \
+    ((__ssp_bos0(dst) != (size_t)-1) ? \
+    __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)) : \
+    __ ## fun ## _ichk(dst, src, len))
+
+#define __ssp_bos_check2(fun, dst, src) \
+    ((__ssp_bos0(dst) != (size_t)-1) ? \
+    __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)) : \
+    __ ## fun ## _ichk(dst, src))
+
+#define __ssp_bos_icheck3_restrict(fun, type1, type2) \
+_ELIDABLE_INLINE type1 __ ## fun ## _ichk(type1 __restrict, type2 __restrict, size_t); \
+_ELIDABLE_INLINE type1 \
+__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src, size_t len) { \
+ return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \
+}
+
+#define __ssp_bos_icheck3(fun, type1, type2) \
+_ELIDABLE_INLINE type1 __ ## fun ## _ichk(type1, type2, size_t); \
+_ELIDABLE_INLINE type1 \
+__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \
+ return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \
+}
+
+#define __ssp_bos_icheck2_restrict(fun, type1, type2) \
+_ELIDABLE_INLINE type1 __ ## fun ## _ichk(type1, type2); \
+_ELIDABLE_INLINE type1 \
+__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \
+ return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \
+}
+
+__BEGIN_DECLS
+__ssp_bos_icheck3_restrict(memcpy, void *, const void *)
+__ssp_bos_icheck3(memmove, void *, const void *)
+__ssp_bos_icheck3_restrict(mempcpy, void *, const void *)
+__ssp_bos_icheck3(memset, void *, int)
+__ssp_bos_icheck2_restrict(stpcpy, char *, const char *)
+#if __GNUC_PREREQ__(4,8) || defined(__clang__)
+__ssp_bos_icheck3_restrict(stpncpy, char *, const char *)
+#endif
+__ssp_bos_icheck2_restrict(strcpy, char *, const char *)
+__ssp_bos_icheck2_restrict(strcat, char *, const char *)
+__ssp_bos_icheck3_restrict(strncpy, char *, const char *)
+__ssp_bos_icheck3_restrict(strncat, char *, const char *)
+__END_DECLS
+
+#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
+#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len)
+#if __GNU_VISIBLE
+#define mempcpy(dst, src, len) __ssp_bos_check3(mempcpy, dst, src, len)
+#endif
+#define memset(dst, val, len) __ssp_bos_check3(memset, dst, val, len)
+#if __POSIX_VISIBLE >= 200809
+#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src)
+#if __GNUC_PREREQ__(4,8) || defined(__clang__)
+#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len)
+#endif
+#endif
+#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src)
+#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src)
+#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len)
+#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len)
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+#endif /* _SSP_STRING_H_ */
diff --git a/newlib/libc/include/string.h b/newlib/libc/include/string.h
index 9c536f35f..8c3c1cc59 100644
--- a/newlib/libc/include/string.h
+++ b/newlib/libc/include/string.h
@@ -176,4 +176,8 @@ char *_EXFUN(__nonnull (1) basename,(const char *)) __asm__(__ASMNAME("__gnu_bas
 
 _END_STD_C
 
+#if __SSP_FORTIFY_LEVEL > 0
+#include <ssp/string.h>
+#endif
+
 #endif /* _STRING_H_ */
diff --git a/newlib/libc/ssp/memcpy_chk.c b/newlib/libc/ssp/memcpy_chk.c
new file mode 100644
index 000000000..63f536dc5
--- /dev/null
+++ b/newlib/libc/ssp/memcpy_chk.c
@@ -0,0 +1,54 @@
+/* $NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memcpy
+
+void *__memcpy_chk(void * __restrict, const void * __restrict, size_t, size_t);
+
+void *
+__memcpy_chk(void * __restrict dst, const void * __restrict src, size_t len,
+    size_t slen)
+{
+ if (len > slen)
+ __chk_fail();
+
+ if (__ssp_overlap((const char *)src, (const char *)dst, len))
+ __chk_fail();
+
+ return memcpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/memmove_chk.c b/newlib/libc/ssp/memmove_chk.c
new file mode 100644
index 000000000..f8f03d778
--- /dev/null
+++ b/newlib/libc/ssp/memmove_chk.c
@@ -0,0 +1,50 @@
+/* $NetBSD: memmove_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memmove_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memmove
+
+void *__memmove_chk(void *, void *src, size_t, size_t);
+
+void *
+__memmove_chk(void *dst, void *src, size_t len,
+    size_t slen)
+{
+ if (len > slen)
+ __chk_fail();
+ return memmove(dst, src, len);
+}
diff --git a/newlib/libc/ssp/mempcpy_chk.c b/newlib/libc/ssp/mempcpy_chk.c
new file mode 100644
index 000000000..fc2ccf894
--- /dev/null
+++ b/newlib/libc/ssp/mempcpy_chk.c
@@ -0,0 +1,21 @@
+#define _GNU_SOURCE
+#include <sys/cdefs.h>
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef mempcpy
+
+void *__mempcpy_chk(void * __restrict, const void * __restrict, size_t, size_t);
+
+void *
+__mempcpy_chk(void * __restrict dst, const void * __restrict src, size_t len,
+    size_t slen)
+{
+ if (len > slen)
+ __chk_fail();
+
+ if (__ssp_overlap((const char *)src, (const char *)dst, len))
+ __chk_fail();
+
+ return mempcpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/memset_chk.c b/newlib/libc/ssp/memset_chk.c
new file mode 100644
index 000000000..0e303b9eb
--- /dev/null
+++ b/newlib/libc/ssp/memset_chk.c
@@ -0,0 +1,49 @@
+/* $NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memset
+
+void *__memset_chk(void * __restrict, int, size_t, size_t);
+
+void *
+__memset_chk(void * __restrict dst, int val, size_t len, size_t slen)
+{
+ if (len > slen)
+ __chk_fail();
+ return memset(dst, val, len);
+}
diff --git a/newlib/libc/ssp/stpcpy_chk.c b/newlib/libc/ssp/stpcpy_chk.c
new file mode 100644
index 000000000..ed1d74ad7
--- /dev/null
+++ b/newlib/libc/ssp/stpcpy_chk.c
@@ -0,0 +1,58 @@
+/* $NetBSD: stpcpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $ */
+
+/*-
+ * Copyright (c) 2013 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: stpcpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memcpy
+
+#if !__GNUC_PREREQ__(4, 8)
+char *__stpcpy_chk(char * __restrict, const char * __restrict, size_t);
+#endif
+
+char *
+__stpcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+ size_t len = strlen(src);
+
+ if (len >= slen)
+ __chk_fail();
+
+ if (__ssp_overlap(src, dst, len))
+ __chk_fail();
+
+ (void)memcpy(dst, src, len + 1);
+ return dst + len;
+}
diff --git a/newlib/libc/ssp/stpncpy_chk.c b/newlib/libc/ssp/stpncpy_chk.c
new file mode 100644
index 000000000..756626153
--- /dev/null
+++ b/newlib/libc/ssp/stpncpy_chk.c
@@ -0,0 +1,56 @@
+/* $NetBSD: stpncpy_chk.c,v 1.3 2015/05/09 15:42:21 christos Exp $ */
+
+/*-
+ * Copyright (c) 2013 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: stpncpy_chk.c,v 1.3 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef stpncpy
+
+#if !__GNUC_PREREQ__(4, 8)
+char *__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t);
+#endif
+
+char *
+__stpncpy_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+ if (len > slen)
+ __chk_fail();
+
+ if (__ssp_overlap(src, dst, len))
+ __chk_fail();
+
+ return stpncpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/strcat_chk.c b/newlib/libc/ssp/strcat_chk.c
new file mode 100644
index 000000000..d57f9559b
--- /dev/null
+++ b/newlib/libc/ssp/strcat_chk.c
@@ -0,0 +1,62 @@
+/* $NetBSD: strcat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strcat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+char *__strcat_chk(char * __restrict, const char * __restrict, size_t);
+
+char *
+__strcat_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+ char *d;
+
+ for (d = dst; *d; d++) {
+ if (slen-- == 0)
+ __chk_fail();
+ }
+
+ while (*src) {
+ if (slen-- == 0)
+ __chk_fail();
+ *d++ = *src++;
+ }
+
+ if (slen-- == 0)
+ __chk_fail();
+
+ *d = '\0';
+ return dst;
+}
diff --git a/newlib/libc/ssp/strcpy_chk.c b/newlib/libc/ssp/strcpy_chk.c
new file mode 100644
index 000000000..cef160a62
--- /dev/null
+++ b/newlib/libc/ssp/strcpy_chk.c
@@ -0,0 +1,55 @@
+/* $NetBSD: strcpy_chk.c,v 1.8 2015/05/09 15:42:21 christos Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strcpy_chk.c,v 1.8 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memcpy
+
+char *__strcpy_chk(char * __restrict, const char * __restrict, size_t);
+
+char *
+__strcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+ size_t len = strlen(src) + 1;
+
+ if (len > slen)
+ __chk_fail();
+
+ if (__ssp_overlap(src, dst, len))
+ __chk_fail();
+
+ return memcpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/strncat_chk.c b/newlib/libc/ssp/strncat_chk.c
new file mode 100644
index 000000000..5ce5a9ef6
--- /dev/null
+++ b/newlib/libc/ssp/strncat_chk.c
@@ -0,0 +1,73 @@
+/* $NetBSD: strncat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strncat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+#include <stdio.h>
+
+char *__strncat_chk(char * __restrict, const char * __restrict, size_t,
+    size_t);
+
+char *
+__strncat_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+ char *d;
+
+ if (len == 0)
+ return dst;
+
+ if (len > slen)
+ __chk_fail();
+
+ for (d = dst; *d; d++) {
+ if (slen-- == 0)
+ __chk_fail();
+ }
+
+ do {
+ if ((*d = *src++) == '\0')
+ break;
+ if (slen-- == 0)
+ __chk_fail();
+ d++;
+ } while (--len != 0);
+
+ if (slen-- == 0)
+ __chk_fail();
+
+ *d = '\0';
+ return dst;
+}
diff --git a/newlib/libc/ssp/strncpy_chk.c b/newlib/libc/ssp/strncpy_chk.c
new file mode 100644
index 000000000..591157a25
--- /dev/null
+++ b/newlib/libc/ssp/strncpy_chk.c
@@ -0,0 +1,55 @@
+/* $NetBSD: strncpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strncpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef strncpy
+
+char *__strncpy_chk(char * __restrict, const char * __restrict, size_t,
+    size_t);
+
+char *
+__strncpy_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+ if (len > slen)
+ __chk_fail();
+
+ if (__ssp_overlap(src, dst, len))
+ __chk_fail();
+
+ return strncpy(dst, src, len);
+}
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 4/9] ssp: add Object Size Checking for strings.h functions

