about summary refs log tree commit diff homepage
diff options
context:
space:
mode:
-rw-r--r--runtime/CMakeLists.txt2
-rw-r--r--runtime/Fortify/CMakeLists.txt28
-rw-r--r--runtime/Fortify/fortify.c83
-rw-r--r--tools/klee/main.cpp14
4 files changed, 124 insertions, 3 deletions
diff --git a/runtime/CMakeLists.txt b/runtime/CMakeLists.txt
index 9bd1442b..ea8335de 100644
--- a/runtime/CMakeLists.txt
+++ b/runtime/CMakeLists.txt
@@ -91,11 +91,13 @@ endforeach ()
 add_subdirectory(Freestanding)
 add_subdirectory(Intrinsic)
 add_subdirectory(klee-libc)
+add_subdirectory(Fortify)
 
 set(RUNTIME_LIBRARIES
         RuntimeFreestanding
         RuntimeIntrinsic
         RuntimeKLEELibc
+        RuntimeFortify
         )
 
 if (ENABLE_KLEE_EH_CXX)
diff --git a/runtime/Fortify/CMakeLists.txt b/runtime/Fortify/CMakeLists.txt
new file mode 100644
index 00000000..8e751f66
--- /dev/null
+++ b/runtime/Fortify/CMakeLists.txt
@@ -0,0 +1,28 @@
+#===------------------------------------------------------------------------===#
+#
+#                     The KLEE Symbolic Virtual Machine
+#
+# This file is distributed under the University of Illinois Open Source
+# License. See LICENSE.TXT for details.
+#
+#===------------------------------------------------------------------------===#
+
+set(LIB_PREFIX "RuntimeFortify")
+set(SRC_FILES
+        fortify.c
+        ../Freestanding/fortify-fs.c
+        ../klee-libc/fortify-klibc.c
+        )
+
+# Add __NO_INLINE__ to prevent glibc from using inline definitions of some
+# builtins (i.e. putchar and atoi).
+set(ADDITIONAL_CC_FLAGS
+        -D__NO_INLINE__
+        -std=gnu89
+        )
+
+# Build it
+include("${CMAKE_SOURCE_DIR}/cmake/compile_bitcode_library.cmake")
+prefix_with_path("${SRC_FILES}" "${CMAKE_CURRENT_SOURCE_DIR}/" prefixed_files)
+
+add_bitcode_library_targets("${LIB_PREFIX}" "${prefixed_files}" "${ADDITIONAL_CC_FLAGS}" "")
diff --git a/runtime/Fortify/fortify.c b/runtime/Fortify/fortify.c
new file mode 100644
index 00000000..a8d54fd8
--- /dev/null
+++ b/runtime/Fortify/fortify.c
@@ -0,0 +1,83 @@
+//===-- fortify.c ---------------------------------------------------------===//
+//
+//                     The KLEE Symbolic Virtual Machine
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#include "klee/klee.h"
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+char *__fgets_chk(char *s, size_t size, int strsize, FILE *stream) {
+  return fgets(s, size, stream);
+}
+
+ssize_t __pread_chk(int fd, void *buf, size_t nbytes, off_t offset,
+                    size_t buflen) {
+  if (nbytes > buflen)
+    klee_report_error(__FILE__, __LINE__, "pread overflow", "ptr.err");
+
+  return pread(fd, buf, nbytes, offset);
+}
+
+ssize_t __read_chk(int fd, void *buf, size_t nbytes, size_t buflen) {
+  if (nbytes > buflen)
+    klee_report_error(__FILE__, __LINE__, "read overflow", "ptr.err");
+
+  return read(fd, buf, nbytes);
+}
+
+ssize_t __readlink_chk(const char *path, char *buf, size_t len, size_t buflen) {
+  if (len > buflen)
+    klee_report_error(__FILE__, __LINE__, "readlink overflow", "ptr.err");
+
+  return readlink(path, buf, len);
+}
+
+char *__realpath_chk(const char *path, char *resolved_path,
+                     size_t resolved_len) {
+  if (resolved_len < PATH_MAX)
+    klee_report_error(__FILE__, __LINE__, "realpath overflow", "ptr.err");
+
+  return realpath(path, resolved_path);
+}
+
+ssize_t __recv_chk(int fd, void *buf, size_t len, size_t buflen, int flag) {
+  if (len > buflen)
+    klee_report_error(__FILE__, __LINE__, "recv overflow", "ptr.err");
+
+  return recv(fd, buf, len, flag);
+}
+
+ssize_t __recvfrom_chk(int fd, void *buf, size_t len, size_t buflen, int flag,
+                       struct sockaddr *from, socklen_t *fromlen) {
+  if (len > buflen)
+    klee_report_error(__FILE__, __LINE__, "recvfrom overflow", "ptr.err");
+
+  return recvfrom(fd, buf, len, flag, from, fromlen);
+}
+
+char *__stpncpy_chk(char *dest, const char *src, size_t n, size_t destlen) {
+  if (n > destlen)
+    klee_report_error(__FILE__, __LINE__, "stpncpy overflow", "ptr.err");
+  return stpncpy(dest, src, n);
+}
+
+char *__strncat_chk(char *s1, const char *s2, size_t n, size_t s1len) {
+  return strncat(s1, s2, n);
+}
+
+int __ttyname_r_chk(int fd, char *buf, size_t buflen, size_t nreal) {
+  if (buflen > nreal)
+    klee_report_error(__FILE__, __LINE__, "ttyname_r overflow", "ptr.err");
+  return ttyname_r(fd, buf, nreal);
+}
diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp
index d1f588bc..7184bd44 100644
--- a/tools/klee/main.cpp
+++ b/tools/klee/main.cpp
@@ -1021,7 +1021,7 @@ static void halt_via_gdb(int pid) {
 
 #ifndef SUPPORT_KLEE_UCLIBC
 static void
-linkWithUclibc(StringRef libDir,
+linkWithUclibc(StringRef libDir, std::string opt_suffix,
                std::vector<std::unique_ptr<llvm::Module>> &modules) {
   klee_error("invalid libc, no uclibc support!\n");
 }
@@ -1112,7 +1112,7 @@ createLibCWrapper(std::vector<std::unique_ptr<llvm::Module>> &modules,
 }
 
 static void
-linkWithUclibc(StringRef libDir,
+linkWithUclibc(StringRef libDir, std::string opt_suffix,
                std::vector<std::unique_ptr<llvm::Module>> &modules) {
   LLVMContext &ctx = modules[0]->getContext();
 
@@ -1133,6 +1133,14 @@ linkWithUclibc(StringRef libDir,
 
   createLibCWrapper(modules, EntryPoint, "__uClibc_main");
   klee_message("NOTE: Using klee-uclibc : %s", uclibcBCA.c_str());
+
+  // Link the fortified library
+  SmallString<128> FortifyPath(libDir);
+  llvm::sys::path::append(FortifyPath,
+                          "libkleeRuntimeFortify" + opt_suffix + ".bca");
+  if (!klee::loadFile(FortifyPath.c_str(), ctx, modules, errorMsg))
+    klee_error("error loading the fortify library '%s': %s",
+               FortifyPath.c_str(), errorMsg.c_str());
 }
 #endif
 
@@ -1318,7 +1326,7 @@ int main(int argc, char **argv, char **envp) {
     break;
   }
   case LibcType::UcLibc:
-    linkWithUclibc(LibraryDir, loadedModules);
+    linkWithUclibc(LibraryDir, opt_suffix, loadedModules);
     break;
   }