diff mbox series

[v1,02/10] ssp: add Object Size Checking for basic string functions

Message ID 20171101045246.16596-3-yselkowi@redhat.com
State Superseded
Headers show
Series Add Stack Smashing Protection and Object Size Checking | expand

Commit Message

Yaakov Selkowitz Nov. 1, 2017, 4:52 a.m. UTC
The Object Size Checking (-D_FORTIFY_SOURCE=*) functionality provides
wrappers around functions suspectible to buffer overflows.  While
independent from Stack Smashing Protection (-fstack-protector*), they
are often used and implemented together.

While GCC also provides an implementation in libssp, it is completely
broken (CVE-2016-4973, RHBZ#1324759) and seemingly unfixable, as there
is no reliable way for a preprocessor macro to trigger a link flag.
Therefore, adding this here is necessary to make it work.

Note that this does require building gcc with --disable-libssp and
gcc_cv_libc_provides_ssp=yes.

The implementation is from NetBSD, with the addition of mempcpy (a GNU
extension) for parity with libssp.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>

---
 newlib/libc/include/ssp/string.h | 112 +++++++++++++++++++++++++++++++++++++++
 newlib/libc/include/string.h     |   4 ++
 newlib/libc/ssp/chk_fail.c       |  13 +++++
 newlib/libc/ssp/memcpy_chk.c     |  54 +++++++++++++++++++
 newlib/libc/ssp/memmove_chk.c    |  50 +++++++++++++++++
 newlib/libc/ssp/mempcpy_chk.c    |  21 ++++++++
 newlib/libc/ssp/memset_chk.c     |  49 +++++++++++++++++
 newlib/libc/ssp/stpcpy_chk.c     |  58 ++++++++++++++++++++
 newlib/libc/ssp/stpncpy_chk.c    |  56 ++++++++++++++++++++
 newlib/libc/ssp/strcat_chk.c     |  62 ++++++++++++++++++++++
 newlib/libc/ssp/strcpy_chk.c     |  55 +++++++++++++++++++
 newlib/libc/ssp/strncat_chk.c    |  73 +++++++++++++++++++++++++
 newlib/libc/ssp/strncpy_chk.c    |  55 +++++++++++++++++++
 13 files changed, 662 insertions(+)
 create mode 100644 newlib/libc/include/ssp/string.h
 create mode 100644 newlib/libc/ssp/chk_fail.c
 create mode 100644 newlib/libc/ssp/memcpy_chk.c
 create mode 100644 newlib/libc/ssp/memmove_chk.c
 create mode 100644 newlib/libc/ssp/mempcpy_chk.c
 create mode 100644 newlib/libc/ssp/memset_chk.c
 create mode 100644 newlib/libc/ssp/stpcpy_chk.c
 create mode 100644 newlib/libc/ssp/stpncpy_chk.c
 create mode 100644 newlib/libc/ssp/strcat_chk.c
 create mode 100644 newlib/libc/ssp/strcpy_chk.c
 create mode 100644 newlib/libc/ssp/strncat_chk.c
 create mode 100644 newlib/libc/ssp/strncpy_chk.c