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
The implementation is from NetBSD, with the addition of explicit_bzero
for parity with glibc.

Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 newlib/libc/include/ssp/strings.h | 55 +++++++++++++++++++++++++++++++++++++++
 newlib/libc/include/strings.h     |  6 ++++-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 newlib/libc/include/ssp/strings.h

diff --git a/newlib/libc/include/ssp/strings.h b/newlib/libc/include/ssp/strings.h
new file mode 100644
index 000000000..13adba175
--- /dev/null
+++ b/newlib/libc/include/ssp/strings.h
@@ -0,0 +1,55 @@
+/* $NetBSD: strings.h,v 1.3 2008/04/28 20:22:54 martin Exp $ */
+
+/*-
+ * Copyright (c) 2007 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STRINGS_H_
+#define _SSP_STRINGS_H_
+
+#include <ssp/ssp.h>
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+#if __BSD_VISIBLE || __POSIX_VISIBLE <= 200112
+#define bcopy(src, dst, len) \
+    ((__ssp_bos0(dst) != (size_t)-1) ? \
+    __builtin___memmove_chk(dst, src, len, __ssp_bos0(dst)) : \
+    __memmove_ichk(dst, src, len))
+#define bzero(dst, len) \
+    ((__ssp_bos0(dst) != (size_t)-1) ? \
+    __builtin___memset_chk(dst, 0, len, __ssp_bos0(dst)) : \
+    __memset_ichk(dst, 0, len))
+#endif
+
+#if __BSD_VISIBLE
+__ssp_redirect0(void, explicit_bzero, (void *__buf, size_t __len), \
+    (__buf, __len));
+#endif
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+#endif /* _SSP_STRINGS_H_ */
diff --git a/newlib/libc/include/strings.h b/newlib/libc/include/strings.h
index 50a304215..38a84a220 100644
--- a/newlib/libc/include/strings.h
+++ b/newlib/libc/include/strings.h
@@ -47,7 +47,7 @@ int bcmp(const void *, const void *, size_t) __pure; /* LEGACY */
 void bcopy(const void *, void *, size_t); /* LEGACY */
 void bzero(void *, size_t); /* LEGACY */
 #endif
-#if __BSD_VISIBLE
+#if __BSD_VISIBLE && !__SSP_FORTIFY_LEVEL
 void explicit_bzero(void *, size_t);
 #endif
 #if __MISC_VISIBLE || __POSIX_VISIBLE < 200809 || __XSI_VISIBLE >= 700
@@ -73,4 +73,8 @@ int strncasecmp_l (const char *, const char *, size_t, locale_t);
 #endif
 __END_DECLS
 
+#if __SSP_FORTIFY_LEVEL > 0
+#include <ssp/strings.h>
+#endif
+
 #endif /* _STRINGS_H_ */
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 5/9] ssp: add Object Size Checking for stdio.h functions, part 1

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
The implementation is from NetBSD, with the addition of fread for parity
with glibc.  The following functions are also guarded in glibc:
fgets_unlocked, fread_unlocked, asprintf, dprintf, fprintf, printf,
vasprintf, vdprintf, vfprintf, vprintf.

Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 newlib/libc/include/ssp/stdio.h | 83 +++++++++++++++++++++++++++++++++++++++++
 newlib/libc/include/stdio.h     |  6 +++
 newlib/libc/ssp/fgets_chk.c     | 55 +++++++++++++++++++++++++++
 newlib/libc/ssp/gets_chk.c      | 78 ++++++++++++++++++++++++++++++++++++++
 newlib/libc/ssp/snprintf_chk.c  | 59 +++++++++++++++++++++++++++++
 newlib/libc/ssp/sprintf_chk.c   | 63 +++++++++++++++++++++++++++++++
 newlib/libc/ssp/vsnprintf_chk.c | 51 +++++++++++++++++++++++++
 newlib/libc/ssp/vsprintf_chk.c  | 60 +++++++++++++++++++++++++++++
 8 files changed, 455 insertions(+)
 create mode 100644 newlib/libc/include/ssp/stdio.h
 create mode 100644 newlib/libc/ssp/fgets_chk.c
 create mode 100644 newlib/libc/ssp/gets_chk.c
 create mode 100644 newlib/libc/ssp/snprintf_chk.c
 create mode 100644 newlib/libc/ssp/sprintf_chk.c
 create mode 100644 newlib/libc/ssp/vsnprintf_chk.c
 create mode 100644 newlib/libc/ssp/vsprintf_chk.c

diff --git a/newlib/libc/include/ssp/stdio.h b/newlib/libc/include/ssp/stdio.h
new file mode 100644
index 000000000..8694ee666
--- /dev/null
+++ b/newlib/libc/include/ssp/stdio.h
@@ -0,0 +1,83 @@
+/* $NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STDIO_H_
+#define _SSP_STDIO_H_
+
+#include <ssp/ssp.h>
+
+__BEGIN_DECLS
+int __sprintf_chk(char *__restrict, int, size_t, const char *__restrict, ...)
+    __printflike(4, 5);
+int __vsprintf_chk(char *__restrict, int, size_t, const char *__restrict,
+    __va_list)
+    __printflike(4, 0);
+int __snprintf_chk(char *__restrict, size_t, int, size_t,
+    const char *__restrict, ...)
+    __printflike(5, 6);
+int __vsnprintf_chk(char *__restrict, size_t, int, size_t,
+     const char *__restrict, __va_list)
+    __printflike(5, 0);
+char *__gets_chk(char *, size_t);
+char *__fgets_chk(char *__restrict, int, size_t, FILE *);
+__END_DECLS
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+
+#define sprintf(str, ...) \
+    __builtin___sprintf_chk(str, 0, __ssp_bos(str), __VA_ARGS__)
+
+#define vsprintf(str, fmt, ap) \
+    __builtin___vsprintf_chk(str, 0, __ssp_bos(str), fmt, ap)
+
+#define snprintf(str, len, ...) \
+    __builtin___snprintf_chk(str, len, 0, __ssp_bos(str), __VA_ARGS__)
+
+#define vsnprintf(str, len, fmt, ap) \
+    __builtin___vsnprintf_chk(str, len, 0, __ssp_bos(str), fmt, ap)
+
+#define gets(str) \
+    __gets_chk(str, __ssp_bos(str))
+
+#define fgets(str, len, fp) \
+    __fgets_chk(str, len, __ssp_bos(str), fp)
+
+size_t __ssp_real_fread (void *__restrict, size_t, size_t, FILE *__restrict) __asm__(__ASMNAME("fread"));
+_ELIDABLE_INLINE size_t fread (void *__restrict, size_t, size_t, FILE *__restrict) __asm__(__ASMNAME("__ssp_protected_fread"));
+_ELIDABLE_INLINE size_t
+fread (void *__restrict __ptr, size_t __size, size_t __n, FILE *__restrict __fp) {
+  __ssp_check(__ptr, __size * __n, __ssp_bos0);
+  return __ssp_real_fread(__ptr, __size, __n, __fp);
+}
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+
+#endif /* _SSP_STDIO_H_ */
diff --git a/newlib/libc/include/stdio.h b/newlib/libc/include/stdio.h
index ee0f612c4..e721be9fa 100644
--- a/newlib/libc/include/stdio.h
+++ b/newlib/libc/include/stdio.h
@@ -220,7 +220,9 @@ int _EXFUN(putc, (int, FILE *));
 int _EXFUN(putchar, (int));
 int _EXFUN(puts, (const char *));
 int _EXFUN(ungetc, (int, FILE *));
+#if !__SSP_FORTIFY_LEVEL
 size_t _EXFUN(fread, (_PTR __restrict, size_t _size, size_t _n, FILE *__restrict));
+#endif
 size_t _EXFUN(fwrite, (const _PTR __restrict , size_t _size, size_t _n, FILE *));
 #ifdef _COMPILING_NEWLIB
 int _EXFUN(fgetpos, (FILE *, _fpos_t *));
@@ -796,4 +798,8 @@ _putchar_unlocked(int _c)
 
