Skip to content

L
lxc
Unverified Commit 7e270c97 by Stéphane Graber Committed by GitHub
Options

Merge pull request #2639 from brauner/2018-09-23/compiler_based_hardening

compiler: compiler based hardening
parents e854e63b 246736be
Showing with 55 additions and 1 deletion
configure.ac
...@@ -685,6 +685,8 @@ LXC_CHECK_TLS ...@@ -685,6 +685,8 @@ LXC_CHECK_TLS
AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror]) AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-implicit-fallthrough], [CFLAGS="$CFLAGS -Wimplicit-fallthrough"],,[-Werror]) AX_CHECK_COMPILE_FLAG([-implicit-fallthrough], [CFLAGS="$CFLAGS -Wimplicit-fallthrough"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wcast-align], [CFLAGS="$CFLAGS -Wcast-align"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wstrict-prototypes], [CFLAGS="$CFLAGS -Wstrict-prototypes"],,[-Werror])
CFLAGS="$CFLAGS -Wvla -std=gnu11" CFLAGS="$CFLAGS -Wvla -std=gnu11"
if test "x$enable_werror" = "xyes"; then if test "x$enable_werror" = "xyes"; then
......
src/include/ifaddrs.c
...@@ -167,6 +167,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h) ...@@ -167,6 +167,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
struct ifaddrs_ctx *ctx = pctx; struct ifaddrs_ctx *ctx = pctx;
if (h->nlmsg_type == RTM_NEWLINK) { if (h->nlmsg_type == RTM_NEWLINK) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
for (rta = __NLMSG_RTA(h, sizeof(*ifi)); __NLMSG_RTAOK(rta, h); for (rta = __NLMSG_RTA(h, sizeof(*ifi)); __NLMSG_RTAOK(rta, h);
rta = __RTA_NEXT(rta)) { rta = __RTA_NEXT(rta)) {
if (rta->rta_type != IFLA_STATS) if (rta->rta_type != IFLA_STATS)
...@@ -175,6 +178,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h) ...@@ -175,6 +178,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
stats_len = __RTA_DATALEN(rta); stats_len = __RTA_DATALEN(rta);
break; break;
} }
#pragma GCC diagnostic pop
} else { } else {
for (ifs0 = ctx->hash[ifa->ifa_index % IFADDRS_HASH_SIZE]; ifs0; for (ifs0 = ctx->hash[ifa->ifa_index % IFADDRS_HASH_SIZE]; ifs0;
ifs0 = ifs0->hash_next) ifs0 = ifs0->hash_next)
...@@ -190,6 +195,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h) ...@@ -190,6 +195,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
return -1; return -1;
} }
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
if (h->nlmsg_type == RTM_NEWLINK) { if (h->nlmsg_type == RTM_NEWLINK) {
ifs->index = ifi->ifi_index; ifs->index = ifi->ifi_index;
ifs->ifa.ifa_flags = ifi->ifi_flags; ifs->ifa.ifa_flags = ifi->ifi_flags;
...@@ -289,6 +297,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h) ...@@ -289,6 +297,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
&ifs->netmask, ifa->ifa_prefixlen); &ifs->netmask, ifa->ifa_prefixlen);
} }
#pragma GCC diagnostic pop
if (ifs->ifa.ifa_name) { if (ifs->ifa.ifa_name) {
if (!ctx->first) if (!ctx->first)
ctx->first = ifs; ctx->first = ifs;
...@@ -334,6 +344,8 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af, ...@@ -334,6 +344,8 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af,
if (r <= 0) if (r <= 0)
return -1; return -1;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
for (h = &u.reply; __NLMSG_OK(h, (void *)&u.buf[r]); for (h = &u.reply; __NLMSG_OK(h, (void *)&u.buf[r]);
h = __NLMSG_NEXT(h)) { h = __NLMSG_NEXT(h)) {
if (h->nlmsg_type == NLMSG_DONE) if (h->nlmsg_type == NLMSG_DONE)
...@@ -348,6 +360,7 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af, ...@@ -348,6 +360,7 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af,
if (ret) if (ret)
return ret; return ret;
} }
#pragma GCC diagnostic pop
} }
} }
......