-- 
2.14.3
diff mbox series

Patch

diff --git a/newlib/libc/include/ssp/string.h b/newlib/libc/include/ssp/string.h
new file mode 100644
index 000000000..4c5198fd1
--- /dev/null
+++ b/newlib/libc/include/ssp/string.h
@@ -0,0 +1,112 @@ 
+/*	$NetBSD: string.h,v 1.13 2014/11/29 13:23:48 pooka Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STRING_H_
+#define _SSP_STRING_H_
+
+#include <sys/cdefs.h>
+#include <ssp/ssp.h>
+
+__BEGIN_DECLS
+void *__memcpy_chk(void *, const void *, size_t, size_t);
+void *__memmove_chk(void *, void *, size_t, size_t);
+void *__memset_chk(void *, int, size_t, size_t);
+char *__stpcpy_chk(char *, const char *, size_t);
+char *__strcat_chk(char *, const char *, size_t);
+char *__strcpy_chk(char *, const char *, size_t);
+char *__strncat_chk(char *, const char *, size_t, size_t);
+char *__strncpy_chk(char *, const char *, size_t, size_t);
+__END_DECLS
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+#define __ssp_bos_check3(fun, dst, src, len) \
+    ((__ssp_bos0(dst) != (size_t)-1) ? \
+    __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)) : \
+    __ ## fun ## _ichk(dst, src, len))
+
+#define __ssp_bos_check2(fun, dst, src) \
+    ((__ssp_bos0(dst) != (size_t)-1) ? \
+    __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)) : \
+    __ ## fun ## _ichk(dst, src))
+
+#define __ssp_bos_icheck3_restrict(fun, type1, type2) \
+static __inline type1 __ ## fun ## _ichk(type1 __restrict, type2 __restrict, size_t); \
+static __inline __attribute__((__always_inline__)) type1 \
+__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src, size_t len) { \
+	return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \
+}
+
+#define __ssp_bos_icheck3(fun, type1, type2) \
+static __inline type1 __ ## fun ## _ichk(type1, type2, size_t); \
+static __inline __attribute__((__always_inline__)) type1 \
+__ ## fun ## _ichk(type1 dst, type2 src, size_t len) { \
+	return __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)); \
+}
+
+#define __ssp_bos_icheck2_restrict(fun, type1, type2) \
+static __inline type1 __ ## fun ## _ichk(type1, type2); \
+static __inline __attribute__((__always_inline__)) type1 \
+__ ## fun ## _ichk(type1 __restrict dst, type2 __restrict src) { \
+	return __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)); \
+}
+
+__BEGIN_DECLS
+__ssp_bos_icheck3_restrict(memcpy, void *, const void *)
+__ssp_bos_icheck3(memmove, void *, const void *)
+__ssp_bos_icheck3_restrict(mempcpy, void *, const void *)
+__ssp_bos_icheck3(memset, void *, int)
+__ssp_bos_icheck2_restrict(stpcpy, char *, const char *)
+#if __GNUC_PREREQ__(4,8) || defined(__clang__)
+__ssp_bos_icheck3_restrict(stpncpy, char *, const char *)
+#endif
+__ssp_bos_icheck2_restrict(strcpy, char *, const char *)
+__ssp_bos_icheck2_restrict(strcat, char *, const char *)
+__ssp_bos_icheck3_restrict(strncpy, char *, const char *)
+__ssp_bos_icheck3_restrict(strncat, char *, const char *)
+__END_DECLS
+
+#define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
+#define memmove(dst, src, len) __ssp_bos_check3(memmove, dst, src, len)
+#if __GNU_VISIBLE
+#define mempcpy(dst, src, len) __ssp_bos_check3(mempcpy, dst, src, len)
+#endif
+#define memset(dst, val, len) __ssp_bos_check3(memset, dst, val, len)
+#define stpcpy(dst, src) __ssp_bos_check2(stpcpy, dst, src)
+#if __GNUC_PREREQ__(4,8) || defined(__clang__)
+#define stpncpy(dst, src, len) __ssp_bos_check3(stpncpy, dst, src, len)
+#endif
+#define strcpy(dst, src) __ssp_bos_check2(strcpy, dst, src)
+#define strcat(dst, src) __ssp_bos_check2(strcat, dst, src)
+#define strncpy(dst, src, len) __ssp_bos_check3(strncpy, dst, src, len)
+#define strncat(dst, src, len) __ssp_bos_check3(strncat, dst, src, len)
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+#endif /* _SSP_STRING_H_ */
diff --git a/newlib/libc/include/string.h b/newlib/libc/include/string.h
index 9c536f35f..b5059295d 100644
--- a/newlib/libc/include/string.h
+++ b/newlib/libc/include/string.h
@@ -176,4 +176,8 @@  char	*_EXFUN(__nonnull (1) basename,(const char *)) __asm__(__ASMNAME("__gnu_bas
 
