Hardened entire system

By using the nonnull attribute and replace buffer-overflow-prone functions like strcpy, strcat and sprintf by strlcpy, strlcat and snprintf.
author: Marvin Borner 2021-04-01 19:39:14 +0200
committer: Marvin Borner 2021-04-01 19:39:14 +0200
commit: afa00abb2b68205bee539d7947130d6b1b1ec6e9 (patch)
tree: 3a821a75af6c4d4ff1bd4128c4859d77abf87e66 /libs/libc/inc
parent: 4c168fb34c15a1b8981abef7ccef1542a6fb05ca (diff)
10 files changed, 72 insertions, 67 deletions
diff --git a/libs/libc/inc/conv.h b/libs/libc/inc/conv.h
index adf9003..95f7d02 100644
--- a/libs/libc/inc/conv.h
+++ b/libs/libc/inc/conv.h
@@ -5,11 +5,11 @@
 
 #include <def.h>
 
-int atoi(const char *str);
+int atoi(const char *str) NONNULL;
 char *htoa(u32 n);
-int htoi(const char *str);
+int htoi(const char *str) NONNULL;
 char *itoa(int n);
 
-char *conv_base(int value, char *result, int base, int is_signed);
+char *conv_base(int value, char *result, int base, int is_signed) NONNULL;
 
 #endif
diff --git a/libs/libc/inc/cpu.h b/libs/libc/inc/cpu.h
index d709d86..f96fa58 100644
--- a/libs/libc/inc/cpu.h
+++ b/libs/libc/inc/cpu.h
@@ -8,7 +8,7 @@
 u8 inb(u16 port);
 u16 inw(u16 port);
 u32 inl(u16 port);
-void insl(u16 port, void *addr, int n);
+void insl(u16 port, void *addr, int n) ATTR((nonnull(2)));
 
 void outb(u16 port, u8 data);
 void outw(u16 port, u16 data);
diff --git a/libs/libc/inc/crypto.h b/libs/libc/inc/crypto.h
index bbe8d7e..16cdf86 100644
--- a/libs/libc/inc/crypto.h
+++ b/libs/libc/inc/crypto.h
@@ -5,7 +5,7 @@
 
 #include <def.h>
 
-void md5(const void *initial_msg, u32 initial_len, u8 digest[16]);
-u32 crc32(u32 crc, const void *buf, u32 size);
+void md5(const void *initial_msg, u32 initial_len, u8 digest[16]) NONNULL;
+u32 crc32(u32 crc, const void *buf, u32 size) NONNULL;
 
 #endif
diff --git a/libs/libc/inc/def.h b/libs/libc/inc/def.h
index e71c502..378a4d0 100644
--- a/libs/libc/inc/def.h
+++ b/libs/libc/inc/def.h
@@ -30,11 +30,17 @@ typedef unsigned long long u64;
 
 #define ABS(a) ((u32)(((s32)(a) < 0) ? (-a) : (a)))
 
-#define NORETURN __attribute__((noreturn))
-#define DEPRECATED __attribute__((deprecated))
-#define NO_SANITIZE __attribute__((no_sanitize("undefined")))
-#define PACKED __attribute__((packed))
-#define ALIGNED(align) __attribute__((aligned(align)))
+#define ATTR __attribute__
+#define NORETURN ATTR((noreturn))
+#define DEPRECATED ATTR((deprecated))
+#define NONNULL ATTR((nonnull))
+#define PURE ATTR((pure))
+#define CONST ATTR((const))
+#define FLATTEN ATTR((flatten))
+#define PACKED ATTR((packed))
+#define HOT ATTR((hot))
+#define ALIGNED(align) ATTR((aligned(align)))
+#define NO_SANITIZE ATTR((no_sanitize("undefined")))
 
 #define EOF (-1)
 #define NULL ((void *)0)
diff --git a/libs/libc/inc/list.h b/libs/libc/inc/list.h
index 0b82b48..fea98dc 100644
--- a/libs/libc/inc/list.h
+++ b/libs/libc/inc/list.h
@@ -17,13 +17,13 @@ struct node {
 };
 
 struct list *list_new(void);
-void list_destroy(struct list *list);
+void list_destroy(struct list *list) NONNULL;
 /* struct node *list_new_node(); */ // TODO: Make node-specific things static/private?
 /* void list_add_node(struct list *list, struct node *node); */
-struct node *list_add(struct list *list, void *data);
-struct list *list_remove(struct list *list, struct node *node);
-struct node *list_last(struct list *list);
-struct list *list_swap(struct list *list, struct node *a, struct node *b);
-struct node *list_first_data(struct list *list, void *data);
+struct node *list_add(struct list *list, void *data) NONNULL;
+struct list *list_remove(struct list *list, struct node *node) NONNULL;
+struct node *list_last(struct list *list) NONNULL;
+struct list *list_swap(struct list *list, struct node *a, struct node *b) NONNULL;
+struct node *list_first_data(struct list *list, void *data) NONNULL;
 