src/lxc/log.h
...@@ -477,5 +477,5 @@ extern int lxc_log_set_file(int *fd, const char *fname); ...@@ -477,5 +477,5 @@ extern int lxc_log_set_file(int *fd, const char *fname);
extern const char *lxc_log_get_file(void); extern const char *lxc_log_get_file(void);
extern void lxc_log_set_prefix(const char *prefix); extern void lxc_log_set_prefix(const char *prefix);
extern const char *lxc_log_get_prefix(void); extern const char *lxc_log_get_prefix(void);
extern void lxc_log_options_no_override(); extern void lxc_log_options_no_override(void);
#endif #endif
src/lxc/lxccontainer.c
...@@ -2451,6 +2451,9 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface, ...@@ -2451,6 +2451,9 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
if (tempIfAddr->ifa_addr == NULL) if (tempIfAddr->ifa_addr == NULL)
continue; continue;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
if (tempIfAddr->ifa_addr->sa_family == AF_INET) { if (tempIfAddr->ifa_addr->sa_family == AF_INET) {
if (family && strcmp(family, "inet")) if (family && strcmp(family, "inet"))
continue; continue;
...@@ -2466,6 +2469,8 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface, ...@@ -2466,6 +2469,8 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr; tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr;
} }
#pragma GCC diagnostic pop
if (interface && strcmp(interface, tempIfAddr->ifa_name)) if (interface && strcmp(interface, tempIfAddr->ifa_name))
continue; continue;
else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0) else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0)
......
src/lxc/network.c
...@@ -962,6 +962,9 @@ int netdev_get_mtu(int ifindex) ...@@ -962,6 +962,9 @@ int netdev_get_mtu(int ifindex)
if (err < 0) if (err < 0)
goto out; goto out;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
do { do {
/* Restore the answer buffer length, it might have been /* Restore the answer buffer length, it might have been
* overwritten by a previous receive. * overwritten by a previous receive.
...@@ -1024,6 +1027,8 @@ int netdev_get_mtu(int ifindex) ...@@ -1024,6 +1027,8 @@ int netdev_get_mtu(int ifindex)
} }
} while (readmore); } while (readmore);
#pragma GCC diagnostic pop
/* If we end up here, we didn't find any result, so signal an error. */ /* If we end up here, we didn't find any result, so signal an error. */
err = -1; err = -1;
...@@ -1501,6 +1506,9 @@ int lxc_ipv4_addr_add(int ifindex, struct in_addr *addr, struct in_addr *bcast, ...@@ -1501,6 +1506,9 @@ int lxc_ipv4_addr_add(int ifindex, struct in_addr *addr, struct in_addr *bcast,
* the given RTM_NEWADDR message. Allocates memory for the address and stores * the given RTM_NEWADDR message. Allocates memory for the address and stores
* that pointer in *res (so res should be an in_addr** or in6_addr**). * that pointer in *res (so res should be an in_addr** or in6_addr**).
*/ */
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res) static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res)
{ {
int addrlen; int addrlen;
...@@ -1546,6 +1554,8 @@ static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res) ...@@ -1546,6 +1554,8 @@ static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res)
return 0; return 0;
} }
#pragma GCC diagnostic pop
static int ip_addr_get(int family, int ifindex, void **res) static int ip_addr_get(int family, int ifindex, void **res)
{ {
int answer_len, err; int answer_len, err;
...@@ -1588,6 +1598,9 @@ static int ip_addr_get(int family, int ifindex, void **res) ...@@ -1588,6 +1598,9 @@ static int ip_addr_get(int family, int ifindex, void **res)
if (err < 0) if (err < 0)
goto out; goto out;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
do { do {
/* Restore the answer buffer length, it might have been /* Restore the answer buffer length, it might have been
* overwritten by a previous receive. * overwritten by a previous receive.