 _END_STD_C
 
+#if __SSP_FORTIFY_LEVEL > 0
+#include <ssp/stdio.h>
+#endif
+
 #endif /* _STDIO_H_ */
diff --git a/newlib/libc/ssp/fgets_chk.c b/newlib/libc/ssp/fgets_chk.c
new file mode 100644
index 000000000..377579ff6
--- /dev/null
+++ b/newlib/libc/ssp/fgets_chk.c
@@ -0,0 +1,55 @@
+/* $NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: fgets_chk.c,v 1.6 2009/02/05 05:41:51 lukem Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <ssp/stdio.h>
+
+#undef fgets
+
+char *
+__fgets_chk(char * __restrict buf, int len, size_t slen, FILE *fp)
+{
+ if (slen >= (size_t)INT_MAX)
+ return fgets(buf, len, fp);
+
+ if (len >= 0 && (size_t)len > slen)
+ __chk_fail();
+
+ return fgets(buf, len, fp);
+}
diff --git a/newlib/libc/ssp/gets_chk.c b/newlib/libc/ssp/gets_chk.c
new file mode 100644
index 000000000..b4f7015bc
--- /dev/null
+++ b/newlib/libc/ssp/gets_chk.c
@@ -0,0 +1,78 @@
+/* $NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <ssp/stdio.h>
+
+extern char *__gets(char *);
+#undef gets
+#ifdef __NEWLIB__
+#define __gets gets
+#endif
+
+char *
+__gets_chk(char * __restrict buf, size_t slen)
+{
+ char *abuf;
+ size_t len;
+
+ if (slen >= (size_t)INT_MAX)
+ return __gets(buf);
+
+ if ((abuf = malloc(slen + 1)) == NULL)
+ return __gets(buf);
+
+ if (fgets(abuf, (int)(slen + 1), stdin) == NULL) {
+ free(abuf);
+ return NULL;
+ }
+
+ len = strlen(abuf);
+ if (len > 0 && abuf[len - 1] == '\n')
+ --len;
+
+ if (len >= slen)
+ __chk_fail();
+
+ (void)memcpy(buf, abuf, len);
+
+ buf[len] = '\0';
+ free(abuf);
+ return buf;
+}
diff --git a/newlib/libc/ssp/snprintf_chk.c b/newlib/libc/ssp/snprintf_chk.c
new file mode 100644
index 000000000..cede5a4bd
--- /dev/null
+++ b/newlib/libc/ssp/snprintf_chk.c
@@ -0,0 +1,59 @@
+/* $NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsnprintf
+
+/*ARGSUSED*/
+int
+__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen,
+    const char * __restrict fmt, ...)
+{
+ va_list ap;
+ int rv;
+
+ if (len > slen)
+ __chk_fail();
+
+ va_start(ap, fmt);
+ rv = vsnprintf(buf, len, fmt, ap);
+ va_end(ap);
+
+ return rv;
+}
diff --git a/newlib/libc/ssp/sprintf_chk.c b/newlib/libc/ssp/sprintf_chk.c
new file mode 100644
index 000000000..1e924799b
--- /dev/null
+++ b/newlib/libc/ssp/sprintf_chk.c
@@ -0,0 +1,63 @@
+/* $NetBSD: sprintf_chk.c,v 1.6 2009/02/05 05:40:36 lukem Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: sprintf_chk.c,v 1.6 2009/02/05 05:40:36 lukem Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsnprintf
+#undef vsprintf
+
+int
+/*ARGSUSED*/
+__sprintf_chk(char * __restrict buf, int flags, size_t slen,
+    const char * __restrict fmt, ...)
+{
+ va_list ap;
+ int rv;
+
+ va_start(ap, fmt);
+ if (slen > (size_t)INT_MAX)
+ rv = vsprintf(buf, fmt, ap);
+ else {
+ if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 && (size_t)rv >= slen)
+ __chk_fail();
+ }
+ va_end(ap);
+
+ return rv;
+}
diff --git a/newlib/libc/ssp/vsnprintf_chk.c b/newlib/libc/ssp/vsnprintf_chk.c
new file mode 100644
index 000000000..2b8802908
--- /dev/null
+++ b/newlib/libc/ssp/vsnprintf_chk.c
@@ -0,0 +1,51 @@
+/* $NetBSD: vsnprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: vsnprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsnprintf
+
+int
+__vsnprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen,
+    const char * __restrict fmt, va_list ap)
+{
+ if (len > slen)
+ __chk_fail();
+
+ return vsnprintf(buf, len, fmt, ap);
+}
diff --git a/newlib/libc/ssp/vsprintf_chk.c b/newlib/libc/ssp/vsprintf_chk.c
new file mode 100644
index 000000000..fec8a18c7
--- /dev/null
+++ b/newlib/libc/ssp/vsprintf_chk.c
@@ -0,0 +1,60 @@
+/* $NetBSD: vsprintf_chk.c,v 1.6 2009/02/05 05:39:38 lukem Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: vsprintf_chk.c,v 1.6 2009/02/05 05:39:38 lukem Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsprintf
+#undef vsnprintf
+
+/*ARGSUSED*/
+int
+__vsprintf_chk(char * __restrict buf, int flags, size_t slen,
+    const char * __restrict fmt, va_list ap)
+{
+ int rv;
+
+ if (slen > (size_t)INT_MAX)
+ rv = vsprintf(buf, fmt, ap);
+ else {
+ if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 && (size_t)rv >= slen)
+ __chk_fail();
+ }
+
+ return rv;
+}
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 6/9] ssp: add Object Size Checking for unistd.h functions, part 1

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
The implementation is from NetBSD, with the addition of feature test macros
for readlink.  glibc also wraps the following functions:
confstr, getdomainname, getgroups, gethostname, getlogin_r, getwd, pread,
readlinkat, ttyname_r.

Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 newlib/libc/include/ssp/unistd.h | 53 ++++++++++++++++++++++++++++++++++++++++
 newlib/libc/include/sys/unistd.h | 11 +++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 newlib/libc/include/ssp/unistd.h

diff --git a/newlib/libc/include/ssp/unistd.h b/newlib/libc/include/ssp/unistd.h
new file mode 100644
index 000000000..8430db644
--- /dev/null
+++ b/newlib/libc/include/ssp/unistd.h
@@ -0,0 +1,53 @@
+/* $NetBSD: unistd.h,v 1.7 2015/06/25 18:41:03 joerg Exp $ */
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_UNISTD_H_
+#define _SSP_UNISTD_H_
+
+#include <ssp/ssp.h>
+
+#if __SSP_FORTIFY_LEVEL > 0
+__BEGIN_DECLS
+
+__ssp_redirect0(ssize_t, read, (int __fd, void *__buf, size_t __len), \
+    (__fd, __buf, __len));
+
+#if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE >= 4
+__ssp_redirect(ssize_t, readlink, (const char *__restrict __path, \
+    char *__restrict __buf, size_t __len), (__path, __buf, __len));
+#endif
+
+__ssp_redirect_raw(char *, getcwd, getcwd, (char *__buf, size_t __len),
+    (__buf, __len), __buf != 0, __ssp_bos);
+
+__END_DECLS
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+#endif /* _SSP_UNISTD_H_ */
diff --git a/newlib/libc/include/sys/unistd.h b/newlib/libc/include/sys/unistd.h
index 75f8a51df..bfd3b3811 100644
--- a/newlib/libc/include/sys/unistd.h
+++ b/newlib/libc/include/sys/unistd.h
@@ -93,7 +93,9 @@ int     _EXFUN(fdatasync, (int __fd));
 #if __GNU_VISIBLE
 char *  _EXFUN(get_current_dir_name, (void));
 #endif
+#if !__SSP_FORTIFY_LEVEL
 char *  _EXFUN(getcwd, (char *__buf, size_t __size ));
+#endif
 #if __BSD_VISIBLE || (__XSI_VISIBLE && __XSI_VISIBLE < 500)
 int _EXFUN(getdomainname ,(char *__name, size_t __len));
 #endif
@@ -170,7 +172,9 @@ int     _EXFUN(pipe2, (int __fildes[2], int flags));
 #endif
 ssize_t _EXFUN(pread, (int __fd, void *__buf, size_t __nbytes, off_t __offset));
 ssize_t _EXFUN(pwrite, (int __fd, const void *__buf, size_t __nbytes, off_t __offset));
+#if !__SSP_FORTIFY_LEVEL
 _READ_WRITE_RETURN_TYPE _EXFUN(read, (int __fd, void *__buf, size_t __nbyte ));
+#endif
 #if __BSD_VISIBLE
 int _EXFUN(rresvport, (int *__alport));
 int _EXFUN(revoke, (char *__path));
@@ -290,8 +294,10 @@ void    _EXFUN(sync, (void));
 #endif
 
