diff options
-rw-r--r-- | runtime/CMakeLists.txt | 2 | ||||
-rw-r--r-- | runtime/Fortify/CMakeLists.txt | 28 | ||||
-rw-r--r-- | runtime/Fortify/fortify.c | 83 | ||||
-rw-r--r-- | tools/klee/main.cpp | 14 |
4 files changed, 124 insertions, 3 deletions
diff --git a/runtime/CMakeLists.txt b/runtime/CMakeLists.txt index 9bd1442b..ea8335de 100644 --- a/runtime/CMakeLists.txt +++ b/runtime/CMakeLists.txt @@ -91,11 +91,13 @@ endforeach () add_subdirectory(Freestanding) add_subdirectory(Intrinsic) add_subdirectory(klee-libc) +add_subdirectory(Fortify) set(RUNTIME_LIBRARIES RuntimeFreestanding RuntimeIntrinsic RuntimeKLEELibc + RuntimeFortify ) if (ENABLE_KLEE_EH_CXX) diff --git a/runtime/Fortify/CMakeLists.txt b/runtime/Fortify/CMakeLists.txt new file mode 100644 index 00000000..8e751f66 --- /dev/null +++ b/runtime/Fortify/CMakeLists.txt @@ -0,0 +1,28 @@ +#===------------------------------------------------------------------------===# +# +# The KLEE Symbolic Virtual Machine +# +# This file is distributed under the University of Illinois Open Source +# License. See LICENSE.TXT for details. +# +#===------------------------------------------------------------------------===# + +set(LIB_PREFIX "RuntimeFortify") +set(SRC_FILES + fortify.c + ../Freestanding/fortify-fs.c + ../klee-libc/fortify-klibc.c + ) + +# Add __NO_INLINE__ to prevent glibc from using inline definitions of some +# builtins (i.e. putchar and atoi). +set(ADDITIONAL_CC_FLAGS + -D__NO_INLINE__ + -std=gnu89 + ) + +# Build it +include("${CMAKE_SOURCE_DIR}/cmake/compile_bitcode_library.cmake") +prefix_with_path("${SRC_FILES}" "${CMAKE_CURRENT_SOURCE_DIR}/" prefixed_files) + +add_bitcode_library_targets("${LIB_PREFIX}" "${prefixed_files}" "${ADDITIONAL_CC_FLAGS}" "") diff --git a/runtime/Fortify/fortify.c b/runtime/Fortify/fortify.c new file mode 100644 index 00000000..a8d54fd8 --- /dev/null +++ b/runtime/Fortify/fortify.c @@ -0,0 +1,83 @@ +//===-- fortify.c ---------------------------------------------------------===// +// +// The KLEE Symbolic Virtual Machine +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#include "klee/klee.h" + +#include <limits.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/socket.h> +#include <unistd.h> + +char *__fgets_chk(char *s, size_t size, int strsize, FILE *stream) { + return fgets(s, size, stream); +} + +ssize_t __pread_chk(int fd, void *buf, size_t nbytes, off_t offset, + size_t buflen) { + if (nbytes > buflen) + klee_report_error(__FILE__, __LINE__, "pread overflow", "ptr.err"); + + return pread(fd, buf, nbytes, offset); +} + +ssize_t __read_chk(int fd, void *buf, size_t nbytes, size_t buflen) { + if (nbytes > buflen) + klee_report_error(__FILE__, __LINE__, "read overflow", "ptr.err"); + + return read(fd, buf, nbytes); +} + +ssize_t __readlink_chk(const char *path, char *buf, size_t len, size_t buflen) { + if (len > buflen) + klee_report_error(__FILE__, __LINE__, "readlink overflow", "ptr.err"); + + return readlink(path, buf, len); +} + +char *__realpath_chk(const char *path, char *resolved_path, + size_t resolved_len) { + if (resolved_len < PATH_MAX) + klee_report_error(__FILE__, __LINE__, "realpath overflow", "ptr.err"); + + return realpath(path, resolved_path); +} + +ssize_t __recv_chk(int fd, void *buf, size_t len, size_t buflen, int flag) { + if (len > buflen) + klee_report_error(__FILE__, __LINE__, "recv overflow", "ptr.err"); + + return recv(fd, buf, len, flag); +} + +ssize_t __recvfrom_chk(int fd, void *buf, size_t len, size_t buflen, int flag, + struct sockaddr *from, socklen_t *fromlen) { + if (len > buflen) + klee_report_error(__FILE__, __LINE__, "recvfrom overflow", "ptr.err"); + + return recvfrom(fd, buf, len, flag, from, fromlen); +} + +char *__stpncpy_chk(char *dest, const char *src, size_t n, size_t destlen) { + if (n > destlen) + klee_report_error(__FILE__, __LINE__, "stpncpy overflow", "ptr.err"); + return stpncpy(dest, src, n); +} + +char *__strncat_chk(char *s1, const char *s2, size_t n, size_t s1len) { + return strncat(s1, s2, n); +} + +int __ttyname_r_chk(int fd, char *buf, size_t buflen, size_t nreal) { + if (buflen > nreal) + klee_report_error(__FILE__, __LINE__, "ttyname_r overflow", "ptr.err"); + return ttyname_r(fd, buf, nreal); +} diff --git a/tools/klee/main.cpp b/tools/klee/main.cpp index d1f588bc..7184bd44 100644 --- a/tools/klee/main.cpp +++ b/tools/klee/main.cpp @@ -1021,7 +1021,7 @@ static void halt_via_gdb(int pid) { #ifndef SUPPORT_KLEE_UCLIBC static void -linkWithUclibc(StringRef libDir, +linkWithUclibc(StringRef libDir, std::string opt_suffix, std::vector<std::unique_ptr<llvm::Module>> &modules) { klee_error("invalid libc, no uclibc support!\n"); } @@ -1112,7 +1112,7 @@ createLibCWrapper(std::vector<std::unique_ptr<llvm::Module>> &modules, } static void -linkWithUclibc(StringRef libDir, +linkWithUclibc(StringRef libDir, std::string opt_suffix, std::vector<std::unique_ptr<llvm::Module>> &modules) { LLVMContext &ctx = modules[0]->getContext(); @@ -1133,6 +1133,14 @@ linkWithUclibc(StringRef libDir, createLibCWrapper(modules, EntryPoint, "__uClibc_main"); klee_message("NOTE: Using klee-uclibc : %s", uclibcBCA.c_str()); + + // Link the fortified library + SmallString<128> FortifyPath(libDir); + llvm::sys::path::append(FortifyPath, + "libkleeRuntimeFortify" + opt_suffix + ".bca"); + if (!klee::loadFile(FortifyPath.c_str(), ctx, modules, errorMsg)) + klee_error("error loading the fortify library '%s': %s", + FortifyPath.c_str(), errorMsg.c_str()); } #endif @@ -1318,7 +1326,7 @@ int main(int argc, char **argv, char **envp) { break; } case LibcType::UcLibc: - linkWithUclibc(LibraryDir, loadedModules); + linkWithUclibc(LibraryDir, opt_suffix, loadedModules); break; } |