...@@ -1647,6 +1660,8 @@ static int ip_addr_get(int family, int ifindex, void **res) ...@@ -1647,6 +1660,8 @@ static int ip_addr_get(int family, int ifindex, void **res)
} }
} while (readmore); } while (readmore);
#pragma GCC diagnostic pop
/* If we end up here, we didn't find any result, so signal an /* If we end up here, we didn't find any result, so signal an
* error. * error.
*/ */
...@@ -3213,8 +3228,12 @@ int lxc_netns_set_nsid(int fd) ...@@ -3213,8 +3228,12 @@ int lxc_netns_set_nsid(int fd)
return -1; return -1;
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
hdr = (struct nlmsghdr *)buf; hdr = (struct nlmsghdr *)buf;
msg = (struct rtgenmsg *)NLMSG_DATA(hdr); msg = (struct rtgenmsg *)NLMSG_DATA(hdr);
#pragma GCC diagnostic pop
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg)); hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg));
hdr->nlmsg_type = RTM_NEWNSID; hdr->nlmsg_type = RTM_NEWNSID;
...@@ -3252,7 +3271,10 @@ static int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int le ...@@ -3252,7 +3271,10 @@ static int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int le
if ((type <= max) && (!tb[type])) if ((type <= max) && (!tb[type]))
tb[type] = rta; tb[type] = rta;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
rta = RTA_NEXT(rta, len); rta = RTA_NEXT(rta, len);
#pragma GCC diagnostic pop
} }
return 0; return 0;
...@@ -3287,8 +3309,12 @@ int lxc_netns_get_nsid(int fd) ...@@ -3287,8 +3309,12 @@ int lxc_netns_get_nsid(int fd)
return -1; return -1;
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
hdr = (struct nlmsghdr *)buf; hdr = (struct nlmsghdr *)buf;
msg = (struct rtgenmsg *)NLMSG_DATA(hdr); msg = (struct rtgenmsg *)NLMSG_DATA(hdr);
#pragma GCC diagnostic pop
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg)); hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg));
hdr->nlmsg_type = RTM_GETNSID; hdr->nlmsg_type = RTM_GETNSID;
...@@ -3313,9 +3339,12 @@ int lxc_netns_get_nsid(int fd) ...@@ -3313,9 +3339,12 @@ int lxc_netns_get_nsid(int fd)
if (len < 0) if (len < 0)
return -1; return -1;
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
parse_rtattr(tb, __LXC_NETNSA_MAX, NETNS_RTA(msg), len); parse_rtattr(tb, __LXC_NETNSA_MAX, NETNS_RTA(msg), len);
if (tb[__LXC_NETNSA_NSID]) if (tb[__LXC_NETNSA_NSID])
return rta_getattr_s32(tb[__LXC_NETNSA_NSID]); return rta_getattr_s32(tb[__LXC_NETNSA_NSID]);
#pragma GCC diagnostic pop
return -1; return -1;
} }
src/lxc/rtnl.c
...@@ -42,6 +42,9 @@ extern int rtnetlink_close(struct rtnl_handler *handler) ...@@ -42,6 +42,9 @@ extern int rtnetlink_close(struct rtnl_handler *handler)
return netlink_close(&handler->nlh); return netlink_close(&handler->nlh);
} }
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg) extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg)
{ {
return netlink_rcv(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr); return netlink_rcv(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr);
...@@ -62,6 +65,8 @@ extern int rtnetlink_transaction(struct rtnl_handler *handler, ...@@ -62,6 +65,8 @@ extern int rtnetlink_transaction(struct rtnl_handler *handler,
(struct nlmsg *)&answer->nlmsghdr); (struct nlmsg *)&answer->nlmsghdr);
} }
#pragma GCC diagnostic pop
extern struct rtnlmsg *rtnlmsg_alloc(size_t size) extern struct rtnlmsg *rtnlmsg_alloc(size_t size)
{ {
/* /*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment