Project

General

Profile

Actions

Enhancement #750

closed

Compile BIP with secure flags

Added by Loïc Gomez almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
Start date:
2022-01-12
Due date:
% Done:

100%

Estimated time:
(Total: 0:00 h)
Patch Available:
Yes
Found in Versions:
Confirmed:
No
Branch:
Security:
Yes
Help Needed:

Description

We should fix issues raised by compiling with flags recommended by https://airbus-seclab.github.io/c-compiler-security/

GCC TL;DR

-O2
-Werror
-Wall -Wextra -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wtraditional-conversion -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Warith-conversion -Wlogical-op -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 -Wcast-align=strict
-D_FORTIFY_SOURCE=2
-fstack-protector-strong -fstack-clash-protection -fPIE 
-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code


Files

0002-Add-compiled-stuff-to-gitignore.patch (518 Bytes) 0002-Add-compiled-stuff-to-gitignore.patch Loïc Gomez, 2022-01-10 19:27
0003-Add-secure-strict-CFLAGS.patch (1.15 KB) 0003-Add-secure-strict-CFLAGS.patch Loïc Gomez, 2022-01-10 19:27
0004-sanitize-add-bipmkpw_fatal-and-fix-bipmkpw-warnings.patch (3 KB) 0004-sanitize-add-bipmkpw_fatal-and-fix-bipmkpw-warnings.patch Loïc Gomez, 2022-01-10 19:27
0005-sanitize-add-missing-void-on-functions-not-expecting.patch (2.66 KB) 0005-sanitize-add-missing-void-on-functions-not-expecting.patch Loïc Gomez, 2022-01-10 19:27
0006-sanitize-trivial-fixes-and-casts-to-types-expected-b.patch (24.4 KB) 0006-sanitize-trivial-fixes-and-casts-to-types-expected-b.patch Loïc Gomez, 2022-01-10 19:27
0007-sanitize-fix-unused-return-values.patch (809 Bytes) 0007-sanitize-fix-unused-return-values.patch Loïc Gomez, 2022-01-10 19:27
0008-sanitize-configuration-parsing.patch (3.87 KB) 0008-sanitize-configuration-parsing.patch Loïc Gomez, 2022-01-10 19:27
0009-sanitize-handle-more-config-errors-replace-int-1-typ.patch (3.27 KB) 0009-sanitize-handle-more-config-errors-replace-int-1-typ.patch Loïc Gomez, 2022-01-10 19:27
0010-sanitize-use-proper-types-safe-casts-mostly-size_t.patch (22.6 KB) 0010-sanitize-use-proper-types-safe-casts-mostly-size_t.patch Loïc Gomez, 2022-01-10 19:27
0011-sanitize-link_server-l_clientc-should-not-be-allowed.patch (3.52 KB) 0011-sanitize-link_server-l_clientc-should-not-be-allowed.patch Loïc Gomez, 2022-01-10 19:28
0012-sanitize-link_server-lag-shouldn-t-be-allowed-to-go-.patch (1.11 KB) 0012-sanitize-link_server-lag-shouldn-t-be-allowed-to-go-.patch Loïc Gomez, 2022-01-10 19:28
0013-sanitize-fix-pid-pidfile-handling.patch (1.16 KB) 0013-sanitize-fix-pid-pidfile-handling.patch Loïc Gomez, 2022-01-10 19:28
0014-sanitize-null-writes-write-errors-oversized-integers.patch (6.68 KB) 0014-sanitize-null-writes-write-errors-oversized-integers.patch Loïc Gomez, 2022-01-10 19:28
0015-sanitize-add-bip_clock_gettime-util-function.patch (2.66 KB) 0015-sanitize-add-bip_clock_gettime-util-function.patch Loïc Gomez, 2022-01-10 19:28
0016-sanitize-oidentd-handler-fixes.patch (2.37 KB) 0016-sanitize-oidentd-handler-fixes.patch Loïc Gomez, 2022-01-10 19:28
0017-sanitize-external-libs-warning-ignores.patch (3.61 KB) 0017-sanitize-external-libs-warning-ignores.patch Loïc Gomez, 2022-01-10 19:28
0018-sanitize-more-NULL-pointer-failsafes.patch (2.48 KB) 0018-sanitize-more-NULL-pointer-failsafes.patch Loïc Gomez, 2022-01-10 19:28
0019-sanitize-ftell-fseek-and-logfile-len-logstore-file_o.patch (2.99 KB) 0019-sanitize-ftell-fseek-and-logfile-len-logstore-file_o.patch Loïc Gomez, 2022-01-10 19:28
0020-sanitize-a-bit-involved-size_t-cast-for-get_str_elem.patch (1.24 KB) 0020-sanitize-a-bit-involved-size_t-cast-for-get_str_elem.patch Loïc Gomez, 2022-01-10 19:28
0021-sanitize-pragmas-for-our-code.patch (2.65 KB) 0021-sanitize-pragmas-for-our-code.patch Loïc Gomez, 2022-01-10 19:28
0022-sanitize-irc_cli_part-set-cname-to-proper-const-char.patch (904 Bytes) 0022-sanitize-irc_cli_part-set-cname-to-proper-const-char.patch Loïc Gomez, 2022-01-10 19:28
0023-sanitize-fix-const-char-being-used-as-non-const.patch (5.08 KB) 0023-sanitize-fix-const-char-being-used-as-non-const.patch Loïc Gomez, 2022-01-10 19:28
0001-Update-build-configuration.patch (3.59 KB) 0001-Update-build-configuration.patch Loïc Gomez, 2022-01-10 20:48
0024-sanitize-pragma-ignore-passing-argument-X-of-.-with-.patch (7.95 KB) 0024-sanitize-pragma-ignore-passing-argument-X-of-.-with-.patch Loïc Gomez, 2022-01-10 20:48

