Add Security optimizations.

- Add additional security compiler flags. - Replace strcpy with strncpy. Change-Id: I766d9d7476883c466b9eb75644a9a1b18ed93b63 Signed-off-by: Steve Linsell <[email protected]>
jmagnin · Jul 11, 2019 · da86027 · da86027
1 parent d064593
commit da86027
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/.tools/configure.ac b/.tools/configure.ac
@@ -362,11 +362,11 @@ AC_SUBST(includes)
 case `($CC --version) 2>/dev/null` in
     'gcc (GCC) '[[0-3]].* | \
     'gcc (GCC) '4.[[0-8]].*)
-         AC_ARG_WITH(cflags, AS_HELP_STRING(), , cflags="-shared -fPIC -Wall -Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector")
+         AC_ARG_WITH(cflags, AS_HELP_STRING(), , cflags="-shared -fPIC -Wall -Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector -fno-strict-overflow -fno-delete-null-pointer-checks -fwrapv")
          AC_SUBST(cflags)
          ;;
     *)
-         AC_ARG_WITH(cflags, AS_HELP_STRING(), , cflags="-shared -fPIC -Wall -Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector-strong")
+         AC_ARG_WITH(cflags, AS_HELP_STRING(), , cflags="-shared -fPIC -Wall -Wformat -Wformat-security -O2 -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fno-strict-overflow -fno-delete-null-pointer-checks -fwrapv")
          AC_SUBST(cflags)
          ;;
 esac

diff --git a/qat_contig_mem/qat_contig_mem_test.c b/qat_contig_mem/qat_contig_mem_test.c
@@ -78,6 +78,7 @@
 #include "qat_contig_mem.h"
 
 #define SEG_LEN 64
+#define TEST_STR_LEN 64
 
 /******************************************************************************
 * function:
@@ -94,6 +95,7 @@ int main(void)
     void *addr = MAP_FAILED;
     qat_contig_mem_config *mem_to_free = NULL;
     int ret = EXIT_SUCCESS;
+    char test_str[TEST_STR_LEN] = "Hello world!";
 
     if ((qat_contig_memfd = open("/dev/qat_contig_mem", O_RDWR)) == -1) {
         perror("# FAIL open qat_contig_mem");
@@ -118,7 +120,7 @@ int main(void)
     mem_to_free = addr;
     printf("seg mapped to %p, virtualAddress in seg %p, length %d\n", addr,
            (void *)mem_to_free->virtualAddress, mem_to_free->length);
-    strcpy(addr + sizeof(qat_contig_mem_config), "Hello world!");
+    strncpy(addr + sizeof(qat_contig_mem_config), test_str, TEST_STR_LEN);
     puts(addr + sizeof(qat_contig_mem_config));
  cleanup:
     if (qat_contig_memfd != -1 && mem_to_free != NULL