Add a compile-time check for FORTIFY_SOURCE support

This is broken on some platforms, so pull in the conditional macro from the latest version of autoconf-archive to test for working support.
author: Brent Cook <busterb@gmail.com> 2020-08-20 02:18:39 -0500
committer: Brent Cook <busterb@gmail.com> 2020-08-22 18:42:26 -0500
commit: 56202472bfcac0a161745afb6906968e4fd723be (patch)
tree: 5b80e3016666d288e62f687e313fbb3c1d3deb76
parent: d9b4363a5f710adee4bc75ec3f75477f8a46fccf (diff)
download: portable-56202472bfcac0a161745afb6906968e4fd723be.tar.gz
portable-56202472bfcac0a161745afb6906968e4fd723be.tar.bz2
portable-56202472bfcac0a161745afb6906968e4fd723be.zip
2 files changed, 81 insertions, 1 deletions
diff --git a/m4/ax_add_fortify_source.m4 b/m4/ax_add_fortify_source.m4
new file mode 100644
index 0000000..7e15312
--- /dev/null
+++ b/m4/ax_add_fortify_source.m4
@@ -0,0 +1,80 @@
+# ===========================================================================
+#  https://www.gnu.org/software/autoconf-archive/ax_add_fortify_source.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_ADD_FORTIFY_SOURCE
+#
+# DESCRIPTION
+#
+#   Check whether -D_FORTIFY_SOURCE=2 can be added to CPPFLAGS without macro
+#   redefinition warnings, other cpp warnings or linker. Some distributions
+#   (such as Gentoo Linux) enable _FORTIFY_SOURCE globally in their
+#   compilers, leading to unnecessary warnings in the form of
+#
+#     <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
+#     <built-in>: note: this is the location of the previous definition
+#
+#   which is a problem if -Werror is enabled. This macro checks whether
+#   _FORTIFY_SOURCE is already defined, and if not, adds -D_FORTIFY_SOURCE=2
+#   to CPPFLAGS.
+#
+#   Newer mingw-w64 msys2 package comes with a bug in
+#   headers-git-7.0.0.5546.d200317d-1. It broke -D_FORTIFY_SOURCE support,
+#   and would need -lssp or -fstack-protector.  See
+#   https://github.com/msys2/MINGW-packages/issues/5803. Try to actually
+#   link it.
+#
+# LICENSE
+#
+#   Copyright (c) 2017 David Seifert <soap@gentoo.org>
+#   Copyright (c) 2019 Reini Urban <rurban@cpan.org>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved.  This file is offered as-is, without any
+#   warranty.
+#serial 4
+AC_DEFUN([AX_ADD_FORTIFY_SOURCE],[
+    ac_save_cflags=$CFLAGS
+    ac_cwerror_flag=yes
+    AX_CHECK_COMPILE_FLAG([-Werror],[CFLAGS="$CFLAGS -Werror"])
+    AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS])
+    AC_LINK_IFELSE([
+        AC_LANG_PROGRAM([],
+            [[
+                #ifndef _FORTIFY_SOURCE
+                    return 0;
+                #else
+                    this_is_an_error;
+                #endif
+            ]]
+        )],
+        AC_LINK_IFELSE([
+            AC_LANG_SOURCE([[
+                #define _FORTIFY_SOURCE 2
+                #include <string.h>
+                int main() {
+                    char *s = " ";
+                    strcpy(s, "x");
+                    return strlen(s)-1;
+                }
+              ]]
+            )],
+            [
+              AC_MSG_RESULT([yes])
+              CFLAGS=$ac_save_cflags
+              CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+            ], [
+              AC_MSG_RESULT([no])
+              CFLAGS=$ac_save_cflags
+            ],
+        ),
+        [
+          AC_MSG_RESULT([no])
+          CFLAGS=$ac_save_cflags
+        ])
+])
diff --git a/m4/check-hardening-options.m4 b/m4/check-hardening-options.m4
index 3ffdb1a..869f00b 100644
--- a/m4/check-hardening-options.m4
+++ b/m4/check-hardening-options.m4
@@ -73,7 +73,7 @@ AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [
                CHECK_CFLAG([[-fno-strict-overflow]])
                # _FORTIFY_SOURCE replaces builtin functions with safer versions.
-                CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
+                AX_ADD_FORTIFY_SOURCE
                # Enable read only relocations
                CHECK_LDFLAG([[-Wl,-z,relro]])
author	Brent Cook <busterb@gmail.com>	2020-08-20 02:18:39 -0500
committer	Brent Cook <busterb@gmail.com>	2020-08-22 18:42:26 -0500
commit	56202472bfcac0a161745afb6906968e4fd723be (patch)
tree	5b80e3016666d288e62f687e313fbb3c1d3deb76
parent	d9b4363a5f710adee4bc75ec3f75477f8a46fccf (diff)
download	portable-56202472bfcac0a161745afb6906968e4fd723be.tar.gz portable-56202472bfcac0a161745afb6906968e4fd723be.tar.bz2 portable-56202472bfcac0a161745afb6906968e4fd723be.zip

