]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5afd5b8)
Meson: Hardening - Control Flow Protection
authorFred Morcos <fred.morcos@open-xchange.com>
Fri, 13 Oct 2023 08:17:26 +0000 (10:17 +0200)
committerFred Morcos <fred.morcos@open-xchange.com>
Wed, 20 Mar 2024 12:28:52 +0000 (13:28 +0100)
meson/hardening/control-flow/meson.build [new file with mode: 0644] patch | blob
meson/hardening/meson.build patch | blob | blame | history
meson_options.txt patch | blob | blame | history

diff --git a/meson/hardening/control-flow/meson.build b/meson/hardening/control-flow/meson.build
new file mode 100644 (file)
index 0000000..0c1ed36
--- /dev/null
+++ b/meson/hardening/control-flow/meson.build
@@ -0,0 +1,10 @@
+opt_cf = get_option('hardening-experimental-cf')
+
+support_cf_prot = opt_cf != 'disabled' and cxx.has_argument('-fcf-protection=' + opt_cf)
+if support_cf_prot
+  add_project_arguments('-fcf-protection=' + opt_cf, language: ['c', 'cpp'])
+elif opt_cf != 'disabled'
+  error('Control Flow Protection was explicitly requested but is not supported by the compiler')
+endif
+
+summary('Control Flow Protection', support_cf_prot, bool_yn: true, section: 'Hardening')
diff --git a/meson/hardening/meson.build b/meson/hardening/meson.build
index 18d716153236e6aae0a4edec715b561e2f329cb3..05df75533bba6cbaf71c7bd93975e3d322321fca 100644 (file)
--- a/meson/hardening/meson.build
+++ b/meson/hardening/meson.build
@@ -30,3 +30,4 @@ if opt_hardening.enabled() or opt_hardening.auto()
 endif
 
 subdir('fortify-source')      # Fortify Source
+subdir('control-flow')        # Control Flow Protection
diff --git a/meson_options.txt b/meson_options.txt
index dc5d0edb967972540ca900f2061732de161411e2..12f3e0d6d25f72d4a8ea6743243ed936f538a3b4 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,5 +1,6 @@
 option('lua', type: 'combo', choices: ['auto', 'luajit', 'lua'], value: 'auto', description: 'Lua implementation to use')
 option('hardening', type: 'feature', value: 'auto', description: 'Compiler security checks')
+option('hardening-experimental-cf', type: 'combo', choices: ['disabled', 'full', 'branch', 'return', 'check'], value: 'disabled', description: 'Control Flow hardening')
 option('hardening-fortify-source', type: 'combo', choices: ['auto', 'disabled', '1', '2', '3'], value: '2', description: 'Source fortification level')
 option('rng-kiss', type: 'boolean', value: false, description: 'Use the unsafe KISS RNG')
 option('signers-libsodium', type: 'feature', value: 'auto', description: 'Enable libsodium-based signers')
Unnamed repository; edit this file 'description' to name the repository.