 _END_STD_C
 
+#if _FORTIFY_SOURCE > 0
+#include <ssp/string.h>
+#endif
+
 #endif /* _STRING_H_ */
diff --git a/newlib/libc/ssp/chk_fail.c b/newlib/libc/ssp/chk_fail.c
new file mode 100644
index 000000000..b1f8e42a6
--- /dev/null
+++ b/newlib/libc/ssp/chk_fail.c
@@ -0,0 +1,13 @@ 
+#include <signal.h>
+#include <string.h>
+#include <unistd.h>
+
+void
+__attribute__((__noreturn__))
+__chk_fail(void)
+{
+  char msg[] = "*** buffer overflow detected ***: terminated\n";
+  write (2, msg, strlen (msg));
+  raise (SIGABRT);
+  _exit (127);
+}
diff --git a/newlib/libc/ssp/memcpy_chk.c b/newlib/libc/ssp/memcpy_chk.c
new file mode 100644
index 000000000..63f536dc5
--- /dev/null
+++ b/newlib/libc/ssp/memcpy_chk.c
@@ -0,0 +1,54 @@ 
+/*	$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memcpy_chk.c,v 1.7 2015/05/13 19:57:16 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memcpy
+
+void *__memcpy_chk(void * __restrict, const void * __restrict, size_t, size_t);
+
+void *
+__memcpy_chk(void * __restrict dst, const void * __restrict src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap((const char *)src, (const char *)dst, len))
+		__chk_fail();
+
+	return memcpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/memmove_chk.c b/newlib/libc/ssp/memmove_chk.c
new file mode 100644
index 000000000..f8f03d778
--- /dev/null
+++ b/newlib/libc/ssp/memmove_chk.c
@@ -0,0 +1,50 @@ 
+/*	$NetBSD: memmove_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memmove_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memmove
+
+void *__memmove_chk(void *, void *src, size_t, size_t);
+
+void *
+__memmove_chk(void *dst, void *src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+	return memmove(dst, src, len);
+}
diff --git a/newlib/libc/ssp/mempcpy_chk.c b/newlib/libc/ssp/mempcpy_chk.c
new file mode 100644
index 000000000..fc2ccf894
--- /dev/null
+++ b/newlib/libc/ssp/mempcpy_chk.c
@@ -0,0 +1,21 @@ 
+#define _GNU_SOURCE
+#include <sys/cdefs.h>
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef mempcpy
+
+void *__mempcpy_chk(void * __restrict, const void * __restrict, size_t, size_t);
+
+void *
+__mempcpy_chk(void * __restrict dst, const void * __restrict src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap((const char *)src, (const char *)dst, len))
+		__chk_fail();
+
+	return mempcpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/memset_chk.c b/newlib/libc/ssp/memset_chk.c
new file mode 100644
index 000000000..0e303b9eb
--- /dev/null
+++ b/newlib/libc/ssp/memset_chk.c
@@ -0,0 +1,49 @@ 
+/*	$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: memset_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memset
+
+void *__memset_chk(void * __restrict, int, size_t, size_t);
+
+void *
+__memset_chk(void * __restrict dst, int val, size_t len, size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+	return memset(dst, val, len);
+}
diff --git a/newlib/libc/ssp/stpcpy_chk.c b/newlib/libc/ssp/stpcpy_chk.c
new file mode 100644
index 000000000..ed1d74ad7
--- /dev/null
+++ b/newlib/libc/ssp/stpcpy_chk.c
@@ -0,0 +1,58 @@ 
+/*	$NetBSD: stpcpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2013 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: stpcpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memcpy
+
+#if !__GNUC_PREREQ__(4, 8)
+char *__stpcpy_chk(char * __restrict, const char * __restrict, size_t);
+#endif
+
+char *
+__stpcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+	size_t len = strlen(src);
+
+	if (len >= slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	(void)memcpy(dst, src, len + 1);
+	return dst + len;
+}
