]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 698df98)
TROVE-2017-001 : move -ftrapv back into --expensive-hardening.
authorNick Mathewson <nickm@torproject.org>
Sun, 22 Jan 2017 16:32:54 +0000 (11:32 -0500)
committerNick Mathewson <nickm@torproject.org>
Mon, 23 Jan 2017 13:47:10 +0000 (08:47 -0500)
changes/trove-2017-001 [new file with mode: 0644] patch | blob
configure.ac patch | blob | blame | history

diff --git a/changes/trove-2017-001 b/changes/trove-2017-001
new file mode 100644 (file)
index 0000000..5187e6d
--- /dev/null
+++ b/changes/trove-2017-001
@@ -0,0 +1,8 @@
+  o Major bugfixes (security):
+    - Downgrade the "-ftrapv" option from "always on" to "only on when
+      --enable-expensive-hardening is provided."  This hardening option, like
+      others, can turn survivable bugs into crashes--and having it on by
+      default made a (relatively harmless) integer overflow bug into a
+      denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on
+      0.2.9.1-alpha.
+
diff --git a/configure.ac b/configure.ac
index 1e226a4719cfafa61bbb637cdd51813a8b0865c0..150637366729d9434b851c92796dbcb15ea5e1d4 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -761,14 +761,15 @@ m4_ifdef([AS_VAR_IF],[
        TOR_CHECK_CFLAGS(-fPIE)
        TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
     fi
-    TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
     TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
-    if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
-      AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
-    fi
 fi
 
 if test "x$enable_expensive_hardening" = "xyes"; then
+    TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
+   if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
+      AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
+   fi
+
    if test "$tor_cv_cflags__ftrapv" != "yes"; then
      AC_MSG_ERROR([You requested expensive hardening, but the compiler does not seem to support -ftrapv.])
    fi
@@ -1819,7 +1820,7 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then
      -Wstatic-float-init
      -Wstatic-in-inline
      -Wstatic-local-in-inline
-     -Wstrict-overflow=2
+     -Wstrict-overflow=1
      -Wstring-compare
      -Wstring-conversion
      -Wstrlcpy-strlcat-size
@@ -1864,6 +1865,10 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then
      -Wzero-length-array
   ], [ TOR_CHECK_CFLAGS([warning_flag]) ])
 
+dnl    We should re-enable this in some later version.  Clang doesn't
+dnl    mind, but it causes trouble with GCC.
+dnl     -Wstrict-overflow=2
+
 dnl    These seem to require annotations that we don't currently use,
 dnl    and they give false positives in our pthreads wrappers. (Clang 4)
 dnl     -Wthread-safety
Mirror of https://git.torproject.org/tor.git