diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-01-23 08:55:40 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-01-23 08:55:40 -0500 |
| commit | 4a93ed1ede4c725cc4212d2f2d6df460df1c9610 (patch) | |
| tree | 10d2682776b943faa8018f159f25a21d89e28f10 | |
| parent | beaeee25ae47a864461355aac52b414a572dc5e1 (diff) | |
| parent | 767516680c03dfcd145033eff66fa3b0ca7d4b5b (diff) | |
| download | tor-4a93ed1ede4c725cc4212d2f2d6df460df1c9610.tar.gz tor-4a93ed1ede4c725cc4212d2f2d6df460df1c9610.zip | |
Merge branch 'maint-0.2.9'
| -rw-r--r-- | changes/trove-2017-001 | 8 | ||||
| -rw-r--r-- | configure.ac | 15 |
2 files changed, 18 insertions, 5 deletions
diff --git a/changes/trove-2017-001 b/changes/trove-2017-001 new file mode 100644 index 0000000000..5187e6d5f1 --- /dev/null +++ b/changes/trove-2017-001 @@ -0,0 +1,8 @@ + o Major bugfixes (security): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, like + others, can turn survivable bugs into crashes--and having it on by + default made a (relatively harmless) integer overflow bug into a + denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on + 0.2.9.1-alpha. + diff --git a/configure.ac b/configure.ac index 7a48a2ab4a..c5f39ee595 100644 --- a/configure.ac +++ b/configure.ac @@ -762,14 +762,15 @@ m4_ifdef([AS_VAR_IF],[ TOR_CHECK_CFLAGS(-fPIE) TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check") fi - TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true) TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true) - if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then - AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.]) - fi fi if test "x$enable_expensive_hardening" = "xyes"; then + TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true) + if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then + AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.]) + fi + if test "$tor_cv_cflags__ftrapv" != "yes"; then AC_MSG_ERROR([You requested expensive hardening, but the compiler does not seem to support -ftrapv.]) fi @@ -1828,7 +1829,7 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then -Wstatic-float-init -Wstatic-in-inline -Wstatic-local-in-inline - -Wstrict-overflow=2 + -Wstrict-overflow=1 -Wstring-compare -Wstring-conversion -Wstrlcpy-strlcat-size @@ -1873,6 +1874,10 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then -Wzero-length-array ], [ TOR_CHECK_CFLAGS([warning_flag]) ]) +dnl We should re-enable this in some later version. Clang doesn't +dnl mind, but it causes trouble with GCC. +dnl -Wstrict-overflow=2 + dnl These seem to require annotations that we don't currently use, dnl and they give false positives in our pthreads wrappers. (Clang 4) dnl -Wthread-safety |