 #if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE >= 4
+#if !__SSP_FORTIFY_LEVEL
 ssize_t _EXFUN(readlink, (const char *__restrict __path,
                           char *__restrict __buf, size_t __buflen));
+#endif
 int     _EXFUN(symlink, (const char *__name1, const char *__name2));
 #endif
 #if __ATFILE_VISIBLE
@@ -567,4 +573,9 @@ int _EXFUN(unlinkat, (int, const char *, int));
 #ifdef __cplusplus
 }
 #endif
+
+#if __SSP_FORTIFY_LEVEL > 0
+#include <ssp/unistd.h>
+#endif
+
 #endif /* _SYS_UNISTD_H */
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 7/9] ssp: add build infrastructure

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 newlib/Makefile.am          |   4 +
 newlib/Makefile.in          |   4 +
 newlib/libc/Makefile.am     |   4 +-
 newlib/libc/Makefile.in     |  15 +-
 newlib/libc/configure       |   3 +-
 newlib/libc/configure.in    |   2 +-
 newlib/libc/ssp/Makefile.am |  71 +++++
 newlib/libc/ssp/Makefile.in | 714 ++++++++++++++++++++++++++++++++++++++++++++
 8 files changed, 808 insertions(+), 9 deletions(-)
 create mode 100644 newlib/libc/ssp/Makefile.am
 create mode 100644 newlib/libc/ssp/Makefile.in

diff --git a/newlib/Makefile.am b/newlib/Makefile.am
index effa2adba..205705d88 100644
--- a/newlib/Makefile.am
+++ b/newlib/Makefile.am
@@ -324,6 +324,10 @@ endif
   for i in $(srcdir)/libc/include/rpc/*.h; do \
    $(INSTALL_DATA) $$i $(DESTDIR)$(tooldir)/include/rpc/`basename $$i`; \
   done; \
+  $(mkinstalldirs) $(DESTDIR)$(tooldir)/include/ssp; \
+  for i in $(srcdir)/libc/include/ssp/*.h; do \
+   $(INSTALL_DATA) $$i $(DESTDIR)$(tooldir)/include/ssp/`basename $$i`; \
+  done; \
   $(mkinstalldirs) $(DESTDIR)$(tooldir)/include/sys; \
   for i in $(srcdir)/libc/include/sys/*.h; do \
    $(INSTALL_DATA) $$i $(DESTDIR)$(tooldir)/include/sys/`basename $$i`; \
diff --git a/newlib/Makefile.in b/newlib/Makefile.in
index 7756e7066..3b35251a7 100644
--- a/newlib/Makefile.in
+++ b/newlib/Makefile.in
@@ -1071,6 +1071,10 @@ install-data-local: install-toollibLIBRARIES
   for i in $(srcdir)/libc/include/rpc/*.h; do \
    $(INSTALL_DATA) $$i $(DESTDIR)$(tooldir)/include/rpc/`basename $$i`; \
   done; \
+  $(mkinstalldirs) $(DESTDIR)$(tooldir)/include/ssp; \
+  for i in $(srcdir)/libc/include/ssp/*.h; do \
+   $(INSTALL_DATA) $$i $(DESTDIR)$(tooldir)/include/ssp/`basename $$i`; \
+  done; \
   $(mkinstalldirs) $(DESTDIR)$(tooldir)/include/sys; \
   for i in $(srcdir)/libc/include/sys/*.h; do \
    $(INSTALL_DATA) $$i $(DESTDIR)$(tooldir)/include/sys/`basename $$i`; \
diff --git a/newlib/libc/Makefile.am b/newlib/libc/Makefile.am
index 6e97bca52..e27ff5cf1 100644
--- a/newlib/libc/Makefile.am
+++ b/newlib/libc/Makefile.am
@@ -42,7 +42,7 @@ endif
 # Do not change the order without considering the doc impact.
 SUBDIRS = argz stdlib ctype search $(STDIO_SUBDIR) $(STDIO64_SUBDIR) string $(SIGNAL_SUBDIR) time locale sys reent \
  $(extra_dir) errno misc machine $(UNIX_SUBDIR) $(POSIX_SUBDIR) $(SYSCALLS_SUBDIR) $(NEWLIB_ICONV_DIRS) \
- $(XDR_SUBDIR) .
+ $(XDR_SUBDIR) ssp .
 
 noinst_DATA = $(CRT0)
 
@@ -64,6 +64,7 @@ SUBLIBS = \
  $(LIBC_EXTRA_LIB) \
  errno/liberrno.$(aext) \
  misc/libmisc.$(aext) \
+ ssp/libssp.$(aext) \
  $(LIBC_UNIX_LIB) \
  $(LIBC_POSIX_LIB) \
  $(LIBC_SYSCALL_LIB) \
@@ -87,6 +88,7 @@ SUBLIBS = \
  $(LIBC_EXTRA_LIB) \
  errno/lib.$(aext) \
  misc/lib.$(aext) \
+ ssp/lib.$(aext) \
  $(LIBC_UNIX_LIB) \
  $(LIBC_POSIX_LIB) \
  $(LIBC_SYSCALL_LIB) \
diff --git a/newlib/libc/Makefile.in b/newlib/libc/Makefile.in
index a597c1d92..c3de3f600 100644
--- a/newlib/libc/Makefile.in
+++ b/newlib/libc/Makefile.in
@@ -90,9 +90,10 @@ am__DEPENDENCIES_1 =
 @USE_LIBTOOL_FALSE@ time/lib.$(aext) locale/lib.$(aext) \
 @USE_LIBTOOL_FALSE@ reent/lib.$(aext) $(am__DEPENDENCIES_1) \
 @USE_LIBTOOL_FALSE@ errno/lib.$(aext) misc/lib.$(aext) \
+@USE_LIBTOOL_FALSE@ ssp/lib.$(aext) $(am__DEPENDENCIES_1) \
 @USE_LIBTOOL_FALSE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@USE_LIBTOOL_FALSE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
-@USE_LIBTOOL_FALSE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+@USE_LIBTOOL_FALSE@ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
+@USE_LIBTOOL_FALSE@ $(am__DEPENDENCIES_1)
 @USE_LIBTOOL_TRUE@am__DEPENDENCIES_3 = argz/libargz.$(aext) \
 @USE_LIBTOOL_TRUE@ stdlib/libstdlib.$(aext) \
 @USE_LIBTOOL_TRUE@ ctype/libctype.$(aext) \
@@ -104,9 +105,9 @@ am__DEPENDENCIES_1 =
 @USE_LIBTOOL_TRUE@ locale/liblocale.$(aext) \
 @USE_LIBTOOL_TRUE@ reent/libreent.$(aext) $(am__DEPENDENCIES_1) \
 @USE_LIBTOOL_TRUE@ errno/liberrno.$(aext) misc/libmisc.$(aext) \
+@USE_LIBTOOL_TRUE@ ssp/libssp.$(aext) $(am__DEPENDENCIES_1) \
 @USE_LIBTOOL_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@USE_LIBTOOL_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@USE_LIBTOOL_TRUE@ $(am__DEPENDENCIES_1)
+@USE_LIBTOOL_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 am_libc_la_OBJECTS =
 libc_la_OBJECTS = $(am_libc_la_OBJECTS)
 libc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
@@ -191,7 +192,7 @@ ETAGS = etags
 CTAGS = ctags
 DIST_SUBDIRS = argz stdlib ctype search stdio stdio64 string signal \
  time locale sys reent @extra_dir@ errno misc machine unix \
- posix syscalls iconv xdr .
+ posix syscalls iconv xdr ssp .
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
 AR = @AR@
@@ -353,7 +354,7 @@ AUTOMAKE_OPTIONS = cygnus
 # Do not change the order without considering the doc impact.
 SUBDIRS = argz stdlib ctype search $(STDIO_SUBDIR) $(STDIO64_SUBDIR) string $(SIGNAL_SUBDIR) time locale sys reent \
  $(extra_dir) errno misc machine $(UNIX_SUBDIR) $(POSIX_SUBDIR) $(SYSCALLS_SUBDIR) $(NEWLIB_ICONV_DIRS) \
- $(XDR_SUBDIR) .
+ $(XDR_SUBDIR) ssp .
 
