1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <poll.h> // For struct pollfd.
30 #include <stdarg.h>
31 #include <stdlib.h>
32 #include <sys/select.h> // For struct fd_set.
33
34 #include <async_safe/log.h>
35
__fortify_fatal(const char * fmt,...)36 static inline __noreturn void __fortify_fatal(const char* fmt, ...) {
37 va_list args;
38 va_start(args, fmt);
39 async_safe_fatal_va_list("FORTIFY", fmt, args);
40 va_end(args);
41 abort();
42 }
43
44 //
45 // Common helpers.
46 //
47
__check_fd_set(const char * fn,int fd,size_t set_size)48 static inline void __check_fd_set(const char* fn, int fd, size_t set_size) {
49 if (__predict_false(fd < 0)) {
50 __fortify_fatal("%s: file descriptor %d < 0", fn, fd);
51 }
52 if (__predict_false(fd >= FD_SETSIZE)) {
53 __fortify_fatal("%s: file descriptor %d >= FD_SETSIZE %zu", fn, fd, set_size);
54 }
55 if (__predict_false(set_size < sizeof(fd_set))) {
56 __fortify_fatal("%s: set size %zu is too small to be an fd_set", fn, set_size);
57 }
58 }
59
__check_pollfd_array(const char * fn,size_t fds_size,nfds_t fd_count)60 static inline void __check_pollfd_array(const char* fn, size_t fds_size, nfds_t fd_count) {
61 size_t pollfd_array_length = fds_size / sizeof(pollfd);
62 if (__predict_false(pollfd_array_length < fd_count)) {
63 __fortify_fatal("%s: %zu-element pollfd array too small for %u fds",
64 fn, pollfd_array_length, fd_count);
65 }
66 }
67
__check_count(const char * fn,const char * identifier,size_t value)68 static inline void __check_count(const char* fn, const char* identifier, size_t value) {
69 if (__predict_false(value > SSIZE_MAX)) {
70 __fortify_fatal("%s: %s %zu > SSIZE_MAX", fn, identifier, value);
71 }
72 }
73
__check_buffer_access(const char * fn,const char * action,size_t claim,size_t actual)74 static inline void __check_buffer_access(const char* fn, const char* action,
75 size_t claim, size_t actual) {
76 if (__predict_false(claim > actual)) {
77 __fortify_fatal("%s: prevented %zu-byte %s %zu-byte buffer", fn, claim, action, actual);
78 }
79 }
80