1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #pragma once
30
31 #include <poll.h> // For struct pollfd.
32 #include <stdarg.h>
33 #include <stdlib.h>
34 #include <sys/select.h> // For struct fd_set.
35
36 #include <async_safe/log.h>
37
38 //
39 // LLVM can't inline variadic functions, and we don't want one definition of
40 // this per #include in libc.so, so no `static`.
41 //
__fortify_fatal(const char * fmt,...)42 inline __noreturn __printflike(1, 2) void __fortify_fatal(const char* fmt, ...) {
43 va_list args;
44 va_start(args, fmt);
45 async_safe_fatal_va_list("FORTIFY", fmt, args);
46 va_end(args);
47 abort();
48 }
49
50 //
51 // Common helpers.
52 //
53
__check_fd_set(const char * fn,int fd,size_t set_size)54 static inline void __check_fd_set(const char* fn, int fd, size_t set_size) {
55 if (__predict_false(fd < 0)) {
56 __fortify_fatal("%s: file descriptor %d < 0", fn, fd);
57 }
58 if (__predict_false(fd >= FD_SETSIZE)) {
59 __fortify_fatal("%s: file descriptor %d >= FD_SETSIZE %d", fn, fd, FD_SETSIZE);
60 }
61 if (__predict_false(set_size < sizeof(fd_set))) {
62 __fortify_fatal("%s: set size %zu is too small to be an fd_set", fn, set_size);
63 }
64 }
65
__check_pollfd_array(const char * fn,size_t fds_size,nfds_t fd_count)66 static inline void __check_pollfd_array(const char* fn, size_t fds_size, nfds_t fd_count) {
67 size_t pollfd_array_length = fds_size / sizeof(pollfd);
68 if (__predict_false(pollfd_array_length < fd_count)) {
69 __fortify_fatal("%s: %zu-element pollfd array too small for %u fds",
70 fn, pollfd_array_length, fd_count);
71 }
72 }
73
__check_count(const char * fn,const char * identifier,size_t value)74 static inline void __check_count(const char* fn, const char* identifier, size_t value) {
75 if (__predict_false(value > SSIZE_MAX)) {
76 __fortify_fatal("%s: %s %zu > SSIZE_MAX", fn, identifier, value);
77 }
78 }
79
__check_buffer_access(const char * fn,const char * action,size_t claim,size_t actual)80 static inline void __check_buffer_access(const char* fn, const char* action,
81 size_t claim, size_t actual) {
82 if (__predict_false(claim > actual)) {
83 __fortify_fatal("%s: prevented %zu-byte %s %zu-byte buffer", fn, claim, action, actual);
84 }
85 }
86