 noinst_DATA = $(CRT0)
 @USE_LIBTOOL_TRUE@noinst_LTLIBRARIES = libc.la
@@ -373,6 +374,7 @@ noinst_DATA = $(CRT0)
 @USE_LIBTOOL_FALSE@ $(LIBC_EXTRA_LIB) \
 @USE_LIBTOOL_FALSE@ errno/lib.$(aext) \
 @USE_LIBTOOL_FALSE@ misc/lib.$(aext) \
+@USE_LIBTOOL_FALSE@ ssp/lib.$(aext) \
 @USE_LIBTOOL_FALSE@ $(LIBC_UNIX_LIB) \
 @USE_LIBTOOL_FALSE@ $(LIBC_POSIX_LIB) \
 @USE_LIBTOOL_FALSE@ $(LIBC_SYSCALL_LIB) \
@@ -396,6 +398,7 @@ noinst_DATA = $(CRT0)
 @USE_LIBTOOL_TRUE@ $(LIBC_EXTRA_LIB) \
 @USE_LIBTOOL_TRUE@ errno/liberrno.$(aext) \
 @USE_LIBTOOL_TRUE@ misc/libmisc.$(aext) \
+@USE_LIBTOOL_TRUE@ ssp/libssp.$(aext) \
 @USE_LIBTOOL_TRUE@ $(LIBC_UNIX_LIB) \
 @USE_LIBTOOL_TRUE@ $(LIBC_POSIX_LIB) \
 @USE_LIBTOOL_TRUE@ $(LIBC_SYSCALL_LIB) \
diff --git a/newlib/libc/configure b/newlib/libc/configure
index dabe44fd9..240c384d3 100755
--- a/newlib/libc/configure
+++ b/newlib/libc/configure
@@ -12121,7 +12121,7 @@ fi
 
 
 
-ac_config_files="$ac_config_files Makefile argz/Makefile ctype/Makefile errno/Makefile locale/Makefile misc/Makefile reent/Makefile search/Makefile stdio/Makefile stdio64/Makefile stdlib/Makefile string/Makefile time/Makefile posix/Makefile signal/Makefile syscalls/Makefile unix/Makefile iconv/Makefile iconv/ces/Makefile iconv/ccs/Makefile iconv/ccs/binary/Makefile iconv/lib/Makefile xdr/Makefile"
+ac_config_files="$ac_config_files Makefile argz/Makefile ctype/Makefile errno/Makefile locale/Makefile misc/Makefile reent/Makefile search/Makefile stdio/Makefile stdio64/Makefile stdlib/Makefile string/Makefile time/Makefile posix/Makefile signal/Makefile syscalls/Makefile unix/Makefile iconv/Makefile iconv/ces/Makefile iconv/ccs/Makefile iconv/ccs/binary/Makefile iconv/lib/Makefile ssp/Makefile xdr/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -13240,6 +13240,7 @@ do
     "iconv/ccs/Makefile") CONFIG_FILES="$CONFIG_FILES iconv/ccs/Makefile" ;;
     "iconv/ccs/binary/Makefile") CONFIG_FILES="$CONFIG_FILES iconv/ccs/binary/Makefile" ;;
     "iconv/lib/Makefile") CONFIG_FILES="$CONFIG_FILES iconv/lib/Makefile" ;;
+    "ssp/Makefile") CONFIG_FILES="$CONFIG_FILES ssp/Makefile" ;;
     "xdr/Makefile") CONFIG_FILES="$CONFIG_FILES xdr/Makefile" ;;
 
   *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
diff --git a/newlib/libc/configure.in b/newlib/libc/configure.in
index ac25a3933..d3b10a500 100644
--- a/newlib/libc/configure.in
+++ b/newlib/libc/configure.in
@@ -219,5 +219,5 @@ fi
 AC_SUBST(LIBC_MACHINE_LIB)
 AC_SUBST(machine_dir)
 
