Add Support for Annex K functions according to C11

Adding an implementation of the bounds-checking C functions (as specified in Annex K of the C11 standard) to the PicoLibc. These functions lower the risk of introducing security vulnerabilities such as buffer overflows and format string vulnerabilities into your code by providing clear and easy-to-use interfaces. For each C function a secure alternate function ending in a "_s" postfix is provided (e.g., strcpy_s). Use of these functions is recommended by security experts and secure coding standards. Signed-off-by: Mostafa Salman <[email protected]>
foss-for-synopsys-dwc-arc-processors · Jun 3, 2024 · 04afd0d · 04afd0d
1 parent 695583c
commit 04afd0d
Show file tree

Hide file tree

Showing 41 changed files with 2,690 additions and 0 deletions.
diff --git a/newlib/libc/include/errno.h b/newlib/libc/include/errno.h
@@ -36,6 +36,16 @@ SUCH DAMAGE.
 
 #ifndef __error_t_defined
 typedef int error_t;
+
+#ifdef __STDC_WANT_LIB_EXT1__
+#if (__STDC_WANT_LIB_EXT1__ != 0) && (__STDC_WANT_LIB_EXT1__ != 1)
+#error Please define __STDC_WANT_LIB_EXT__ as 0 or 1
+#endif
+#if __STDC_WANT_LIB_EXT1__ == 1
+typedef int errno_t;
+#endif
+#endif
+
 #define __error_t_defined 1
 #endif
 

diff --git a/newlib/libc/include/stdint.h b/newlib/libc/include/stdint.h
@@ -458,6 +458,24 @@ typedef __uint_least64_t uint_least64_t;
 #endif
 #endif
 
+#ifdef __STDC_WANT_LIB_EXT1__
+#if (__STDC_WANT_LIB_EXT1__ != 0) && (__STDC_WANT_LIB_EXT1__ != 1)
+#error Please define __STDC_WANT_LIB_EXT__ as 0 or 1
+#endif
+
+#if __STDC_WANT_LIB_EXT1__ == 1
+    #include <stddef.h>
+    #ifndef __RSIZE_T
+    #define __RSIZE_T
+    typedef size_t rsize_t;
+    #endif
+
+    extern rsize_t _set_rsize_max_s(rsize_t);
+    extern rsize_t _get_rsize_max_s(void);
+    #define RSIZE_MAX (_get_rsize_max_s())
+#endif
+#endif
+
 
 #ifdef __cplusplus
 }

diff --git a/newlib/libc/include/stdlib.h b/newlib/libc/include/stdlib.h
@@ -383,6 +383,29 @@ _Noreturn void
 	quick_exit(int);
 #endif /* __ISO_C_VISIBLE >= 2011 */
 
+
+#ifdef __STDC_WANT_LIB_EXT1__
+#if (__STDC_WANT_LIB_EXT1__ != 0) && (__STDC_WANT_LIB_EXT1__ != 1)
+#error Please define __STDC_WANT_LIB_EXT__ as 0 or 1
+#endif
+
+#if __STDC_WANT_LIB_EXT1__ == 1
+#include <errno.h>
+
+typedef void (*constraint_handler_t)(
+        const char *restrict msg, void *restrict ptr, errno_t error);
+
+extern constraint_handler_t * ___pcur_handler(void);
+#define cur_handler (*___pcur_handler())
+
+extern constraint_handler_t set_constraint_handler_s(
+        constraint_handler_t handler);
+extern void ignore_handler_s(
+        const char *restrict msg, void *restrict ptr, errno_t error);
+#endif
+#endif
+
+
 _END_STD_C
 
 #if __SSP_FORTIFY_LEVEL > 0

diff --git a/newlib/libc/include/string.h b/newlib/libc/include/string.h
@@ -78,6 +78,35 @@ char 	*strpbrk (const char *, const char *);
 char 	*strrchr (const char *, int);
 size_t	 strspn (const char *, const char *);
 char 	*strstr (const char *, const char *);
+
+
+#ifdef __STDC_WANT_LIB_EXT1__
+#if (__STDC_WANT_LIB_EXT1__ != 0) && (__STDC_WANT_LIB_EXT1__ != 1)
+#error Please define __STDC_WANT_LIB_EXT__ as 0 or 1
+#endif
+
+#if __STDC_WANT_LIB_EXT1__ == 1
+#include <stddef.h>
+#include <errno.h>
+
+#ifndef __RSIZE_T
+#define __RSIZE_T
+typedef size_t rsize_t;
+#endif
+
+extern errno_t memcpy_s(void *__restrict, rsize_t, const void *__restrict, rsize_t);
+extern errno_t memset_s(void *, rsize_t, int, rsize_t);
+extern errno_t memmove_s(void *, rsize_t, const void *, rsize_t);
+extern errno_t strcpy_s(char *__restrict, rsize_t, const char *__restrict);
+extern errno_t strcat_s(char *__restrict, rsize_t, const char *__restrict);
+extern errno_t strncpy_s(char *__restrict, rsize_t, const char *__restrict, rsize_t);
+extern errno_t strncat_s(char *__restrict, rsize_t, const char *__restrict, rsize_t);
+extern size_t strnlen_s(const char *, size_t);
+extern errno_t strerror_s(char *, rsize_t, errno_t); /* C11 */
+extern size_t strerrorlen_s(errno_t);
+#endif
+#endif
+
 #ifndef _REENT_ONLY
 char 	*strtok (char *__restrict, const char *__restrict);
 #endif

