Merge "Remove the meaningless on Linux if_dl.h header."
diff --git a/libc/Android.mk b/libc/Android.mk
index 70a5243..f2784fd 100644
--- a/libc/Android.mk
+++ b/libc/Android.mk
@@ -537,7 +537,8 @@
libc_common_c_includes := \
$(LOCAL_PATH)/stdlib \
$(LOCAL_PATH)/string \
- $(LOCAL_PATH)/stdio
+ $(LOCAL_PATH)/stdio \
+ external/safe-iop/include
# Needed to access private/__dso_handle.h from
# crtbegin_xxx.S and crtend_xxx.S
diff --git a/libc/netbsd/resolv/res_send.c b/libc/netbsd/resolv/res_send.c
index dbad6dd..53c492f 100644
--- a/libc/netbsd/resolv/res_send.c
+++ b/libc/netbsd/resolv/res_send.c
@@ -1144,6 +1144,9 @@
* XXX - potential security hazard could
* be detected here.
*/
+#ifdef ANDROID_CHANGES
+ __libc_android_log_event_uid(BIONIC_EVENT_RESOLVER_OLD_RESPONSE);
+#endif
DprintQ((statp->options & RES_DEBUG) ||
(statp->pfcode & RES_PRF_REPLY),
(stdout, ";; old answer:\n"),
@@ -1157,6 +1160,9 @@
* XXX - potential security hazard could
* be detected here.
*/
+#ifdef ANDROID_CHANGES
+ __libc_android_log_event_uid(BIONIC_EVENT_RESOLVER_WRONG_SERVER);
+#endif
DprintQ((statp->options & RES_DEBUG) ||
(statp->pfcode & RES_PRF_REPLY),
(stdout, ";; not our server:\n"),
@@ -1187,6 +1193,9 @@
* XXX - potential security hazard could
* be detected here.
*/
+#ifdef ANDROID_CHANGES
+ __libc_android_log_event_uid(BIONIC_EVENT_RESOLVER_WRONG_QUERY);
+#endif
DprintQ((statp->options & RES_DEBUG) ||
(statp->pfcode & RES_PRF_REPLY),
(stdout, ";; wrong query name:\n"),
diff --git a/libc/private/logd.h b/libc/private/logd.h
index 37d4104..8970daf 100644
--- a/libc/private/logd.h
+++ b/libc/private/logd.h
@@ -30,6 +30,21 @@
#include <stdarg.h>
+#define BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW 80100
+#define BIONIC_EVENT_STRCAT_BUFFER_OVERFLOW 80105
+#define BIONIC_EVENT_MEMMOVE_BUFFER_OVERFLOW 80110
+#define BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW 80115
+#define BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW 80120
+#define BIONIC_EVENT_MEMSET_BUFFER_OVERFLOW 80125
+#define BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW 80130
+
+#define BIONIC_EVENT_STRCAT_INTEGER_OVERFLOW 80200
+#define BIONIC_EVENT_STRNCAT_INTEGER_OVERFLOW 80205
+
+#define BIONIC_EVENT_RESOLVER_OLD_RESPONSE 80300
+#define BIONIC_EVENT_RESOLVER_WRONG_SERVER 80305
+#define BIONIC_EVENT_RESOLVER_WRONG_QUERY 80310
+
enum {
ANDROID_LOG_UNKNOWN = 0,
ANDROID_LOG_DEFAULT, /* only for SetMinPriority() */
diff --git a/libc/string/__memcpy_chk.c b/libc/string/__memcpy_chk.c
index aed3ec2..e79f6ac 100644
--- a/libc/string/__memcpy_chk.c
+++ b/libc/string/__memcpy_chk.c
@@ -47,6 +47,7 @@
if (len > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"*** memcpy buffer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW);
abort();
}
diff --git a/libc/string/__memmove_chk.c b/libc/string/__memmove_chk.c
index 5a6eb4d..529eb8f 100644
--- a/libc/string/__memmove_chk.c
+++ b/libc/string/__memmove_chk.c
@@ -47,6 +47,7 @@
if (len > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"*** memmove buffer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_MEMMOVE_BUFFER_OVERFLOW);
abort();
}
diff --git a/libc/string/__memset_chk.c b/libc/string/__memset_chk.c
index 1ccfd46..0904c03 100644
--- a/libc/string/__memset_chk.c
+++ b/libc/string/__memset_chk.c
@@ -46,6 +46,7 @@
if (n > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"*** memset buffer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_MEMSET_BUFFER_OVERFLOW);
abort();
}
diff --git a/libc/string/__strcat_chk.c b/libc/string/__strcat_chk.c
index 3e02052..4665d66 100644
--- a/libc/string/__strcat_chk.c
+++ b/libc/string/__strcat_chk.c
@@ -29,6 +29,7 @@
#include <string.h>
#include <stdlib.h>
#include <private/logd.h>
+#include <safe_iop.h>
/*
* Runtime implementation of __builtin____strcat_chk.
@@ -46,10 +47,20 @@
// TODO: optimize so we don't scan src/dest twice.
size_t src_len = strlen(src);
size_t dest_len = strlen(dest);
+ size_t sum;
- if (src_len + dest_len + 1 > dest_buf_size) {
+ // sum = src_len + dest_len + 1 (with overflow protection)
+ if (!safe_add3(&sum, src_len, dest_len, 1U)) {
+ __libc_android_log_print(ANDROID_LOG_FATAL, "libc",
+ "*** strcat integer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_STRCAT_INTEGER_OVERFLOW);
+ abort();
+ }
+
+ if (sum > dest_buf_size) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"*** strcat buffer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW);
abort();
}
diff --git a/libc/string/__strcpy_chk.c b/libc/string/__strcpy_chk.c
index 85aa19d..79486b4 100644
--- a/libc/string/__strcpy_chk.c
+++ b/libc/string/__strcpy_chk.c
@@ -48,6 +48,7 @@
if (src_len > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"*** strcpy buffer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW);
abort();
}
diff --git a/libc/string/__strncat_chk.c b/libc/string/__strncat_chk.c
index 9b0b84a..2036c9f 100644
--- a/libc/string/__strncat_chk.c
+++ b/libc/string/__strncat_chk.c
@@ -29,6 +29,7 @@
#include <string.h>
#include <stdlib.h>
#include <private/logd.h>
+#include <safe_iop.h>
/*
* Runtime implementation of __builtin____strncat_chk.
@@ -51,9 +52,19 @@
src_len = len;
}
- if (dest_len + src_len + 1 > dest_buf_size) {
+ size_t sum;
+ // sum = src_len + dest_len + 1 (with overflow protection)
+ if (!safe_add3(&sum, src_len, dest_len, 1U)) {
+ __libc_android_log_print(ANDROID_LOG_FATAL, "libc",
+ "*** strncat integer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_INTEGER_OVERFLOW);
+ abort();
+ }
+
+ if (sum > dest_buf_size) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"*** strncat buffer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_STRNCAT_BUFFER_OVERFLOW);
abort();
}
diff --git a/libc/string/__strncpy_chk.c b/libc/string/__strncpy_chk.c
index b87ef4b..3f9e9fb 100644
--- a/libc/string/__strncpy_chk.c
+++ b/libc/string/__strncpy_chk.c
@@ -47,6 +47,7 @@
if (len > dest_len) {
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
"*** strncpy buffer overflow detected ***\n");
+ __libc_android_log_event_uid(BIONIC_EVENT_STRNCPY_BUFFER_OVERFLOW);
abort();
}