commit d8b51259caee09a4080e524ac254e1f5aecc46cc (HEAD -> main)
Author: Warner Losh <i...@freebsd.org>
Date: Wed Jun 11 21:14:16 2025 -0600
ssp: Protect sig2str with proper visibility markers
We only define SIG2STR_MAX with careful visibility, but define the
fortified version unconditionally. It needs to have the same visibility
both places.
Fixes: 3d12567133bf
Reviewed by: jrtc27, kevans
Sponsored by: Netflix
diff --git a/include/ssp/signal.h b/include/ssp/signal.h
index 9f1a926b9db6..fb1da0db90d1 100644
--- a/include/ssp/signal.h
+++ b/include/ssp/signal.h
@@ -35,6 +35,7 @@
__BEGIN_DECLS
+#if __POSIX_VISIBLE >= 202405 || __BSD_VISIBLE
__ssp_redirect_raw_impl(int, sig2str, sig2str,
(int signum, char *__restrict str))
{
@@ -43,6 +44,7 @@ __ssp_redirect_raw_impl(int, sig2str, sig2str,
return (__ssp_real(sig2str)(signum, str));
}
+#endif
__END_DECLS
should fix it. I'm testing a build before pushing... does that work for you?
Warner
Warner
On Wed, Jun 11, 2025 at 11:14 PM Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
>
> On Thu, Jun 12, 2025 at 04:05:05AM +0100, Jessica Clarke wrote:
> > On 12 Jun 2025, at 03:59, Warner Losh <i...@bsdimp.com> wrote:
> > >
> > > On Wed, Jun 11, 2025 at 10:56 PM Shawn Webb <shawn.w...@hardenedbsd.org>
> > > wrote:
> > >>
> > >> On Wed, Jun 11, 2025 at 11:16:40PM +0000, Warner Losh wrote:
> > >>> The branch main has been updated by imp:
> > >>>
> > >>> URL:
> > >>> https://cgit.FreeBSD.org/src/commit/?id=3d12567133bfb4082a5115f16a71a865ff2af7fb
> > >>>
> > >>> commit 3d12567133bfb4082a5115f16a71a865ff2af7fb
> > >>> Author: Ricardo Branco <rbra...@suse.de>
> > >>> AuthorDate: 2025-05-10 20:56:03 +0000
> > >>> Commit: Warner Losh <i...@freebsd.org>
> > >>> CommitDate: 2025-06-11 23:16:22 +0000
> > >>>
> > >>> Add the POSIX sig2str(3) & str2sig(3) calls
> > >>>
> > >>> Signed-off-by: Ricardo Branco <rbra...@suse.de>
> > >>> Reviewed by: imp, kib, des, jilles
> > >>> Pull Request: https://github.com/freebsd/freebsd-src/pull/1696
> > >>> ---
> > >>> include/signal.h | 9 ++++
> > >>> lib/libc/gen/Makefile.inc | 3 ++
> > >>> lib/libc/gen/Symbol.map | 2 +
> > >>> lib/libc/gen/psignal.3 | 56 ++++++++++++++++++++++-
> > >>> lib/libc/gen/sig2str.c | 112
> > >>> ++++++++++++++++++++++++++++++++++++++++++++++
> > >>> 5 files changed, 180 insertions(+), 2 deletions(-)
> > >>>
> > >>> diff --git a/include/signal.h b/include/signal.h
> > >>> index c1d341f317f4..22fefb63568f 100644
> > >>> --- a/include/signal.h
> > >>> +++ b/include/signal.h
> > >>> @@ -40,6 +40,10 @@
> > >>> #include <sys/_ucontext.h>
> > >>> #endif
> > >>>
> > >>> +#if __POSIX_VISIBLE >= 202405 || __BSD_VISIBLE
> > >>> +#define SIG2STR_MAX 32 /* size of buffer required for sig2str()
> > >>> */
> > >>> +#endif
> > >>
> > >> Hey Warner and Ricardo,
> > >>
> > >> The above breaks building world when _FORTIFY_SOURCE=2. I've committed
> > >> in HardenedBSD a fix:
> > >> https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/0572db282c5a542fe0de52739932e91eade537ed
> > >>
> > >> I suppose that the !defined gate might not actually be desired, since
> > >> doing it the way I did might cause issues if third-party code defines
> > >> the macro to a value smaller than what libc was built with. I might
> > >> remove that gate.
> > >
> > > I don't think we need the !defined part of it...
> > >
> > > But what software is breaking? What's the error message? Maybe the
> > > fact it's undefined is pointing at a different bug…
> >
> > Probably include/ssp/signal.h unconditionally defining the wrapper?
> > Presumably gating that with the same condition as sig2str itself would
> > fix things properly rather than such bogus hacks.
> >
> > But yes, including the actual error message when reporting a build
> > failure would have been helpful.
>
> I apologize. I indeed should have included the error message. It's
> included below.
>
> ==== BEGIN LOG ====
> ===> lib/liblua (all)
> cc -target x86_64-unknown-freebsd15.0
> --sysroot=/usr/obj/usr/src/amd64.amd64/tmp
> -B/usr/obj/usr/src/amd64.amd64/tmp/usr/bin -O2 -pipe -fno-common
> -DHARDENEDBSD -I/usr/src/lib/liblua -I/usr/src/lib/liblua/modules
> -I/usr/src/contrib/lua/src -DLUA_PROGNAME="\"\"" -g -gz=zlib -mretpoline
> -fPIC -flto -fzero-call-used-regs=used -MD -MF.depend.lapi.o -MTlapi.o
> -std=gnu17 -Wno-format-zero-length -fstack-protector-strong
> -D_FORTIFY_SOURCE=2 -Wsystem-headers -Werror -Wall -Wno-format-y2k
> -Wno-uninitialized -Wno-pointer-sign -Wdate-time -Wno-empty-body
> -Wno-string-plus-int -Wno-unused-const-variable
> -Wno-error=unused-but-set-parameter -Wno-error=cast-function-type-mismatch
> -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality
> -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef
> -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum
> -Wno-knr-promoted-parameter -Qunused-arguments -c
> /usr/src/contrib/lua/src/lapi.c -o lapi.o
> In file included from /usr/src/contrib/lua/src/lapi.c:19:
> In file included from /usr/src/contrib/lua/src/lapi.h:12:
> In file included from /usr/src/contrib/lua/src/lstate.h:130:
> In file included from
> /usr/obj/usr/src/amd64.amd64/tmp/usr/include/signal.h:76:
> /usr/obj/usr/src/amd64.amd64/tmp/usr/include/ssp/signal.h:41:23: error: use
> of undeclared identifier 'SIG2STR_MAX'
> 41 | if (__ssp_bos(str) < SIG2STR_MAX)
> | ^
> 1 error generated.
> *** Error code 1
>
> Stop.
> make[5]: stopped making "all" in /usr/src/lib/liblua
> ==== END LOG ====
>
> --
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
> Signal Username: shawn_webb.74
> Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