-AC_CONFIG_FILES([Makefile argz/Makefile ctype/Makefile errno/Makefile locale/Makefile misc/Makefile reent/Makefile search/Makefile stdio/Makefile stdio64/Makefile stdlib/Makefile string/Makefile time/Makefile posix/Makefile signal/Makefile syscalls/Makefile unix/Makefile iconv/Makefile iconv/ces/Makefile iconv/ccs/Makefile iconv/ccs/binary/Makefile iconv/lib/Makefile xdr/Makefile])
+AC_CONFIG_FILES([Makefile argz/Makefile ctype/Makefile errno/Makefile locale/Makefile misc/Makefile reent/Makefile search/Makefile stdio/Makefile stdio64/Makefile stdlib/Makefile string/Makefile time/Makefile posix/Makefile signal/Makefile syscalls/Makefile unix/Makefile iconv/Makefile iconv/ces/Makefile iconv/ccs/Makefile iconv/ccs/binary/Makefile iconv/lib/Makefile ssp/Makefile xdr/Makefile])
 AC_OUTPUT
diff --git a/newlib/libc/ssp/Makefile.am b/newlib/libc/ssp/Makefile.am
new file mode 100644
index 000000000..062a0fff2
--- /dev/null
+++ b/newlib/libc/ssp/Makefile.am
@@ -0,0 +1,71 @@
+## Process this file with automake to generate Makefile.in
+
+AUTOMAKE_OPTIONS = cygnus
+
+INCLUDES = $(NEWLIB_CFLAGS) $(CROSS_CFLAGS) $(TARGET_CFLAGS)
+
+GENERAL_SOURCES = \
+  chk_fail.c \
+  stack_protector.c
+
+STRING_SOURCES = \
+  memcpy_chk.c \
+  memmove_chk.c \
+  mempcpy_chk.c \
+  memset_chk.c \
+  stpcpy_chk.c \
+  stpncpy_chk.c \
+  strcat_chk.c \
+  strcpy_chk.c \
+  strncat_chk.c \
+  strncpy_chk.c
+
+STDIO_SOURCES = \
+  fgets_chk.c \
+  gets_chk.c \
+  snprintf_chk.c \
+  sprintf_chk.c \
+  vsnprintf_chk.c \
+  vsprintf_chk.c
+
+## None of these functions are specified by EL/IX
+if ELIX_LEVEL_1
+ELIX_SOURCES =
+else
+if ELIX_LEVEL_2
+ELIX_SOURCES =
+else
+if ELIX_LEVEL_3
+ELIX_SOURCES =
+else
+if ELIX_LEVEL_4
+ELIX_SOURCES =
+else
+if HAVE_STDIO_DIR
+ELIX_SOURCES = $(GENERAL_SOURCES) $(STRING_SOURCES) $(STDIO_SOURCES)
+else
+ELIX_SOURCES = $(GENERAL_SOURCES) $(STRING_SOURCES)
+endif
+endif
+endif
+endif
+endif
+
+libssp_la_LDFLAGS = -Xcompiler -nostdlib
+
+if USE_LIBTOOL
+noinst_LTLIBRARIES = libssp.la
+libssp_la_SOURCES = $(ELIX_SOURCES)
+noinst_DATA = objectlist.awk.in
+else
+noinst_LIBRARIES = lib.a
+lib_a_SOURCES = $(ELIX_SOURCES)
+lib_a_CFLAGS = $(AM_CFLAGS)
+noinst_DATA =
+endif # USE_LIBTOOL
+
+CHEWOUT_FILES =
+CHAPTERS =
+# No doc for ssp.
+
+include $(srcdir)/../../Makefile.shared
diff --git a/newlib/libc/ssp/Makefile.in b/newlib/libc/ssp/Makefile.in
new file mode 100644
index 000000000..c2e0c7717
--- /dev/null
+++ b/newlib/libc/ssp/Makefile.in
@@ -0,0 +1,714 @@
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+
+
+VPATH = @srcdir@
+am__make_dryrun = \
+  { \
+    am__dry=no; \
+    case $$MAKEFLAGS in \
+      *\\[\ \ ]*) \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
+    esac; \
+    test $$am__dry = yes; \
+  }
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/../../Makefile.shared $(srcdir)/Makefile.in \
+ $(srcdir)/Makefile.am
+subdir = ssp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/../../libtool.m4 \
+ $(top_srcdir)/../../ltoptions.m4 \
+ $(top_srcdir)/../../ltsugar.m4 \
+ $(top_srcdir)/../../ltversion.m4 \
+ $(top_srcdir)/../../lt~obsolete.m4 \
+ $(top_srcdir)/../acinclude.m4 $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/../../mkinstalldirs
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+lib_a_AR = $(AR) $(ARFLAGS)
+lib_a_LIBADD =
+am__objects_1 = lib_a-chk_fail.$(OBJEXT) \
+ lib_a-stack_protector.$(OBJEXT)
+am__objects_2 = lib_a-memcpy_chk.$(OBJEXT) lib_a-memmove_chk.$(OBJEXT) \
+ lib_a-mempcpy_chk.$(OBJEXT) lib_a-memset_chk.$(OBJEXT) \
+ lib_a-stpcpy_chk.$(OBJEXT) lib_a-stpncpy_chk.$(OBJEXT) \
+ lib_a-strcat_chk.$(OBJEXT) lib_a-strcpy_chk.$(OBJEXT) \
+ lib_a-strncat_chk.$(OBJEXT) lib_a-strncpy_chk.$(OBJEXT)
+am__objects_3 = lib_a-fgets_chk.$(OBJEXT) lib_a-gets_chk.$(OBJEXT) \
+ lib_a-snprintf_chk.$(OBJEXT) lib_a-sprintf_chk.$(OBJEXT) \
+ lib_a-vsnprintf_chk.$(OBJEXT) lib_a-vsprintf_chk.$(OBJEXT)
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_FALSE@am__objects_4 = $(am__objects_1) \
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_FALSE@ $(am__objects_2)
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_TRUE@am__objects_4 = $(am__objects_1) \
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_TRUE@ $(am__objects_2) \
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_TRUE@ $(am__objects_3)
+@USE_LIBTOOL_FALSE@am_lib_a_OBJECTS = $(am__objects_4)
+lib_a_OBJECTS = $(am_lib_a_OBJECTS)
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libssp_la_LIBADD =
+am__objects_5 = chk_fail.lo stack_protector.lo
+am__objects_6 = memcpy_chk.lo memmove_chk.lo mempcpy_chk.lo \
+ memset_chk.lo stpcpy_chk.lo stpncpy_chk.lo strcat_chk.lo \
+ strcpy_chk.lo strncat_chk.lo strncpy_chk.lo
+am__objects_7 = fgets_chk.lo gets_chk.lo snprintf_chk.lo \
+ sprintf_chk.lo vsnprintf_chk.lo vsprintf_chk.lo
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_FALSE@am__objects_8 = $(am__objects_5) \
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_FALSE@ $(am__objects_6)
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_TRUE@am__objects_8 = $(am__objects_5) \
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_TRUE@ $(am__objects_6) \
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_TRUE@ $(am__objects_7)
+@USE_LIBTOOL_TRUE@am_libssp_la_OBJECTS = $(am__objects_8)
+libssp_la_OBJECTS = $(am_libssp_la_OBJECTS)
+libssp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libssp_la_LDFLAGS) $(LDFLAGS) -o $@
+@USE_LIBTOOL_TRUE@am_libssp_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp =
+am__depfiles_maybe =
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(lib_a_SOURCES) $(libssp_la_SOURCES)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+DATA = $(noinst_DATA)
+ETAGS = etags
+CTAGS = ctags
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AS = @AS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCAS = @CCAS@
+CCASFLAGS = @CCASFLAGS@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CRT0 = @CRT0@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBC_EXTRA_DEF = @LIBC_EXTRA_DEF@
+LIBC_EXTRA_LIB = @LIBC_EXTRA_LIB@
+LIBC_MACHINE_LIB = @LIBC_MACHINE_LIB@
+LIBC_POSIX_DEF = @LIBC_POSIX_DEF@
+LIBC_POSIX_LIB = @LIBC_POSIX_LIB@
+LIBC_SIGNAL_DEF = @LIBC_SIGNAL_DEF@
+LIBC_SIGNAL_LIB = @LIBC_SIGNAL_LIB@
+LIBC_STDIO64_DEF = @LIBC_STDIO64_DEF@
+LIBC_STDIO64_LIB = @LIBC_STDIO64_LIB@
+LIBC_STDIO_DEF = @LIBC_STDIO_DEF@
+LIBC_STDIO_LIB = @LIBC_STDIO_LIB@
+LIBC_SYSCALL_LIB = @LIBC_SYSCALL_LIB@
+LIBC_SYS_LIB = @LIBC_SYS_LIB@
+LIBC_UNIX_LIB = @LIBC_UNIX_LIB@
+LIBC_XDR_DEF = @LIBC_XDR_DEF@
+LIBC_XDR_LIB = @LIBC_XDR_LIB@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NEWLIB_CFLAGS = @NEWLIB_CFLAGS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NO_INCLUDE_LIST = @NO_INCLUDE_LIST@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+READELF = @READELF@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aext = @aext@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+extra_dir = @extra_dir@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libm_machine_dir = @libm_machine_dir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lpfx = @lpfx@
+machine_dir = @machine_dir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+newlib_basedir = @newlib_basedir@
+oext = @oext@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+subdirs = @subdirs@
+sys_dir = @sys_dir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AUTOMAKE_OPTIONS = cygnus
+INCLUDES = $(NEWLIB_CFLAGS) $(CROSS_CFLAGS) $(TARGET_CFLAGS)
+GENERAL_SOURCES = \
+  chk_fail.c \
+  stack_protector.c
+
+STRING_SOURCES = \
+  memcpy_chk.c \
+  memmove_chk.c \
+  mempcpy_chk.c \
+  memset_chk.c \
+  stpcpy_chk.c \
+  stpncpy_chk.c \
+  strcat_chk.c \
+  strcpy_chk.c \
+  strncat_chk.c \
+  strncpy_chk.c
+
+STDIO_SOURCES = \
+  fgets_chk.c \
+  gets_chk.c \
+  snprintf_chk.c \
+  sprintf_chk.c \
+  vsnprintf_chk.c \
+  vsprintf_chk.c
+
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_FALSE@ELIX_SOURCES = $(GENERAL_SOURCES) $(STRING_SOURCES)
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_FALSE@@HAVE_STDIO_DIR_TRUE@ELIX_SOURCES = $(GENERAL_SOURCES) $(STRING_SOURCES) $(STDIO_SOURCES)
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_FALSE@@ELIX_LEVEL_4_TRUE@ELIX_SOURCES =
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_FALSE@@ELIX_LEVEL_3_TRUE@ELIX_SOURCES =
+@ELIX_LEVEL_1_FALSE@@ELIX_LEVEL_2_TRUE@ELIX_SOURCES =
+@ELIX_LEVEL_1_TRUE@ELIX_SOURCES =
+libssp_la_LDFLAGS = -Xcompiler -nostdlib
+@USE_LIBTOOL_TRUE@noinst_LTLIBRARIES = libssp.la
+@USE_LIBTOOL_TRUE@libssp_la_SOURCES = $(ELIX_SOURCES)
+@USE_LIBTOOL_FALSE@noinst_DATA =
+@USE_LIBTOOL_TRUE@noinst_DATA = objectlist.awk.in
+@USE_LIBTOOL_FALSE@noinst_LIBRARIES = lib.a
+@USE_LIBTOOL_FALSE@lib_a_SOURCES = $(ELIX_SOURCES)
+@USE_LIBTOOL_FALSE@lib_a_CFLAGS = $(AM_CFLAGS)
+CHEWOUT_FILES =
+CHAPTERS =
+
+#
+# documentation rules
+#
+SUFFIXES = .def .xml
+CHEW = ${top_builddir}/../doc/makedoc -f $(top_srcdir)/../doc/doc.str
+DOCBOOK_CHEW = ${top_srcdir}/../doc/makedocbook.py
+DOCBOOK_OUT_FILES = $(CHEWOUT_FILES:.def=.xml)
+DOCBOOK_CHAPTERS = $(CHAPTERS:.tex=.xml)
+CLEANFILES = $(CHEWOUT_FILES) $(CHEWOUT_FILES:.def=.ref) $(DOCBOOK_OUT_FILES)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .def .xml .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/../../Makefile.shared $(am__configure_deps)
+ @for dep in $?; do \
+  case '$(am__configure_deps)' in \
+    *$$dep*) \
+      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+        && { if test -f $@; then exit 0; else break; fi; }; \
+      exit 1;; \
+  esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --cygnus ssp/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+  $(AUTOMAKE) --cygnus ssp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+  *config.status*) \