diff --git a/newlib/libc/include/sys/errno.h b/newlib/libc/include/sys/errno.h
@@ -227,6 +227,8 @@ extern NEWLIB_THREAD_LOCAL_ERRNO int errno;
 #endif
 #define EWOULDBLOCK EAGAIN	/* Operation would block */
 
+#define ELAST 149
+
 #define __ELASTERROR 2000       /* Users can add values starting here */
 
 #ifdef __cplusplus

diff --git a/newlib/libc/stdlib/CMakeLists.txt b/newlib/libc/stdlib/CMakeLists.txt
@@ -115,6 +115,8 @@ picolibc_sources(
   pico-exit.c
   pico-onexit.c
   pico-cxa-atexit.c
+  set_constraint_handler_s.c
+  rsizet.c
   )
 
 picolibc_sources_flags("-fno-builtin-malloc;-fno-builtin-free"

diff --git a/newlib/libc/stdlib/constraint.c b/newlib/libc/stdlib/constraint.c
@@ -0,0 +1,55 @@
+/*
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright © 2024, Synopsys Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer in the documentation and/or other materials provided
+ *    with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#define __STDC_WANT_LIB_EXT1__ 1
+#include <stdlib.h>
+
+static constraint_handler_t cur_handler = ignore_handler_s;
+
+constraint_handler_t set_constraint_handler_s(constraint_handler_t handler) {
+    constraint_handler_t h = cur_handler;
+    if (handler == (constraint_handler_t)NULL)
+        cur_handler = ignore_handler_s; // null restores to default handler
+    else
+	cur_handler = handler;
+    return h;
+    }
+
+void ignore_handler_s(
+            const char *restrict msg, void *restrict ptr, errno_t error) {
+    (void) msg;
+    (void) ptr;
+    (void) error;
+    return;
+    }
diff --git a/newlib/libc/stdlib/meson.build b/newlib/libc/stdlib/meson.build
@@ -161,6 +161,8 @@ srcs_stdlib = [
     'wctob.c',
     'wctomb.c',
     'wctomb_r.c',
+    'set_constraint_handler_s.c',
+    'rsizet.c',
 ]
 
 srcs_stdlib_stdio = [

diff --git a/newlib/libc/stdlib/rsizet.c b/newlib/libc/stdlib/rsizet.c
@@ -0,0 +1,48 @@
+/*
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright © 2024, Synopsys Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer in the documentation and/or other materials provided
+ *    with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#define __STDC_WANT_LIB_EXT1__  1
+#include <stdint.h>
+
+static rsize_t rsize_max = (SIZE_MAX >> 4);
+
+rsize_t _set_rsize_max_s(rsize_t maxval) {
+    rsize_t ret = rsize_max;
+    rsize_max = maxval;
+    return ret;
+    }
+
+rsize_t _get_rsize_max_s(void) {
+    return rsize_max;
+    }
diff --git a/newlib/libc/stdlib/set_constraint_handler_s.c b/newlib/libc/stdlib/set_constraint_handler_s.c
@@ -0,0 +1,60 @@
+/*
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright © 2024, Synopsys Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions and the following
+ *    disclaimer in the documentation and/or other materials provided
+ *    with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#define __STDC_WANT_LIB_EXT1__ 1
+#include <stdlib.h>
+
+void ignore_handler_s(const char *restrict msg, void *restrict ptr, errno_t error)
+{
+    (void) msg;
+    (void) ptr;
+    (void) error;
+}
+
+constraint_handler_t set_constraint_handler_s(constraint_handler_t handler)
+{
+    constraint_handler_t h = cur_handler;
+
+    if (handler == (constraint_handler_t)NULL)
+    {
+        cur_handler = ignore_handler_s; // null restores to default handler
+    }
+    else
+    {
+        cur_handler = handler;
+    }
+
+    return h;
+}
+
diff --git a/newlib/libc/string/CMakeLists.txt b/newlib/libc/string/CMakeLists.txt
@@ -136,4 +136,14 @@ picolibc_sources(
   wmempcpy.c
   wmemset.c
   xpg_strerror_r.c
+  memcpy_s.c
+  memmove_s.c
+  memset_s.c
+  strcat_s.c
+  strcpy_s.c
+  strerror_s.c
+  strerrorlen_s.c
+  strncat_s.c
+  strncpy_s.c
+  strnlen_s.c
   )