diff --git a/m4/ax_add_fortify_source.m4 b/m4/ax_add_fortify_source.m4 new file mode 100644 index 0000000..7e15312 --- /dev/null +++ b/m4/ax_add_fortify_source.m4
@@ -0,0 +1,80 @@
		1	# ===========================================================================
		2	# https://www.gnu.org/software/autoconf-archive/ax_add_fortify_source.html
		3	# ===========================================================================
		4	#
		5	# SYNOPSIS
		6	#
		7	# AX_ADD_FORTIFY_SOURCE
		8	#
		9	# DESCRIPTION
		10	#
		11	# Check whether -D_FORTIFY_SOURCE=2 can be added to CPPFLAGS without macro
		12	# redefinition warnings, other cpp warnings or linker. Some distributions
		13	# (such as Gentoo Linux) enable _FORTIFY_SOURCE globally in their
		14	# compilers, leading to unnecessary warnings in the form of
		15	#
		16	# <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
		17	# <built-in>: note: this is the location of the previous definition
		18	#
		19	# which is a problem if -Werror is enabled. This macro checks whether
		20	# _FORTIFY_SOURCE is already defined, and if not, adds -D_FORTIFY_SOURCE=2
		21	# to CPPFLAGS.
		22	#
		23	# Newer mingw-w64 msys2 package comes with a bug in
		24	# headers-git-7.0.0.5546.d200317d-1. It broke -D_FORTIFY_SOURCE support,
		25	# and would need -lssp or -fstack-protector. See
		26	# https://github.com/msys2/MINGW-packages/issues/5803. Try to actually
		27	# link it.
		28	#
		29	# LICENSE
		30	#
		31	# Copyright (c) 2017 David Seifert <soap@gentoo.org>
		32	# Copyright (c) 2019 Reini Urban <rurban@cpan.org>
		33	#
		34	# Copying and distribution of this file, with or without modification, are
		35	# permitted in any medium without royalty provided the copyright notice
		36	# and this notice are preserved. This file is offered as-is, without any
		37	# warranty.
		38
		39	#serial 4
		40
		41	AC_DEFUN([AX_ADD_FORTIFY_SOURCE],[
		42	ac_save_cflags=$CFLAGS
		43	ac_cwerror_flag=yes
		44	AX_CHECK_COMPILE_FLAG([-Werror],[CFLAGS="$CFLAGS -Werror"])
		45	AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS])
		46	AC_LINK_IFELSE([
		47	AC_LANG_PROGRAM([],
		48	[[
		49	#ifndef _FORTIFY_SOURCE
		50	return 0;
		51	#else
		52	this_is_an_error;
		53	#endif
		54	]]
		55	)],
		56	AC_LINK_IFELSE([
		57	AC_LANG_SOURCE([[
		58	#define _FORTIFY_SOURCE 2
		59	#include <string.h>
		60	int main() {
		61	char *s = " ";
		62	strcpy(s, "x");
		63	return strlen(s)-1;
		64	}
		65	]]
		66	)],
		67	[
		68	AC_MSG_RESULT([yes])
		69	CFLAGS=$ac_save_cflags
		70	CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
		71	], [
		72	AC_MSG_RESULT([no])
		73	CFLAGS=$ac_save_cflags
		74	],
		75	),
		76	[
		77	AC_MSG_RESULT([no])
		78	CFLAGS=$ac_save_cflags
		79	])
		80	])


diff --git a/m4/check-hardening-options.m4 b/m4/check-hardening-options.m4 index 3ffdb1a..869f00b 100644 --- a/m4/check-hardening-options.m4 +++ b/m4/check-hardening-options.m4
@@ -73,7 +73,7 @@ AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [
73	CHECK_CFLAG([[-fno-strict-overflow]])	73	CHECK_CFLAG([[-fno-strict-overflow]])
74		74
75	# _FORTIFY_SOURCE replaces builtin functions with safer versions.	75	# _FORTIFY_SOURCE replaces builtin functions with safer versions.
76	CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])	76	AX_ADD_FORTIFY_SOURCE
77		77
78	# Enable read only relocations	78	# Enable read only relocations
79	CHECK_LDFLAG([[-Wl,-z,relro]])	79	CHECK_LDFLAG([[-Wl,-z,relro]])