From: Remi Gacogne Date: Tue, 17 Jan 2023 16:31:52 +0000 (+0100) Subject: Add a new configure option to initialize automatic variables X-Git-Tag: dnsdist-1.8.0-rc1~95^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f5834602e0098ba18b74a81badbb2e7dc4041ab;p=thirdparty%2Fpdns.git Add a new configure option to initialize automatic variables The new option, `--enable-auto-var-init`, when enabled, sets the `-ftrivial-auto-var-init` flag when supported by the compiler (GCC 12+, clang 16+) to either: - `zero`: zero-initializes all automatic variables, and is enabled with `--enable-auto-var-init=yes` or `--enable-auto-var-init=zero`. This can be used as a hardening measure in production, reducing information leakage issues. - `pattern`: initialize all automatic variables to a pattern that is likely to be detected, like 0xAA, and is enabled via `--enable-auto-var-init=pattern`. This is useful in tests, especially when the cost of sanitizers is too high. I have not done any performance testing, but the zero option is generally considered to have a less than 5% performance cost. --- diff --git a/configure.ac b/configure.ac index 09dffb59e0..42fbd56dad 100644 --- a/configure.ac +++ b/configure.ac @@ -308,6 +308,7 @@ PROGRAM_LDFLAGS="$PIE_LDFLAGS $PROGRAM_LDFLAGS" AC_SUBST([PROGRAM_LDFLAGS]) PDNS_ENABLE_COVERAGE +PDNS_INIT_AUTO_VARS PDNS_ENABLE_SANITIZERS PDNS_ENABLE_MALLOC_TRACE diff --git a/m4/pdns_init_auto_vars.m4 b/m4/pdns_init_auto_vars.m4 new file mode 100644 index 0000000000..cf93ffd81b --- /dev/null +++ b/m4/pdns_init_auto_vars.m4 @@ -0,0 +1,31 @@ +dnl +dnl Check for support for enabling initialization of automatic variables +dnl + +AC_DEFUN([PDNS_INIT_AUTO_VARS],[ + AC_MSG_CHECKING([whether to enable initialization of automatic variables]) + AC_ARG_ENABLE([auto-var-init], + AS_HELP_STRING([--enable-auto-var-init],[enable initialization of automatic variables (zero, pattern) @<:@default=no@:>@]), + [enable_initautovars=$enableval], + [enable_initautovars=no], + ) + AC_MSG_RESULT([$enable_initautovars]) + + AS_IF([test "x$enable_initautovars" = "xyes"], [ + [enable_initautovars=zero] + ]) + + AS_IF([test "x$enable_initautovars" = "xzero" ], [ + gl_COMPILER_OPTION_IF([-ftrivial-auto-var-init=zero], [ + CFLAGS="-ftrivial-auto-var-init=zero $CFLAGS" + CXXFLAGS="-ftrivial-auto-var-init=zero $CXXFLAGS" + ]) + ]) + + AS_IF([test "x$enable_initautovars" = "xpattern" ], [ + gl_COMPILER_OPTION_IF([-ftrivial-auto-var-init=pattern], [ + CFLAGS="-ftrivial-auto-var-init=pattern $CFLAGS" + CXXFLAGS="-ftrivial-auto-var-init=pattern $CXXFLAGS" + ]) + ]) +]) diff --git a/pdns/dnsdistdist/configure.ac b/pdns/dnsdistdist/configure.ac index 18c3e157df..c308f4e7b2 100644 --- a/pdns/dnsdistdist/configure.ac +++ b/pdns/dnsdistdist/configure.ac @@ -119,6 +119,8 @@ AS_IF([test "x$enable_hardening" != "xno"], [ AC_LD_RELRO ]) +PDNS_INIT_AUTO_VARS + PDNS_ENABLE_SANITIZERS PDNS_CHECK_PYTHON_VENV diff --git a/pdns/dnsdistdist/m4/pdns_init_auto_vars.m4 b/pdns/dnsdistdist/m4/pdns_init_auto_vars.m4 new file mode 120000 index 0000000000..c4384fffec --- /dev/null +++ b/pdns/dnsdistdist/m4/pdns_init_auto_vars.m4 @@ -0,0 +1 @@ +../../../m4/pdns_init_auto_vars.m4 \ No newline at end of file diff --git a/pdns/recursordist/configure.ac b/pdns/recursordist/configure.ac index e97a0ac6f4..f8ddf6d234 100644 --- a/pdns/recursordist/configure.ac +++ b/pdns/recursordist/configure.ac @@ -150,6 +150,7 @@ AS_IF([test "x$enable_hardening" != "xno"], [ AC_LD_RELRO ]) +PDNS_INIT_AUTO_VARS PDNS_ENABLE_SANITIZERS PDNS_ENABLE_MALLOC_TRACE PDNS_ENABLE_VALGRIND diff --git a/pdns/recursordist/m4/pdns_init_auto_vars.m4 b/pdns/recursordist/m4/pdns_init_auto_vars.m4 new file mode 120000 index 0000000000..c4384fffec --- /dev/null +++ b/pdns/recursordist/m4/pdns_init_auto_vars.m4 @@ -0,0 +1 @@ +../../../m4/pdns_init_auto_vars.m4 \ No newline at end of file