 #endif
diff --git a/libs/libc/inc/mem.h b/libs/libc/inc/mem.h
index ec00628..2d55eff 100644
--- a/libs/libc/inc/mem.h
+++ b/libs/libc/inc/mem.h
@@ -5,8 +5,8 @@
 
 #include <def.h>
 
-void *malloc_debug(u32 size, const char *file, int line, const char *func, const char *inp);
-void free_debug(void *ptr, const char *file, int line, const char *func, const char *inp);
+void *malloc_debug(u32 size, const char *file, int line, const char *func, const char *inp) NONNULL;
+void free_debug(void *ptr, const char *file, int line, const char *func, const char *inp) NONNULL;
 #define malloc(size) malloc_debug((u32)(size), __FILE__, __LINE__, __func__, #size)
 #define free(ptr) free_debug((void *)(ptr), __FILE__, __LINE__, __func__, #ptr)
 void *realloc(void *ptr, u32 size);
@@ -20,10 +20,10 @@ void *zalloc(u32 size);
 #error "No lib target specified. Please use -Dkernel or -Duserspace"
 #endif
 
-void *memcpy(void *dest, const void *src, u32 n);
-void *memset(void *dest, int val, u32 n);
-void *memchr(void *src, int c, u32 n);
-int memcmp(const void *s1, const void *s2, u32 n);
-int mememp(const u8 *buf, u32 n);
+void *memcpy(void *dest, const void *src, u32 n) NONNULL;
+void *memset(void *dest, u32 val, u32 n) NONNULL;
+void *memchr(void *src, char c, u32 n) NONNULL;
+int memcmp(const void *s1, const void *s2, u32 n) NONNULL;
+int mememp(const u8 *buf, u32 n) NONNULL;
 
 #endif
diff --git a/libs/libc/inc/print.h b/libs/libc/inc/print.h
index 58b5dc6..751a929 100644
--- a/libs/libc/inc/print.h
+++ b/libs/libc/inc/print.h
@@ -3,24 +3,24 @@
 #ifndef PRINT_H
 #define PRINT_H
 
-#include "arg.h"
+#include <arg.h>
 #include <def.h>
 
-int printf(const char *format, ...);
-int vprintf(const char *format, va_list ap);
-int sprintf(char *str, const char *format, ...);
-int vsprintf(char *str, const char *format, va_list ap);
-int print(const char *str);
-NORETURN void panic(const char *format, ...);
+int printf(const char *format, ...) NONNULL;
+int vprintf(const char *format, va_list ap) NONNULL;
+int snprintf(char *str, u32 size, const char *format, ...) NONNULL;
+int vsnprintf(char *str, u32 size, const char *format, va_list ap) NONNULL;
+int print(const char *str) NONNULL;
+NORETURN void panic(const char *format, ...) NONNULL;
 
 #ifdef userspace
-int vfprintf(const char *path, const char *format, va_list ap);
-int fprintf(const char *path, const char *format, ...);
-int log(const char *format, ...);
-int err(int code, const char *format, ...);
+int vfprintf(const char *path, const char *format, va_list ap) NONNULL;
+int fprintf(const char *path, const char *format, ...) NONNULL;
+int log(const char *format, ...) NONNULL;
+int err(int code, const char *format, ...) NONNULL;
 #else
 #include <proc.h>
-int print_app(enum stream_defaults id, const char *proc_name, const char *str);
+int print_app(enum stream_defaults id, const char *proc_name, const char *str) NONNULL;
 void print_trace(u32 count);
 #endif
 
diff --git a/libs/libc/inc/stack.h b/libs/libc/inc/stack.h
index f5ad52b..54d1918 100644
--- a/libs/libc/inc/stack.h
+++ b/libs/libc/inc/stack.h
@@ -17,12 +17,12 @@ struct stack {
 };
 
 struct stack *stack_new(void);
-void stack_destroy(struct stack *stack);
-u32 stack_empty(struct stack *stack);
-u32 stack_push_bot(struct stack *stack, void *data);
-u32 stack_push(struct stack *stack, void *data);
-void *stack_pop(struct stack *stack);
-void *stack_peek(struct stack *stack);
-void stack_clear(struct stack *stack);
+void stack_destroy(struct stack *stack) NONNULL;
+u32 stack_empty(struct stack *stack) NONNULL;
+u32 stack_push_bot(struct stack *stack, void *data) NONNULL;
+u32 stack_push(struct stack *stack, void *data) NONNULL;
+void *stack_pop(struct stack *stack) NONNULL;
+void *stack_peek(struct stack *stack) NONNULL;
+void stack_clear(struct stack *stack) NONNULL;
 