+    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+  *) \
+    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+$(srcdir)/../../Makefile.shared:
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+lib.a: $(lib_a_OBJECTS) $(lib_a_DEPENDENCIES) $(EXTRA_lib_a_DEPENDENCIES)
+ -rm -f lib.a
+ $(lib_a_AR) lib.a $(lib_a_OBJECTS) $(lib_a_LIBADD)
+ $(RANLIB) lib.a
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+  test "$$dir" != "$$p" || dir=.; \
+  echo "rm -f \"$${dir}/so_locations\""; \
+  rm -f "$${dir}/so_locations"; \
+ done
+libssp.la: $(libssp_la_OBJECTS) $(libssp_la_DEPENDENCIES) $(EXTRA_libssp_la_DEPENDENCIES)
+ $(libssp_la_LINK) $(am_libssp_la_rpath) $(libssp_la_OBJECTS) $(libssp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+.c.o:
+ $(COMPILE) -c $<
+
+.c.obj:
+ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
+
+lib_a-chk_fail.o: chk_fail.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-chk_fail.o `test -f 'chk_fail.c' || echo '$(srcdir)/'`chk_fail.c
+
+lib_a-chk_fail.obj: chk_fail.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-chk_fail.obj `if test -f 'chk_fail.c'; then $(CYGPATH_W) 'chk_fail.c'; else $(CYGPATH_W) '$(srcdir)/chk_fail.c'; fi`
+
+lib_a-stack_protector.o: stack_protector.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-stack_protector.o `test -f 'stack_protector.c' || echo '$(srcdir)/'`stack_protector.c
+
+lib_a-stack_protector.obj: stack_protector.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-stack_protector.obj `if test -f 'stack_protector.c'; then $(CYGPATH_W) 'stack_protector.c'; else $(CYGPATH_W) '$(srcdir)/stack_protector.c'; fi`
+
+lib_a-memcpy_chk.o: memcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-memcpy_chk.o `test -f 'memcpy_chk.c' || echo '$(srcdir)/'`memcpy_chk.c
+
+lib_a-memcpy_chk.obj: memcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-memcpy_chk.obj `if test -f 'memcpy_chk.c'; then $(CYGPATH_W) 'memcpy_chk.c'; else $(CYGPATH_W) '$(srcdir)/memcpy_chk.c'; fi`
+
+lib_a-memmove_chk.o: memmove_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-memmove_chk.o `test -f 'memmove_chk.c' || echo '$(srcdir)/'`memmove_chk.c
+
+lib_a-memmove_chk.obj: memmove_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-memmove_chk.obj `if test -f 'memmove_chk.c'; then $(CYGPATH_W) 'memmove_chk.c'; else $(CYGPATH_W) '$(srcdir)/memmove_chk.c'; fi`
+
+lib_a-mempcpy_chk.o: mempcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-mempcpy_chk.o `test -f 'mempcpy_chk.c' || echo '$(srcdir)/'`mempcpy_chk.c
+
+lib_a-mempcpy_chk.obj: mempcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-mempcpy_chk.obj `if test -f 'mempcpy_chk.c'; then $(CYGPATH_W) 'mempcpy_chk.c'; else $(CYGPATH_W) '$(srcdir)/mempcpy_chk.c'; fi`
+
+lib_a-memset_chk.o: memset_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-memset_chk.o `test -f 'memset_chk.c' || echo '$(srcdir)/'`memset_chk.c
+
+lib_a-memset_chk.obj: memset_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-memset_chk.obj `if test -f 'memset_chk.c'; then $(CYGPATH_W) 'memset_chk.c'; else $(CYGPATH_W) '$(srcdir)/memset_chk.c'; fi`
+
+lib_a-stpcpy_chk.o: stpcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-stpcpy_chk.o `test -f 'stpcpy_chk.c' || echo '$(srcdir)/'`stpcpy_chk.c
+
+lib_a-stpcpy_chk.obj: stpcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-stpcpy_chk.obj `if test -f 'stpcpy_chk.c'; then $(CYGPATH_W) 'stpcpy_chk.c'; else $(CYGPATH_W) '$(srcdir)/stpcpy_chk.c'; fi`
+
+lib_a-stpncpy_chk.o: stpncpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-stpncpy_chk.o `test -f 'stpncpy_chk.c' || echo '$(srcdir)/'`stpncpy_chk.c
+
+lib_a-stpncpy_chk.obj: stpncpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-stpncpy_chk.obj `if test -f 'stpncpy_chk.c'; then $(CYGPATH_W) 'stpncpy_chk.c'; else $(CYGPATH_W) '$(srcdir)/stpncpy_chk.c'; fi`
+
+lib_a-strcat_chk.o: strcat_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strcat_chk.o `test -f 'strcat_chk.c' || echo '$(srcdir)/'`strcat_chk.c
+
+lib_a-strcat_chk.obj: strcat_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strcat_chk.obj `if test -f 'strcat_chk.c'; then $(CYGPATH_W) 'strcat_chk.c'; else $(CYGPATH_W) '$(srcdir)/strcat_chk.c'; fi`
+
+lib_a-strcpy_chk.o: strcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strcpy_chk.o `test -f 'strcpy_chk.c' || echo '$(srcdir)/'`strcpy_chk.c
+
+lib_a-strcpy_chk.obj: strcpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strcpy_chk.obj `if test -f 'strcpy_chk.c'; then $(CYGPATH_W) 'strcpy_chk.c'; else $(CYGPATH_W) '$(srcdir)/strcpy_chk.c'; fi`
+
+lib_a-strncat_chk.o: strncat_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strncat_chk.o `test -f 'strncat_chk.c' || echo '$(srcdir)/'`strncat_chk.c
+
+lib_a-strncat_chk.obj: strncat_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strncat_chk.obj `if test -f 'strncat_chk.c'; then $(CYGPATH_W) 'strncat_chk.c'; else $(CYGPATH_W) '$(srcdir)/strncat_chk.c'; fi`
+
+lib_a-strncpy_chk.o: strncpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strncpy_chk.o `test -f 'strncpy_chk.c' || echo '$(srcdir)/'`strncpy_chk.c
+
+lib_a-strncpy_chk.obj: strncpy_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-strncpy_chk.obj `if test -f 'strncpy_chk.c'; then $(CYGPATH_W) 'strncpy_chk.c'; else $(CYGPATH_W) '$(srcdir)/strncpy_chk.c'; fi`
+
+lib_a-fgets_chk.o: fgets_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-fgets_chk.o `test -f 'fgets_chk.c' || echo '$(srcdir)/'`fgets_chk.c
+
+lib_a-fgets_chk.obj: fgets_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-fgets_chk.obj `if test -f 'fgets_chk.c'; then $(CYGPATH_W) 'fgets_chk.c'; else $(CYGPATH_W) '$(srcdir)/fgets_chk.c'; fi`
+
+lib_a-gets_chk.o: gets_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-gets_chk.o `test -f 'gets_chk.c' || echo '$(srcdir)/'`gets_chk.c
+
+lib_a-gets_chk.obj: gets_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-gets_chk.obj `if test -f 'gets_chk.c'; then $(CYGPATH_W) 'gets_chk.c'; else $(CYGPATH_W) '$(srcdir)/gets_chk.c'; fi`
+
+lib_a-snprintf_chk.o: snprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-snprintf_chk.o `test -f 'snprintf_chk.c' || echo '$(srcdir)/'`snprintf_chk.c
+
+lib_a-snprintf_chk.obj: snprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-snprintf_chk.obj `if test -f 'snprintf_chk.c'; then $(CYGPATH_W) 'snprintf_chk.c'; else $(CYGPATH_W) '$(srcdir)/snprintf_chk.c'; fi`
+
+lib_a-sprintf_chk.o: sprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-sprintf_chk.o `test -f 'sprintf_chk.c' || echo '$(srcdir)/'`sprintf_chk.c
+
+lib_a-sprintf_chk.obj: sprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-sprintf_chk.obj `if test -f 'sprintf_chk.c'; then $(CYGPATH_W) 'sprintf_chk.c'; else $(CYGPATH_W) '$(srcdir)/sprintf_chk.c'; fi`
+
+lib_a-vsnprintf_chk.o: vsnprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-vsnprintf_chk.o `test -f 'vsnprintf_chk.c' || echo '$(srcdir)/'`vsnprintf_chk.c
+
+lib_a-vsnprintf_chk.obj: vsnprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-vsnprintf_chk.obj `if test -f 'vsnprintf_chk.c'; then $(CYGPATH_W) 'vsnprintf_chk.c'; else $(CYGPATH_W) '$(srcdir)/vsnprintf_chk.c'; fi`
+
+lib_a-vsprintf_chk.o: vsprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-vsprintf_chk.o `test -f 'vsprintf_chk.c' || echo '$(srcdir)/'`vsprintf_chk.c
+
+lib_a-vsprintf_chk.obj: vsprintf_chk.c
+ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(lib_a_CFLAGS) $(CFLAGS) -c -o lib_a-vsprintf_chk.obj `if test -f 'vsprintf_chk.c'; then $(CYGPATH_W) 'vsprintf_chk.c'; else $(CYGPATH_W) '$(srcdir)/vsprintf_chk.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | \
+  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+      END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | \
+  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+      END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+  test -n "$$unique" || unique=$$empty_fix; \
+  if test $$# -gt 0; then \
+    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+      "$$@" $$unique; \
+  else \
+    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+      $$unique; \
+  fi; \
+ fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | \
+  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+      END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+     $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+  && $(am__cd) $(top_srcdir) \
+  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+check-am:
+check: check-am
+all-am: Makefile $(LIBRARIES) $(LTLIBRARIES) $(DATA)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+      install; \
+ else \
+  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
+ clean-noinstLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLIBRARIES clean-noinstLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags dvi dvi-am html html-am info \
+ info-am install install-am install-data install-data-am \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-html install-html-am install-info install-info-am \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am
+
+objectlist.awk.in: $(noinst_LTLIBRARIES)
+ -rm -f objectlist.awk.in
+ for i in `ls *.lo` ; \
+ do \
+  echo $$i `pwd`/$$i >> objectlist.awk.in ; \
+ done
+
+.c.def:
+ $(CHEW) < $< > $*.def 2> $*.ref
+ touch stmp-def
+
+TARGETDOC ?= ../tmp.texi
+
+doc: $(CHEWOUT_FILES)
+ for chapter in $(CHAPTERS) ; \
+ do \
+  cat $(srcdir)/$$chapter >> $(TARGETDOC) ; \
+ done
+
+.c.xml:
+ $(DOCBOOK_CHEW) < $< > $*.xml || ( rm $*.xml && false )
+ @touch stmp-xml
+
+docbook: $(DOCBOOK_OUT_FILES)
+ for chapter in $(DOCBOOK_CHAPTERS) ; \
+ do \
+  ${top_srcdir}/../doc/chapter-texi2docbook.py <$(srcdir)/$${chapter%.xml}.tex >../$$chapter ; \
+ done
+# No doc for ssp.
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 8/9] cygwin: export SSP functions

