mirror of
git://github.com/lxc/lxc
synced 2025-08-31 18:58:53 +00:00
Merge pull request #2639 from brauner/2018-09-23/compiler_based_hardening
compiler: compiler based hardening
This commit is contained in:
Stéphane Graber
GitHub
@@ -685,6 +685,8 @@ LXC_CHECK_TLS
|
||||
|
||||
AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror])
|
||||
AX_CHECK_COMPILE_FLAG([-implicit-fallthrough], [CFLAGS="$CFLAGS -Wimplicit-fallthrough"],,[-Werror])
|
||||
AX_CHECK_COMPILE_FLAG([-Wcast-align], [CFLAGS="$CFLAGS -Wcast-align"],,[-Werror])
|
||||
AX_CHECK_COMPILE_FLAG([-Wstrict-prototypes], [CFLAGS="$CFLAGS -Wstrict-prototypes"],,[-Werror])
|
||||
|
||||
CFLAGS="$CFLAGS -Wvla -std=gnu11"
|
||||
if test "x$enable_werror" = "xyes"; then
|
||||
|
||||
@@ -167,6 +167,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
|
||||
struct ifaddrs_ctx *ctx = pctx;
|
||||
|
||||
if (h->nlmsg_type == RTM_NEWLINK) {
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
for (rta = __NLMSG_RTA(h, sizeof(*ifi)); __NLMSG_RTAOK(rta, h);
|
||||
rta = __RTA_NEXT(rta)) {
|
||||
if (rta->rta_type != IFLA_STATS)
|
||||
@@ -175,6 +178,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
|
||||
stats_len = __RTA_DATALEN(rta);
|
||||
break;
|
||||
}
|
||||
|
||||
#pragma GCC diagnostic pop
|
||||
} else {
|
||||
for (ifs0 = ctx->hash[ifa->ifa_index % IFADDRS_HASH_SIZE]; ifs0;
|
||||
ifs0 = ifs0->hash_next)
|
||||
@@ -190,6 +195,9 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
|
||||
return -1;
|
||||
}
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
if (h->nlmsg_type == RTM_NEWLINK) {
|
||||
ifs->index = ifi->ifi_index;
|
||||
ifs->ifa.ifa_flags = ifi->ifi_flags;
|
||||
@@ -289,6 +297,8 @@ static int nl_msg_to_ifaddr(void *pctx, struct nlmsghdr *h)
|
||||
&ifs->netmask, ifa->ifa_prefixlen);
|
||||
}
|
||||
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
if (ifs->ifa.ifa_name) {
|
||||
if (!ctx->first)
|
||||
ctx->first = ifs;
|
||||
@@ -334,6 +344,8 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af,
|
||||
if (r <= 0)
|
||||
return -1;
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
for (h = &u.reply; __NLMSG_OK(h, (void *)&u.buf[r]);
|
||||
h = __NLMSG_NEXT(h)) {
|
||||
if (h->nlmsg_type == NLMSG_DONE)
|
||||
@@ -348,6 +360,7 @@ static int __nl_recv(int fd, unsigned int seq, int type, int af,
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
#pragma GCC diagnostic pop
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -477,5 +477,5 @@ extern int lxc_log_set_file(int *fd, const char *fname);
|
||||
extern const char *lxc_log_get_file(void);
|
||||
extern void lxc_log_set_prefix(const char *prefix);
|
||||
extern const char *lxc_log_get_prefix(void);
|
||||
extern void lxc_log_options_no_override();
|
||||
extern void lxc_log_options_no_override(void);
|
||||
#endif
|
||||
|
||||
@@ -2451,6 +2451,9 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
|
||||
if (tempIfAddr->ifa_addr == NULL)
|
||||
continue;
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
if (tempIfAddr->ifa_addr->sa_family == AF_INET) {
|
||||
if (family && strcmp(family, "inet"))
|
||||
continue;
|
||||
@@ -2466,6 +2469,8 @@ static char **do_lxcapi_get_ips(struct lxc_container *c, const char *interface,
|
||||
tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr;
|
||||
}
|
||||
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
if (interface && strcmp(interface, tempIfAddr->ifa_name))
|
||||
continue;
|
||||
else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0)
|
||||
|
||||
@@ -962,6 +962,9 @@ int netdev_get_mtu(int ifindex)
|
||||
if (err < 0)
|
||||
goto out;
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
do {
|
||||
/* Restore the answer buffer length, it might have been
|
||||
* overwritten by a previous receive.
