X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=common%2Fgcc_stack_protect.m4;h=224684959dc86acb755dc660e9b7426b729ffd14;hb=a43cea030444a079fcb50d6bd2d6f40f6093da8a;hp=616101ea329d36524910b62d3a99de4b4e113e4e;hpb=87a29d13d3771e183d88a60ae3d6cc646fb28660;p=catta diff --git a/common/gcc_stack_protect.m4 b/common/gcc_stack_protect.m4 index 616101e..2246849 100644 --- a/common/gcc_stack_protect.m4 +++ b/common/gcc_stack_protect.m4 @@ -6,19 +6,23 @@ dnl * Stricter language checking (C or C++) dnl * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary dnl * Caches all results dnl * Uses macros to ensure correct ouput in quiet/silent mode +dnl 1.2 - April 2007 - Ted Percival +dnl * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation +dnl * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS dnl dnl About ssp: dnl GCC extension for protecting applications from stack-smashing attacks dnl http://www.research.ibm.com/trl/projects/security/ssp/ dnl dnl Usage: -dnl Call GCC_STACK_PROTECT_LIB to determine if the library implementing SSP is -dnl available, then the appropriate C or C++ language's test. If you are using -dnl both C and C++ you will need to use AC_LANG_PUSH and AC_LANG_POP to ensure -dnl the right language is being used for each test. +dnl Most people will simply call GCC_STACK_PROTECTOR. +dnl If you only use one of C or C++, you can save time by only calling the +dnl macro appropriate for that language. In that case you should also call +dnl GCC_STACK_PROTECT_LIB first. dnl -dnl GCC_STACK_PROTECT_LIB -dnl adds libssp to the LDFLAGS if it is available +dnl GCC_STACK_PROTECTOR +dnl Tries to turn on stack protection for C and C++ by calling the following +dnl three macros with the right languages. dnl dnl GCC_STACK_PROTECT_CC dnl checks -fstack-protector with the C compiler, if it exists then updates @@ -28,16 +32,22 @@ dnl GCC_STACK_PROTECT_CXX dnl checks -fstack-protector with the C++ compiler, if it exists then updates dnl CXXFLAGS and defines ENABLE_SSP_CXX dnl +dnl GCC_STACK_PROTECT_LIB +dnl adds -lssp to LIBS if it is available +dnl ssp is usually provided as part of libc, but was previously a separate lib +dnl It does not hurt to add -lssp even if libc provides SSP - in that case +dnl libssp will simply be ignored. +dnl AC_DEFUN([GCC_STACK_PROTECT_LIB],[ AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib, - [ssp_old_ldflags="$LDFLAGS" - LDFLAGS="$LDFLAGS -lssp" + [ssp_old_libs="$LIBS" + LIBS="$LIBS -lssp" AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no) - LDFLAGS="$ssp_old_ldflags" + LIBS="$ssp_old_libs" ]) if test $ssp_cv_lib = yes; then - LDFLAGS="$LDFLAGS -lssp" + LIBS="$LIBS -lssp" fi ]) @@ -47,7 +57,7 @@ AC_DEFUN([GCC_STACK_PROTECT_CC],[ AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], ssp_cv_cc, [ssp_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-protector" + CFLAGS="$CFLAGS -fstack-protector -Werror" AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) CFLAGS="$ssp_old_cflags" ]) @@ -64,7 +74,7 @@ AC_DEFUN([GCC_STACK_PROTECT_CXX],[ AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector], ssp_cv_cxx, [ssp_old_cxxflags="$CXXFLAGS" - CXXFLAGS="$CXXFLAGS -fstack-protector" + CXXFLAGS="$CXXFLAGS -fstack-protector -Werror" AC_TRY_COMPILE(,, ssp_cv_cxx=yes, ssp_cv_cxx=no) CXXFLAGS="$ssp_old_cxxflags" ]) @@ -75,3 +85,15 @@ AC_DEFUN([GCC_STACK_PROTECT_CXX],[ fi ]) +AC_DEFUN([GCC_STACK_PROTECTOR],[ + GCC_STACK_PROTECT_LIB + + AC_LANG_PUSH([C]) + GCC_STACK_PROTECT_CC + AC_LANG_POP([C]) + + AC_LANG_PUSH([C++]) + GCC_STACK_PROTECT_CXX + AC_LANG_POP([C++]) +]) +