1 |
dnl |
2 |
dnl Useful macros for autoconf to check for ssp-patched gcc |
3 |
dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org> |
4 |
dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net> |
5 |
dnl * Stricter language checking (C or C++) |
6 |
dnl * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary |
7 |
dnl * Caches all results |
8 |
dnl * Uses macros to ensure correct ouput in quiet/silent mode |
9 |
dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net> |
10 |
dnl * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation |
11 |
dnl * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS |
12 |
dnl h.1 - June 2015 - Michael Wobst <michael@wobst.at> |
13 |
dnl * Added support for -fstack-protector-strong which is supported since gcc 4.9 |
14 |
dnl |
15 |
dnl About ssp: |
16 |
dnl GCC extension for protecting applications from stack-smashing attacks |
17 |
dnl http://www.research.ibm.com/trl/projects/security/ssp/ |
18 |
dnl |
19 |
dnl Usage: |
20 |
dnl Most people will simply call GCC_STACK_PROTECTOR. |
21 |
dnl If you only use one of C or C++, you can save time by only calling the |
22 |
dnl macro appropriate for that language. In that case you should also call |
23 |
dnl GCC_STACK_PROTECT_LIB first. |
24 |
dnl |
25 |
dnl GCC_STACK_PROTECTOR |
26 |
dnl Tries to turn on stack protection for C and C++ by calling the following |
27 |
dnl three macros with the right languages. |
28 |
dnl |
29 |
dnl GCC_STACK_PROTECT_CC |
30 |
dnl checks -fstack-protector with the C compiler, if it exists then updates |
31 |
dnl CFLAGS and defines ENABLE_SSP_CC |
32 |
dnl |
33 |
dnl GCC_STACK_PROTECT_CXX |
34 |
dnl checks -fstack-protector with the C++ compiler, if it exists then updates |
35 |
dnl CXXFLAGS and defines ENABLE_SSP_CXX |
36 |
dnl |
37 |
dnl GCC_STACK_PROTECT_LIB |
38 |
dnl adds -lssp to LIBS if it is available |
39 |
dnl ssp is usually provided as part of libc, but was previously a separate lib |
40 |
dnl It does not hurt to add -lssp even if libc provides SSP - in that case |
41 |
dnl libssp will simply be ignored. |
42 |
dnl |
43 |
|
44 |
AC_DEFUN([GCC_STACK_PROTECT_LIB],[ |
45 |
AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib, |
46 |
[ssp_old_libs="$LIBS" |
47 |
LIBS="$LIBS -lssp" |
48 |
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_lib=yes], [ssp_cv_lib=no]) |
49 |
LIBS="$ssp_old_libs" |
50 |
]) |
51 |
if test $ssp_cv_lib = yes; then |
52 |
LIBS="$LIBS -lssp" |
53 |
fi |
54 |
]) |
55 |
|
56 |
AC_DEFUN([GCC_STACK_PROTECT_CC],[ |
57 |
AC_LANG_ASSERT(C) |
58 |
if test "X$CC" != "X"; then |
59 |
AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-strong], |
60 |
ssp_cv_cc, |
61 |
[ssp_old_cflags="$CFLAGS" |
62 |
CFLAGS="$CFLAGS -fstack-protector-strong" |
63 |
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cc=yes], [ssp_cv_cc=no]) |
64 |
CFLAGS="$ssp_old_cflags" |
65 |
]) |
66 |
if test $ssp_cv_cc = yes; then |
67 |
CFLAGS="$CFLAGS -fstack-protector-strong" |
68 |
AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) |
69 |
else |
70 |
unset ssp_cv_cc |
71 |
AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], |
72 |
ssp_cv_cc, |
73 |
[ssp_old_cflags="$CFLAGS" |
74 |
CFLAGS="$CFLAGS -fstack-protector" |
75 |
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cc=yes], [ssp_cv_cc=no]) |
76 |
CFLAGS="$ssp_old_cflags" |
77 |
]) |
78 |
if test $ssp_cv_cc = yes; then |
79 |
CFLAGS="$CFLAGS -fstack-protector" |
80 |
AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) |
81 |
fi |
82 |
fi |
83 |
fi |
84 |
]) |
85 |
|
86 |
AC_DEFUN([GCC_STACK_PROTECT_CXX],[ |
87 |
AC_LANG_ASSERT(C++) |
88 |
if test "X$CXX" != "X"; then |
89 |
AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector-strong], |
90 |
ssp_cv_cxx, |
91 |
[ssp_old_cxxflags="$CXXFLAGS" |
92 |
CXXFLAGS="$CXXFLAGS -fstack-protector-strong" |
93 |
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cxx=yes], [ssp_cv_cxx=no]) |
94 |
CXXFLAGS="$ssp_old_cxxflags" |
95 |
]) |
96 |
if test $ssp_cv_cxx = yes; then |
97 |
CXXFLAGS="$CXXFLAGS -fstack-protector-strong" |
98 |
AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.]) |
99 |
else |
100 |
unset ssp_cv_cxx |
101 |
AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector], |
102 |
ssp_cv_cxx, |
103 |
[ssp_old_cxxflags="$CXXFLAGS" |
104 |
CXXFLAGS="$CXXFLAGS -fstack-protector" |
105 |
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cxx=yes], [ssp_cv_cxx=no]) |
106 |
CXXFLAGS="$ssp_old_cxxflags" |
107 |
]) |
108 |
if test $ssp_cv_cxx = yes; then |
109 |
CXXFLAGS="$CXXFLAGS -fstack-protector" |
110 |
AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.]) |
111 |
fi |
112 |
fi |
113 |
fi |
114 |
]) |
115 |
|
116 |
AC_DEFUN([GCC_STACK_PROTECTOR],[ |
117 |
GCC_STACK_PROTECT_LIB |
118 |
|
119 |
AC_LANG_PUSH([C]) |
120 |
GCC_STACK_PROTECT_CC |
121 |
AC_LANG_POP([C]) |
122 |
|
123 |
AC_LANG_PUSH([C++]) |
124 |
GCC_STACK_PROTECT_CXX |
125 |
AC_LANG_POP([C++]) |
126 |
]) |