 #endif
diff --git a/libs/libc/inc/str.h b/libs/libc/inc/str.h
index d0a521f..e77eeee 100644
--- a/libs/libc/inc/str.h
+++ b/libs/libc/inc/str.h
@@ -5,17 +5,15 @@
 
 #include <def.h>
 
-u32 strlen(const char *s);
-char *strcpy(char *dst, const char *src);
-char *strncpy(char *dst, const char *src, u32 n);
-char *strchr(char *s, int c);
-char *strrchr(char *s, int c);
-char *strcat(char *dst, const char *src);
-char *strncat(char *dst, const char *src, u32 n);
-int strcmp(const char *s1, const char *s2);
-int strncmp(const char *s1, const char *s2, u32 n);
-char *strinv(char *s);
-char *strdup(const char *s);
+u32 strlen(const char *s) NONNULL;
+u32 strlcpy(char *dst, const char *src, u32 size) NONNULL;
+char *strchr(char *s, int c) NONNULL;
+char *strrchr(char *s, int c) NONNULL;
+u32 strlcat(char *dst, const char *src, u32 size) NONNULL;
+int strcmp(const char *s1, const char *s2) NONNULL;
+int strncmp(const char *s1, const char *s2, u32 n) NONNULL;
+char *strinv(char *s) NONNULL;
+char *strdup(const char *s) NONNULL;
 
 const char *strerror(u32 err);
 
diff --git a/libs/libc/inc/sys.h b/libs/libc/inc/sys.h
index 19fb3ee..b555998 100644
--- a/libs/libc/inc/sys.h
+++ b/libs/libc/inc/sys.h
@@ -67,20 +67,20 @@ struct stat {
 
 void loop(void);
 void exit(s32 status);
-res read(const char *path, void *buf, u32 offset, u32 count);
-res write(const char *path, const void *buf, u32 offset, u32 count);
-res ioctl(const char *path, ...);
-res stat(const char *path, struct stat *buf);
-res poll(const char **files);
-res exec(const char *path, ...);
+res read(const char *path, void *buf, u32 offset, u32 count) NONNULL;
+res write(const char *path, const void *buf, u32 offset, u32 count) NONNULL;
+res ioctl(const char *path, ...) NONNULL;
+res stat(const char *path, struct stat *buf) NONNULL;
+res poll(const char **files) NONNULL;
+res exec(const char *path, ...) ATTR((nonnull(1)));
 res yield(void);
 res boot(u32 cmd);
 u32 time(void);
 
-res sys_alloc(u32 size, u32 *addr);
-res sys_free(void *ptr);
-res shalloc(u32 size, u32 *addr, u32 *id);
-res shaccess(u32 id, u32 *addr, u32 *size);
+res sys_alloc(u32 size, u32 *addr) NONNULL;
+res sys_free(void *ptr) NONNULL;
+res shalloc(u32 size, u32 *addr, u32 *id) NONNULL;
+res shaccess(u32 id, u32 *addr, u32 *size) NONNULL;
 
 static inline u32 getpid(void)
 {
@@ -93,12 +93,13 @@ static inline u32 getpid(void)
 
 #include <print.h>
 #include <str.h>
-static inline u32 pidof(const char *name)
+NONNULL static inline u32 pidof(const char *name)
 {
 	u32 curr = 1;
 	char buf[32] = { 0 }, path[32] = { 0 };
 	while (curr < 1000) { // Max pid??
-		if (sprintf(path, "/proc/%d/name", curr) > 0 && read(path, buf, 0, 32) > 0)
+		if (snprintf(path, sizeof(buf), "/proc/%d/name", curr) > 0 &&
+		    read(path, buf, 0, 32) > 0)
 			if (!strcmp(name, buf))
 				return curr;
 
@@ -110,7 +111,7 @@ static inline u32 pidof(const char *name)
 
 // Simple read wrapper
 #include <mem.h>
-static inline void *sread(const char *path)
+NONNULL static inline void *sread(const char *path)
 {
 	struct stat s = { 0 };
 	if (stat(path, &s) != 0 || !s.size)
author	Marvin Borner	2021-04-01 19:39:14 +0200
committer	Marvin Borner	2021-04-01 19:39:14 +0200
commit	afa00abb2b68205bee539d7947130d6b1b1ec6e9 (patch)
tree	3a821a75af6c4d4ff1bd4128c4859d77abf87e66 /libs/libc/inc
parent	4c168fb34c15a1b8981abef7ccef1542a6fb05ca (diff)