diff --git a/include/ssp/stdio.h b/include/ssp/stdio.h index 17bda8d3ee2..73c601c408c 100644 --- a/include/ssp/stdio.h +++ b/include/ssp/stdio.h @@ -75,6 +75,13 @@ __ssp_redirect_raw_impl(char *, gets_s, gets_s, } retbuf = __ssp_real(gets_s)(buf, len); + + /* + * If the implementation did *not* handle the case correctly, then + * there's a risk that they could have corrupted us into not failing + * here. We have tests that cover this, so we'll just count on finding + * a broken implementation early on in a less hostile environmnt. + */ if (need_fail && retbuf != NULL) __chk_fail(); return (retbuf); diff --git a/lib/libc/tests/sys/Makefile b/lib/libc/tests/sys/Makefile index 88f8191a16e..ef689dcf019 100644 --- a/lib/libc/tests/sys/Makefile +++ b/lib/libc/tests/sys/Makefile @@ -22,6 +22,7 @@ NETBSD_ATF_TESTS_C+= dup_test NETBSD_ATF_TESTS_C+= fsync_test NETBSD_ATF_TESTS_C+= getcontext_test NETBSD_ATF_TESTS_C+= getgroups_test +FORTIFY_SOURCE.t_getgroups.c= 0 NETBSD_ATF_TESTS_C+= getitimer_test NETBSD_ATF_TESTS_C+= getlogin_test NETBSD_ATF_TESTS_C+= getpid_test diff --git a/tests/sys/audit/network.c b/tests/sys/audit/network.c index 2d9aed34111..52a8a25c091 100644 --- a/tests/sys/audit/network.c +++ b/tests/sys/audit/network.c @@ -29,6 +29,8 @@ #include #include +#include + #include #include #include @@ -959,7 +961,7 @@ ATF_TC_BODY(recvmsg_failure, tc) snprintf(extregex, sizeof(extregex), "recvmsg.*return,failure : Bad address"); FILE *pipefd = setup(fds, auclass); - ATF_REQUIRE_EQ(-1, recvmsg(-1, NULL, 0)); + ATF_REQUIRE_EQ(-1, __ssp_real(recvmsg)(-1, NULL, 0)); check_audit(fds, extregex, pipefd); }