From: Steffan Karger <steffan@karger.me>
Date: Wed, 21 Oct 2015 08:08:06 +0000 (+0200)
Subject: hardening: add insurance to exit on a failed ASSERT()
X-Git-Tag: v2.3.9~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d03dd06e59dc98eb2afaaa49cb1f879cab9ce747;p=thirdparty%2Fopenvpn.git

hardening: add insurance to exit on a failed ASSERT()

The code behind our ASSERT() macro is pretty complex.  Although it seems
to be correct, make it trivially clear we will never return from a failed
assert by adding an _exit(1) call.  As was suggested by Sebastian Krahmer
of the SuSE security team.

To make sure they that tools like clang static analyzer and coverity
understand that assert_failed() will not return, add an
__attribute__((__noreturn__)) annotation.

v2: use __attribute__ instead of inline to convince static analysers.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1445414886-11052-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10349
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e8a9e3203bf00605dae000d31095076ae038491c)
---

diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index 6848425e0..de2fc49a9 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
@@ -400,6 +400,7 @@ void
 assert_failed (const char *filename, int line)
 {
   msg (M_FATAL, "Assertion failed at %s:%d", filename, line);
+  _exit(1);
 }
 
 /*
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index 27c48b692..e9564ac42 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -213,7 +213,7 @@ FILE *msg_fp(const unsigned int flags);
 /* Fatal logic errors */
 #define ASSERT(x) do { if (!(x)) assert_failed(__FILE__, __LINE__); } while (false)
 
-void assert_failed (const char *filename, int line);
+void assert_failed (const char *filename, int line) __attribute__((__noreturn__));
 
 #ifdef ENABLE_DEBUG
 void crash (void); /* force a segfault (debugging only) */