|
||||
@@ -1024,6 +1027,8 @@ int netdev_get_mtu(int ifindex)
|
||||
}
|
||||
} while (readmore);
|
||||
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
/* If we end up here, we didn't find any result, so signal an error. */
|
||||
err = -1;
|
||||
|
||||
@@ -1501,6 +1506,9 @@ int lxc_ipv4_addr_add(int ifindex, struct in_addr *addr, struct in_addr *bcast,
|
||||
* the given RTM_NEWADDR message. Allocates memory for the address and stores
|
||||
* that pointer in *res (so res should be an in_addr** or in6_addr**).
|
||||
*/
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res)
|
||||
{
|
||||
int addrlen;
|
||||
@@ -1546,6 +1554,8 @@ static int ifa_get_local_ip(int family, struct nlmsghdr *msg, void **res)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
static int ip_addr_get(int family, int ifindex, void **res)
|
||||
{
|
||||
int answer_len, err;
|
||||
@@ -1588,6 +1598,9 @@ static int ip_addr_get(int family, int ifindex, void **res)
|
||||
if (err < 0)
|
||||
goto out;
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
do {
|
||||
/* Restore the answer buffer length, it might have been
|
||||
* overwritten by a previous receive.
|
||||
@@ -1647,6 +1660,8 @@ static int ip_addr_get(int family, int ifindex, void **res)
|
||||
}
|
||||
} while (readmore);
|
||||
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
/* If we end up here, we didn't find any result, so signal an
|
||||
* error.
|
||||
*/
|
||||
@@ -3213,8 +3228,12 @@ int lxc_netns_set_nsid(int fd)
|
||||
return -1;
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
hdr = (struct nlmsghdr *)buf;
|
||||
msg = (struct rtgenmsg *)NLMSG_DATA(hdr);
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg));
|
||||
hdr->nlmsg_type = RTM_NEWNSID;
|
||||
@@ -3252,7 +3271,10 @@ static int parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int le
|
||||
if ((type <= max) && (!tb[type]))
|
||||
tb[type] = rta;
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
rta = RTA_NEXT(rta, len);
|
||||
#pragma GCC diagnostic pop
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -3287,8 +3309,12 @@ int lxc_netns_get_nsid(int fd)
|
||||
return -1;
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
hdr = (struct nlmsghdr *)buf;
|
||||
msg = (struct rtgenmsg *)NLMSG_DATA(hdr);
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*msg));
|
||||
hdr->nlmsg_type = RTM_GETNSID;
|
||||
@@ -3313,9 +3339,12 @@ int lxc_netns_get_nsid(int fd)
|
||||
if (len < 0)
|
||||
return -1;
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
parse_rtattr(tb, __LXC_NETNSA_MAX, NETNS_RTA(msg), len);
|
||||
if (tb[__LXC_NETNSA_NSID])
|
||||
return rta_getattr_s32(tb[__LXC_NETNSA_NSID]);
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -42,6 +42,9 @@ extern int rtnetlink_close(struct rtnl_handler *handler)
|
||||
return netlink_close(&handler->nlh);
|
||||
}
|
||||
|
||||
#pragma GCC diagnostic push
|
||||
#pragma GCC diagnostic ignored "-Wcast-align"
|
||||
|
||||
extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg)
|
||||
{
|
||||
return netlink_rcv(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr);
|
||||
@@ -62,6 +65,8 @@ extern int rtnetlink_transaction(struct rtnl_handler *handler,
|
||||
(struct nlmsg *)&answer->nlmsghdr);
|
||||
}
|
||||
|
||||
#pragma GCC diagnostic pop
|
||||
|
||||
extern struct rtnlmsg *rtnlmsg_alloc(size_t size)
|
||||
{
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user