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
SIGFE/NOSIGFE probably should be double-checked here.

 winsup/cygwin/common.din               | 20 ++++++++++++++++++++
 winsup/cygwin/include/cygwin/version.h |  7 ++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/winsup/cygwin/common.din b/winsup/cygwin/common.din
index 55fa9b16c..25ea607f9 100644
--- a/winsup/cygwin/common.din
+++ b/winsup/cygwin/common.din
@@ -7,6 +7,7 @@ __cygwin_user_data DATA
 __mb_cur_max DATA
 __progname DATA
 __rcmd_errstr DATA
+__stack_chk_guard DATA
 _check_for_executable DATA
 _ctype_ DATA
 _daylight DATA
@@ -42,6 +43,7 @@ __assertfail NOSIGFE
 __b64_ntop NOSIGFE
 __b64_pton NOSIGFE
 __bsd_qsort_r NOSIGFE
+__chk_fail SIGFE
 __cxa_atexit = cygwin__cxa_atexit SIGFE
 __cxa_finalize SIGFE
 __dn_comp SIGFE
@@ -50,6 +52,7 @@ __dn_skipname SIGFE
 __eprintf SIGFE
 __errno NOSIGFE
 __fbufsize NOSIGFE
+__fgets_chk SIGFE
 __flbf NOSIGFE
 __fpclassifyd NOSIGFE
 __fpclassifyf NOSIGFE
@@ -62,6 +65,7 @@ __fwritable NOSIGFE
 __fwriting NOSIGFE
 __getpagesize = getpagesize SIGFE
 __getreent NOSIGFE
+__gets_chk SIGFE
 __gnu_basename NOSIGFE
 __infinity NOSIGFE
 __isinfd = isinf NOSIGFE
@@ -72,7 +76,11 @@ __locale_ctype_ptr NOSIGFE
 __locale_ctype_ptr_l NOSIGFE
 __locale_mb_cur_max NOSIGFE
 __main NOSIGFE
+__memcpy_chk NOSIGFE
+__memmove_chk NOSIGFE
 __mempcpy = mempcpy NOSIGFE
+__mempcpy_chk NOSIGFE
+__memset_chk NOSIGFE
 __opendir_with_d_ino SIGFE
 __res_close SIGFE
 __res_init SIGFE
@@ -92,10 +100,22 @@ __res_state SIGFE
 __signbitd NOSIGFE
 __signbitf NOSIGFE
 __signgam NOSIGFE
+__snprintf_chk SIGFE
+__sprintf_chk SIGFE
 __srget SIGFE
 __srget_r SIGFE
+__stack_chk_fail SIGFE
+__stack_chk_fail_local = __stack_chk_fail SIGFE
+__stpcpy_chk NOSIGFE
+__stpncpy_chk NOSIGFE
+__strcat_chk NOSIGFE
+__strcpy_chk NOSIGFE
+__strncat_chk NOSIGFE
+__strncpy_chk NOSIGFE
 __swbuf SIGFE
 __swbuf_r SIGFE
+__vsnprintf_chk SIGFE
+__vsprintf_chk SIGFE
 __wrap__ZdaPv NOSIGFE               # void operator delete[](void *p) throw()
 __wrap__ZdaPvRKSt9nothrow_t NOSIGFE # void operator delete[](void *p, const std::nothrow_t &nt) throw()
 __wrap__ZdlPv NOSIGFE               # void operator delete(void *p) throw()
diff --git a/winsup/cygwin/include/cygwin/version.h b/winsup/cygwin/include/cygwin/version.h
index 8b85f863f..c40d4d14f 100644
--- a/winsup/cygwin/include/cygwin/version.h
+++ b/winsup/cygwin/include/cygwin/version.h
@@ -484,12 +484,17 @@ details. */
   317: Export renameat2.
   318: Export strnstr.
   319: Define O_TMPFILE, O_NOATIME.
+  320: Export __chk_fail, __fgets_chk, __gets_chk, __memcpy_chk, __memmove_chk,
+       __mempcpy_chk, __memset_chk, __snprintf_chk, __sprintf_chk,
+       __stack_chk_fail, __stack_chk_guard, __stpcpy_chk, __stpncpy_chk,
+       __strcat_chk, __strcpy_chk, __strncat_chk, __strncpy_chk,
+       __vsnprintf_chk, __vsprintf_chk.
 
   Note that we forgot to bump the api for ualarm, strtoll, strtoull,
   sigaltstack, sethostname. */
 
 #define CYGWIN_VERSION_API_MAJOR 0
-#define CYGWIN_VERSION_API_MINOR 319
+#define CYGWIN_VERSION_API_MINOR 320
 
 /* There is also a compatibity version number associated with the shared memory
    regions.  It is incremented when incompatible changes are made to the shared
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

[PATCH v3 9/9] cygwin: create libssp compatibility import library

Yaakov Selkowitz-2
In reply to this post by Yaakov Selkowitz-2
Signed-off-by: Yaakov Selkowitz <[hidden email]>
---
 winsup/cygwin/Makefile.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/winsup/cygwin/Makefile.in b/winsup/cygwin/Makefile.in
index bc452087f..b7cadd755 100644
--- a/winsup/cygwin/Makefile.in
+++ b/winsup/cygwin/Makefile.in
@@ -540,7 +540,7 @@ endif
 API_VER:=$(srcdir)/include/cygwin/version.h
 
 LIB_NAME:=libcygwin.a
-SUBLIBS:=libpthread.a libutil.a ${CURDIR}/libm.a ${CURDIR}/libc.a libdl.a libresolv.a librt.a libacl.a
+SUBLIBS:=libpthread.a libutil.a ${CURDIR}/libm.a ${CURDIR}/libc.a libdl.a libresolv.a librt.a libacl.a libssp.a
 EXTRALIBS:=libautomode.a libbinmode.a libtextmode.a libtextreadmode.a
 INSTOBJS:=automode.o binmode.o textmode.o textreadmode.o
 TARGET_LIBS:=$(LIB_NAME) $(CYGWIN_START) $(GMON_START) $(LIBGMON_A) $(SUBLIBS) $(INSTOBJS) $(EXTRALIBS)
@@ -745,6 +745,9 @@ librt.a: ${LIB_NAME} posix_ipc.o
 libacl.a: ${LIB_NAME} sec_posixacl.o
  ${speclib} ${@F}
 
+libssp.a: ${LIB_NAME} $(newlib_build)/libc/ssp/lib.a
+ ${speclib} ${@F}
+
 ${EXTRALIBS}: lib%.a: %.o
  $(AR) cru $@ $?
 
--
2.15.0

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH v3 0/9] Add Stack Smashing Protection and Object Size Checking

Corinna Vinschen
In reply to this post by Yaakov Selkowitz-2
On Nov 28 02:57, Yaakov Selkowitz wrote:

> This has also been pushed to the topic/ssp branch.
>
> Yaakov Selkowitz (9):
>   ssp: add APIs for Stack Smashing Protection
>   ssp: add Object Size Checking common code
>   ssp: add Object Size Checking for string.h functions
>   ssp: add Object Size Checking for strings.h functions
>   ssp: add Object Size Checking for stdio.h functions, part 1
>   ssp: add Object Size Checking for unistd.h functions, part 1
>   ssp: add build infrastructure
>   cygwin: export SSP functions
>   cygwin: create libssp compatibility import library
Is that the proposed final version?  If so, it looks good to me, except
for the lack of documentation.  Just a few sentences explaining what
this is and how to use it would do.


Thanks,
Corinna

--
Corinna Vinschen
Cygwin Maintainer
Red Hat

signature.asc (836 bytes) Download Attachment