1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
dnl
dnl Useful macros for autoconf to check for ssp-patched gcc
dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org>
dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net>
dnl * Stricter language checking (C or C++)
dnl * Adds AX_GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary
dnl * Caches all results
dnl * Uses macros to ensure correct ouput in quiet/silent mode
dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net>
dnl * Added AX_GCC_STACK_PROTECTOR macro for simpler (one-line) invocation
dnl * AX_GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS
dnl h.1 - June 2015 - Michael Wobst <michael@wobst.at>
dnl * Added support for -fstack-protector-strong which is supported since gcc 4.9
dnl
dnl About ssp:
dnl GCC extension for protecting applications from stack-smashing attacks
dnl http://www.research.ibm.com/trl/projects/security/ssp/
dnl
dnl Usage:
dnl Most people will simply call AX_GCC_STACK_PROTECTOR.
dnl If you only use one of C or C++, you can save time by only calling the
dnl macro appropriate for that language. In that case you should also call
dnl AX_GCC_STACK_PROTECT_LIB first.
dnl
dnl AX_GCC_STACK_PROTECTOR
dnl Tries to turn on stack protection for C and C++ by calling the following
dnl three macros with the right languages.
dnl
dnl AX_GCC_STACK_PROTECT_CC
dnl checks -fstack-protector with the C compiler, if it exists then updates
dnl CFLAGS and defines ENABLE_SSP_CC
dnl
dnl AX_GCC_STACK_PROTECT_CXX
dnl checks -fstack-protector with the C++ compiler, if it exists then updates
dnl CXXFLAGS and defines ENABLE_SSP_CXX
dnl
dnl AX_GCC_STACK_PROTECT_LIB
dnl adds -lssp to LIBS if it is available
dnl ssp is usually provided as part of libc, but was previously a separate lib
dnl It does not hurt to add -lssp even if libc provides SSP - in that case
dnl libssp will simply be ignored.
dnl
AC_DEFUN([AX_GCC_STACK_PROTECT_LIB],[
AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib,
[ssp_old_libs="$LIBS"
LIBS="$LIBS -lssp"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_lib=yes], [ssp_cv_lib=no])
LIBS="$ssp_old_libs"
])
if test $ssp_cv_lib = yes; then
LIBS="$LIBS -lssp"
fi
])
AC_DEFUN([AX_GCC_STACK_PROTECT_CC],[
AC_LANG_ASSERT(C)
if test "X$CC" != "X"; then
AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-strong],
ssp_cv_cc,
[ssp_old_cflags="$CFLAGS"
CFLAGS="$CFLAGS -fstack-protector-strong"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cc=yes], [ssp_cv_cc=no])
CFLAGS="$ssp_old_cflags"
])
if test $ssp_cv_cc = yes; then
CFLAGS="$CFLAGS -fstack-protector-strong"
AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
else
unset ssp_cv_cc
AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
ssp_cv_cc,
[ssp_old_cflags="$CFLAGS"
CFLAGS="$CFLAGS -fstack-protector"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cc=yes], [ssp_cv_cc=no])
CFLAGS="$ssp_old_cflags"
])
if test $ssp_cv_cc = yes; then
CFLAGS="$CFLAGS -fstack-protector"
AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
fi
fi
fi
])
AC_DEFUN([AX_GCC_STACK_PROTECT_CXX],[
AC_LANG_ASSERT(C++)
if test "X$CXX" != "X"; then
AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector-strong],
ssp_cv_cxx,
[ssp_old_cxxflags="$CXXFLAGS"
CXXFLAGS="$CXXFLAGS -fstack-protector-strong"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cxx=yes], [ssp_cv_cxx=no])
CXXFLAGS="$ssp_old_cxxflags"
])
if test $ssp_cv_cxx = yes; then
CXXFLAGS="$CXXFLAGS -fstack-protector-strong"
AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
else
unset ssp_cv_cxx
AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector],
ssp_cv_cxx,
[ssp_old_cxxflags="$CXXFLAGS"
CXXFLAGS="$CXXFLAGS -fstack-protector"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cxx=yes], [ssp_cv_cxx=no])
CXXFLAGS="$ssp_old_cxxflags"
])
if test $ssp_cv_cxx = yes; then
CXXFLAGS="$CXXFLAGS -fstack-protector"
AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
fi
fi
fi
])
AC_DEFUN([AX_GCC_STACK_PROTECTOR],[
AX_GCC_STACK_PROTECT_LIB
AC_LANG_PUSH([C])
AX_GCC_STACK_PROTECT_CC
AC_LANG_POP([C])
AC_LANG_PUSH([C++])
AX_GCC_STACK_PROTECT_CXX
AC_LANG_POP([C++])
])
|
