Skip to content

Commit ce6504e

Browse files
committed
merge bitcoin#27038: test for _FORTIFY_SOURCE usage in release binaries
1 parent 140848d commit ce6504e

2 files changed

Lines changed: 32 additions & 8 deletions

File tree

contrib/devtools/security-check.py

Lines changed: 24 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
Exit status will be 0 if successful, and the program will be silent.
88
Otherwise the exit status will be 1 and it will log which executables failed which checks.
99
'''
10+
import re
1011
import sys
1112
from typing import List
1213

@@ -117,6 +118,24 @@ def check_ELF_CONTROL_FLOW(binary) -> bool:
117118
return True
118119
return False
119120

121+
def check_ELF_FORTIFY(binary) -> bool:
122+
# dash-util does not currently contain any fortified functions
123+
if 'Dash Core dash-util utility version ' in binary.strings:
124+
return True
125+
126+
chk_funcs = set()
127+
128+
for sym in binary.imported_symbols:
129+
match = re.search(r'__[a-z]*_chk', sym.name)
130+
if match:
131+
chk_funcs.add(match.group(0))
132+
133+
# ignore stack-protector and bdb
134+
chk_funcs.discard('__stack_chk')
135+
chk_funcs.discard('__db_chk')
136+
137+
return len(chk_funcs) >= 1
138+
120139
def check_PE_DYNAMIC_BASE(binary) -> bool:
121140
'''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)'''
122141
return lief.PE.DLL_CHARACTERISTICS.DYNAMIC_BASE in binary.optional_header.dll_characteristics_lists
@@ -229,11 +248,11 @@ def check_MACHO_BRANCH_PROTECTION(binary) -> bool:
229248

230249
CHECKS = {
231250
lief.EXE_FORMATS.ELF: {
232-
lief.ARCHITECTURES.X86: BASE_ELF + [('CONTROL_FLOW', check_ELF_CONTROL_FLOW)],
233-
lief.ARCHITECTURES.ARM: BASE_ELF,
234-
lief.ARCHITECTURES.ARM64: BASE_ELF,
235-
lief.ARCHITECTURES.PPC: BASE_ELF,
236-
lief.ARCHITECTURES.RISCV: BASE_ELF,
251+
lief.ARCHITECTURES.X86: BASE_ELF + [('CONTROL_FLOW', check_ELF_CONTROL_FLOW), ('FORTIFY', check_ELF_FORTIFY)],
252+
lief.ARCHITECTURES.ARM: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)],
253+
lief.ARCHITECTURES.ARM64: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)],
254+
lief.ARCHITECTURES.PPC: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)],
255+
lief.ARCHITECTURES.RISCV: BASE_ELF, # Skip FORTIFY. See https://github.com/lief-project/LIEF/issues/1082.
237256
},
238257
lief.EXE_FORMATS.PE: {
239258
lief.ARCHITECTURES.X86: BASE_PE,

contrib/devtools/test-security-check.py

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -60,17 +60,22 @@ def test_ELF(self):
6060
arch = get_arch(cxx, source, executable)
6161

6262
if arch == lief.ARCHITECTURES.X86:
63-
pass_flags = ['-Wl,-znoexecstack', '-Wl,-zrelro', '-Wl,-z,now', '-pie', '-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']
63+
pass_flags = ['-D_FORTIFY_SOURCE=3', '-Wl,-znoexecstack', '-Wl,-zrelro', '-Wl,-z,now', '-pie', '-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']
6464
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-Wl,-zexecstack']), (1, executable + ': failed NX'))
6565
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-no-pie','-fno-PIE']), (1, executable + ': failed PIE'))
6666
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-Wl,-znorelro']), (1, executable + ': failed RELRO'))
6767
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-Wl,-z,noseparate-code']), (1, executable + ': failed SEPARATE_CODE'))
6868
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-fcf-protection=none']), (1, executable + ': failed CONTROL_FLOW'))
69+
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-U_FORTIFY_SOURCE']), (1, executable + ': failed FORTIFY'))
6970
self.assertEqual(call_security_check(cxx, source, executable, pass_flags), (0, ''))
7071
else:
71-
pass_flags = ['-Wl,-znoexecstack', '-Wl,-zrelro', '-Wl,-z,now', '-pie', '-fPIE', '-Wl,-z,separate-code']
72+
pass_flags = ['-D_FORTIFY_SOURCE=3', '-Wl,-znoexecstack', '-Wl,-zrelro', '-Wl,-z,now', '-pie', '-fPIE', '-Wl,-z,separate-code']
7273
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-Wl,-zexecstack']), (1, executable + ': failed NX'))
73-
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-no-pie','-fno-PIE']), (1, executable + ': failed PIE'))
74+
# LIEF fails to parse RISC-V with no PIE correctly, and doesn't detect the fortified function,
75+
# so skip this test for RISC-V (for now). See https://github.com/lief-project/LIEF/issues/1082.
76+
if arch != lief.ARCHITECTURES.RISCV:
77+
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-no-pie','-fno-PIE']), (1, executable + ': failed PIE'))
78+
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-U_FORTIFY_SOURCE']), (1, executable + ': failed FORTIFY'))
7479
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-Wl,-znorelro']), (1, executable + ': failed RELRO'))
7580
self.assertEqual(call_security_check(cxx, source, executable, pass_flags + ['-Wl,-z,noseparate-code']), (1, executable + ': failed SEPARATE_CODE'))
7681
self.assertEqual(call_security_check(cxx, source, executable, pass_flags), (0, ''))

0 commit comments

Comments
 (0)