diff --git a/newlib/libc/ssp/stpncpy_chk.c b/newlib/libc/ssp/stpncpy_chk.c
new file mode 100644
index 000000000..756626153
--- /dev/null
+++ b/newlib/libc/ssp/stpncpy_chk.c
@@ -0,0 +1,56 @@ 
+/*	$NetBSD: stpncpy_chk.c,v 1.3 2015/05/09 15:42:21 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2013 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: stpncpy_chk.c,v 1.3 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef stpncpy
+
+#if !__GNUC_PREREQ__(4, 8)
+char *__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t);
+#endif
+
+char *
+__stpncpy_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	return stpncpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/strcat_chk.c b/newlib/libc/ssp/strcat_chk.c
new file mode 100644
index 000000000..d57f9559b
--- /dev/null
+++ b/newlib/libc/ssp/strcat_chk.c
@@ -0,0 +1,62 @@ 
+/*	$NetBSD: strcat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strcat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+char *__strcat_chk(char * __restrict, const char * __restrict, size_t);
+
+char *
+__strcat_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+	char *d;
+
+	for (d = dst; *d; d++) {
+		if (slen-- == 0)
+			__chk_fail();
+	}
+
+	while (*src) {
+		if (slen-- == 0)
+			__chk_fail();
+		*d++ = *src++;
+	}
+
+	if (slen-- == 0)
+		__chk_fail();
+
+	*d = '\0';
+	return dst;
+}
diff --git a/newlib/libc/ssp/strcpy_chk.c b/newlib/libc/ssp/strcpy_chk.c
new file mode 100644
index 000000000..cef160a62
--- /dev/null
+++ b/newlib/libc/ssp/strcpy_chk.c
@@ -0,0 +1,55 @@ 
+/*	$NetBSD: strcpy_chk.c,v 1.8 2015/05/09 15:42:21 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strcpy_chk.c,v 1.8 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef memcpy
+
+char *__strcpy_chk(char * __restrict, const char * __restrict, size_t);
+
+char *
+__strcpy_chk(char * __restrict dst, const char * __restrict src, size_t slen)
+{
+	size_t len = strlen(src) + 1;
+
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	return memcpy(dst, src, len);
+}
diff --git a/newlib/libc/ssp/strncat_chk.c b/newlib/libc/ssp/strncat_chk.c
new file mode 100644
index 000000000..5ce5a9ef6
--- /dev/null
+++ b/newlib/libc/ssp/strncat_chk.c
@@ -0,0 +1,73 @@ 
+/*	$NetBSD: strncat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strncat_chk.c,v 1.5 2014/09/17 00:39:28 joerg Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+#include <stdio.h>
+
+char *__strncat_chk(char * __restrict, const char * __restrict, size_t,
+    size_t);
+
+char *
+__strncat_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+	char *d;
+
+	if (len == 0)
+		return dst;
+
+	if (len > slen)
+		__chk_fail();
+
+	for (d = dst; *d; d++) {
+		if (slen-- == 0)
+			__chk_fail();
+	}
+
+	do {
+		if ((*d = *src++) == '\0')
+			break;
+		if (slen-- == 0)
+			__chk_fail();
+		d++;
+	} while (--len != 0);
+
+	if (slen-- == 0)
+		__chk_fail();
+
+	*d = '\0';
+	return dst;
+}
diff --git a/newlib/libc/ssp/strncpy_chk.c b/newlib/libc/ssp/strncpy_chk.c
new file mode 100644
index 000000000..591157a25
--- /dev/null
+++ b/newlib/libc/ssp/strncpy_chk.c
@@ -0,0 +1,55 @@ 
+/*	$NetBSD: strncpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: strncpy_chk.c,v 1.6 2015/05/09 15:42:21 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <string.h>
+
+#undef strncpy
+
+char *__strncpy_chk(char * __restrict, const char * __restrict, size_t,
+    size_t);
+
+char *
+__strncpy_chk(char * __restrict dst, const char * __restrict src, size_t len,
+    size_t slen)
+{
+	if (len > slen)
+		__chk_fail();
+
+	if (__ssp_overlap(src, dst, len))
+		__chk_fail();
+
+	return strncpy(dst, src, len);
+}