1berry/wireshark
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMake: Hardening compiler options

Browse Source 
Hardened compiler option should give us a more secure application
against potential attacks and/or misbehavior

This is according to Best Practice from Open SSF
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++
This commit is contained in:
Joakim Karlsson 2024-08-15 13:59:24 +02:00
parent a8ca58e9db
commit 489c0a69e8
2 changed files with 67 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CMakeLists.txt
View File

@ -674,9 +674,20 @@ else() # ! MSVC
# -O<X> and -g get set by the CMAKE_BUILD_TYPE
-Wall
-Wextra
-Wformat
-Wformat=2
-Wno-format-nonliteral # TODO https://gitlab.com/wireshark/wireshark/-/issues/19995
#-Wconversion # TODO see above
#-Wsign-conversion # TODO see above
-Wtrampolines # Enable warnings about trampolines that require executable stacks
if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0"))
-Wbidi-chars=any
endif()
-Wpointer-arith
-Wformat-security
-fno-strict-overflow
-Werror=format-security
-Werror=incompatible-pointer-types
-Werror=int-conversion
-fexcess-precision=fast # GCC-only
-Wvla
-Wattributes
@ -688,6 +699,54 @@ else() # ! MSVC
-Wunreachable-code # Clang-only
-Wdocumentation # Clang-only
-Wlogical-op # GCC-only
# Run-time protections mechanisms
if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0") OR
(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "16.0"))
-fstrict-flex-arrays=3 # Consider a trailing array in a struct as a flexible array if declared as []
endif()
if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0") OR
(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "9.0"))
-D_FORTIFY_SOURCE=3 # Fortify sources with compile- and run-time checks for unsafe libc usage and buffer overflows. Requires -O1 or higher
endif()
if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "8.0") OR
(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "11.0"))
-fstack-clash-protection # Increased reliability of stack overflow detection
endif()
if(WIRESHARK_TARGET_PLATFORM MATCHES "x64")
if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "8.0") OR
(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "11.0"))
-fcf-protection=full # Enable control flow protection to counter Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks on many x86 architectures
endif()
endif()
if(WIRESHARK_TARGET_PLATFORM MATCHES "arm64")
if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "9.0") OR
(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "8.0"))
-mbranch-protection=standard # Enable branch protection to counter Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks on AArch64
endif()
endif()
-U_FORTIFY_SOURCE # Run-time buffer overflow detection
-D_GLIBCXX_ASSERTIONS # Precondition checks for C++ standard library calls. Can impact performance.
-fstack-protector-strong # Stack smashing protector
-fno-delete-null-pointer-checks # Force retention of null pointer checks
-fno-strict-overflow # Integer overflow may occur
-fno-strict-aliasing # Do not assume strict aliasing
if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0") OR
(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "8.0"))
-ftrivial-auto-var-init # Perform trivial auto variable initialization
endif()
-fexceptions # Enable exception propagation to harden multi-threaded C code
# TODO improve cross-compile handled flags
#if(CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "14.0")
# if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
# check_c_compiler_flag(-fhardened C__FHARDENED_VALID)
# check_cxx_compiler_flag(-fhardened CXX__FHARDENED_VALID)
# if (C__FHARDENED_VALID AND CXX__FHARDENED_VALID)
# -fhardened # Enable pre-determined set of hardening options in GCC. Currently, -fhardened is only supported on GNU/Linux targets
# endif()
# endif()
#endif()
#
# Disable errors unconditionally for some static analysis warnings
# that are dormant at lower optimizations levels or active only in
@ -697,7 +756,7 @@ else() # ! MSVC
# priority target for action. That is very disruptive
# with -Werror enabled (the default on the master branch).
#
-Wno-error=stringop-overflow=
#-Wno-error=stringop-overflow=
#
# XXX Now that we have a CI job with Release build type (using
# -O3 optimization level) the dormancy issue should be ameliorated
@ -710,7 +769,7 @@ else() # ! MSVC
# We want to be able to build with -Werror in that case. New
# code should not introduce new deprecations in any case.
#
-Wno-error=deprecated-declarations
#-Wno-error=deprecated-declarations
)
if((NOT ENABLE_ASAN) AND (NOT ENABLE_TSAN) AND (NOT ENABLE_UBSAN) AND (NOT DISABLE_FRAME_LARGER_THAN_WARNING))

6
ConfigureChecks.cmake
View File

@ -132,6 +132,9 @@ check_type_size("ssize_t" SSIZE_T)
if(NOT CMAKE_CROSSCOMPILING)
check_c_source_runs("
#include <stdio.h>
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored \"-Wall\"
int main(void)
{
/* Check that snprintf() and vsnprintf() don't return
@ -140,7 +143,8 @@ if(NOT CMAKE_CROSSCOMPILING)
* the nul byte. */
char buf[3];
return snprintf(buf, sizeof(buf), \"%s\", \"ABCDEF\") > 0 ? 0 : 1;
}"
}
#pragma GCC diagnostic pop"
HAVE_C99_VSNPRINTF
)
if (NOT HAVE_C99_VSNPRINTF)