From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 8 Jan 2021 13:36:05 +0000 (+1100)
Subject: Add test against Graphene hardened malloc.
X-Git-Tag: V_8_5_P1~129
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b744914fcb76d70761f1b667de95841b3fc80a56;p=thirdparty%2Fopenssh-portable.git

Add test against Graphene hardened malloc.
---

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index 61349be11..2d489b7ed 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -40,7 +40,10 @@ for TARGET in $TARGETS; do
     "--with-selinux")
         PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
         ;;
-    *) echo "Invalid option"
+    "--with-ldflags=-lhardened_malloc")
+        INSTALL_HARDENED_MALLOC=yes
+       ;;
+    *) echo "Invalid option '${TARGET}'"
         exit 1
         ;;
     esac
@@ -56,3 +59,10 @@ if [ "x" != "x$PACKAGES" ]; then
     sudo apt update -qq
     sudo apt install -qy $PACKAGES
 fi
+
+if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
+    (cd ${HOME} &&
+     git clone https://github.com/GrapheneOS/hardened_malloc.git &&
+     cd ${HOME}/hardened_malloc &&
+     make && sudo cp libhardened_malloc.so /usr/lib/)
+fi
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index 5c5dd6bd8..c019d96e7 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -16,6 +16,7 @@ jobs:
         configs:
         - ""
         - "--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin --with-selinux"
+        - "--with-ldflags=-lhardened_malloc"
 
     steps:
     - uses: actions/checkout@v2