Subtasks 1 (0 open1 closed)

Review #752: Build lexer in a separate unitResolvedLoïc Gomez2022-01-12Actions

Related issues 1 (0 open1 closed)

Related to Bip - Review #751: Fix /BIP commands truncating outputResolvedLoïc Gomez2022-01-05Actions
Actions #1

Updated by Loïc Gomez almost 3 years ago

Started working on it, but this will depend on another rework to avoid stuffing our code with casts.

Actions #2

Updated by Loïc Gomez almost 3 years ago

  • Tracker changed from Bug to Enhancement
Actions #3

Updated by Loïc Gomez almost 3 years ago

  • Related to Review #751: Fix /BIP commands truncating output added
Actions #7

Updated by Loïc Gomez almost 3 years ago

  • Status changed from New to In Progress
  • Security set to Yes

This code has #751 as a prerequisite.

Actions #8

Updated by Loïc Gomez almost 3 years ago

  • File deleted (0024-sanitize-pragma-ignore-passing-argument-X-of-.-with-.patch)
Actions #9

Updated by Loïc Gomez almost 3 years ago

  • File 0024-sanitize-pragma-ignore-passing-argument-X-of-.-with-.patch added

Fixing last patch, pragmas were wrongly defined.

Actions #10

Updated by Loïc Gomez almost 3 years ago

  • File deleted (0024-sanitize-pragma-ignore-passing-argument-X-of-.-with-.patch)
Actions #11

Updated by Loïc Gomez almost 3 years ago

  • File deleted (0001-Update-build-configuration.patch)

Updated by Loïc Gomez almost 3 years ago

And again.
Also, I couldn't find my way into Makefile.am to have generated lex.c file be compiled without -Wswitch-default -Wtraditional-conversion and -Wstrict-overflow.

Actions #13

Updated by Loïc Gomez almost 3 years ago

Fixed in #752.

Actions #14

Updated by Pierre-Louis Bonicoli almost 3 years ago

  • Status changed from In Progress to Resolved
  • Target version set to 0.9.3
Actions

Also available in: Atom PDF