Bug 1538

Summary: improve SSP detection
Product: Portable OpenSSH Reporter: Mike Frysinger <vapier>
Component: Build systemAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: normal CC: tim
Priority: P2    
Version: 5.1p1   
Hardware: All   
OS: Linux   
Bug Depends on:    
Bug Blocks: 1481    
Attachments:
Description Flags
Fixed patch
none
simplified diff none

Description Mike Frysinger 2008-11-19 15:00:33 AEDT 
the SSP test compiles this simple code:
#include <stdlib.h>
int main(void){exit(0);}

while that works fine for testing the -fstack-protector-all flag, it's insufficient for testing the -fstack-protector flag.  since it doesnt use any stack, no SSP markings will be added.  so if the toolchain does not fully support SSP, the configure script will add the flag but the build will ultimately fail.

a better test case seems to be:
#include <stdio.h>
int main(void){char foo[1024];return sprintf(foo, "moo cow");}

patch:
http://sources.gentoo.org/net-misc/openssh/files/openssh-5.1_p1-better-ssp-check.patch?rev=1.1
Comment 1 Damien Miller 2008-11-19 15:29:50 AEDT 
Created attachment 1579 [details]
Fixed patch

I think the referenced patch is incorrect: square brackets need escaping in autoconf, so the test program would always fail with a compile error. This patch uses autoconf "quadrigraph" escaping (don't ask) to avoid this.
Comment 2 Damien Miller 2008-11-19 15:30:53 AEDT 
oops, ignore the changes to Makefile.in in that diff - they aren't supposed to be there.
Comment 3 Tim Rice 2008-11-19 16:57:35 AEDT 
(In reply to comment #1)
> I think the referenced patch is incorrect: square brackets need
> escaping in autoconf, so the test program would always fail with a
> compile error. This patch uses autoconf "quadrigraph" escaping (don't
> ask) to avoid this.

Or you can just double up on the square brackets. More readable?
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
Comment 4 Damien Miller 2008-11-19 17:11:39 AEDT 
Created attachment 1580 [details]
simplified diff

diff with Tim's suggestion and no extraneous crap
Comment 5 Mike Frysinger 2008-11-20 11:17:30 AEDT 
indeed ... i should have checked the config.log rather than just verifying that SSP was detected as not supported
Comment 6 Damien Miller 2008-12-08 09:36:02 AEDT 
patch applied, will be in openssh-5.2. Thanks!
Comment 7 Damien Miller 2009-02-23 13:36:37 AEDT 
Close bugs fixed/reviewed for openssh-5.2 release