diff -rup annobin.orig/Makefile.in annobin-9.85/Makefile.in --- annobin.orig/Makefile.in 2021-10-26 17:10:33.392288827 +0100 +++ annobin-9.85/Makefile.in 2021-10-26 17:15:05.325273986 +0100 @@ -323,6 +323,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ Only in annobin-9.85: Makefile.in.orig Only in annobin.orig/: annobin-9.85 diff -rup annobin.orig/annocheck/Makefile.in annobin-9.85/annocheck/Makefile.in --- annobin.orig/annocheck/Makefile.in 2021-10-26 17:10:33.394288820 +0100 +++ annobin-9.85/annocheck/Makefile.in 2021-10-26 17:15:05.326273983 +0100 @@ -314,6 +314,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ Only in annobin-9.85/annocheck: Makefile.in.orig diff -rup annobin.orig/annocheck/hardened.c annobin-9.85/annocheck/hardened.c --- annobin.orig/annocheck/hardened.c 2021-10-26 17:10:33.395288816 +0100 +++ annobin-9.85/annocheck/hardened.c 2021-10-26 17:45:44.193418342 +0100 @@ -39,6 +39,7 @@ #define SOURCE_SKIP_CHECKS "special case exceptions" #define SOURCE_STRING_SECTION "string section" #define SOURCE_COMMENT_SECTION "comment section" +#define SOURCE_SYMBOL_SECTION "symbol section" #define SOURCE_RODATA_SECTION ".rodata section" #define GOLD_COLOUR "\e[33;40m" @@ -206,6 +207,7 @@ enum test_index TEST_STACK_REALIGN, TEST_TEXTREL, TEST_THREADS, + TEST_UNICODE, TEST_WARNINGS, TEST_WRITEABLE_GOT, @@ -250,6 +252,7 @@ static test tests [TEST_MAX] = TEST (stack-realign, STACK_REALIGN, "Compiled with -mstackrealign (i686 only)"), TEST (textrel, TEXTREL, "There are no text relocations in the binary"), TEST (threads, THREADS, "Compiled with -fexceptions"), + TEST (unicode, UNICODE, "No unicode symbol names"), TEST (warnings, WARNINGS, "Compiled with -Wall"), TEST (writeable-got, WRITEABLE_GOT, "The .got section is not writeable"), }; @@ -1053,6 +1056,11 @@ interesting_sec (annocheck_data * da if (streq (sec->secname, ".gdb_index")) per_file.debuginfo_file = true; + if (tests[TEST_UNICODE].enabled + && (sec->shdr.sh_type == SHT_SYMTAB + || sec->shdr.sh_type == SHT_DYNSYM)) + return true; + if (streq (sec->secname, ".text")) { /* Separate debuginfo files have a .text section with a non-zero @@ -3066,6 +3074,64 @@ check_code_section (annocheck_data * } static bool +contains_suspicious_characters (const unsigned char * name) +{ + uint i; + uint len = strlen ((const char *) name); + + /* FIXME: Test that locale is UTF-8. */ + + for (i = 0; i < len; i++) + { + unsigned char c = name[i]; + + if (isgraph (c)) + continue; + + /* Control characters are always suspect. So are spaces and DEL */ + if (iscntrl (c) || c == ' ' || c == 0x7f) + return true; + + if (c < 0x7f) /* This test is probably redundant. */ + continue; + + return true; + } + + return false; +} + +static bool +check_symbol_section (annocheck_data * data, annocheck_section * sec) +{ + if (! tests[TEST_UNICODE].enabled) + return true; + + /* Scan the symbols looking for non-ASCII characters in their names + that might cause problems. Note - we do not examine the string + tables directly as there are perfectly legitimate reasons why these + characters might appear in strings. But when they are used for + identifier names, their use is ... problematic. */ + GElf_Sym sym; + uint symndx; + + for (symndx = 1; gelf_getsym (sec->data, symndx, & sym) != NULL; symndx++) + { + const char * symname = elf_strptr (data->elf, sec->shdr.sh_link, sym.st_name); + + if (contains_suspicious_characters ((const unsigned char *) symname)) + { + fail (data, TEST_UNICODE, SOURCE_SYMBOL_SECTION, "suspicious characters were found in a symbol name"); + einfo (VERBOSE, "%s: info: symname: '%s', (%lu bytes long) in section: %s", + get_filename (data), symname, (unsigned long) strlen (symname), sec->secname); + if (!BE_VERBOSE) + break; + } + } + return true; +} + +static bool check_sec (annocheck_data * data, annocheck_section * sec) { @@ -3076,6 +3142,8 @@ check_sec (annocheck_data * data, selected in interesting_sec(). */ switch (sec->shdr.sh_type) { + case SHT_SYMTAB: + case SHT_DYNSYM: return check_symbol_section (data, sec); case SHT_NOTE: return check_note_section (data, sec); case SHT_STRTAB: return check_string_section (data, sec); case SHT_DYNAMIC: return check_dynamic_section (data, sec); @@ -3801,6 +3869,7 @@ finish (annocheck_data * data) case TEST_RWX_SEG: case TEST_TEXTREL: case TEST_THREADS: + case TEST_UNICODE: case TEST_WRITEABLE_GOT: /* The absence of a result for these tests actually means that they have passed. */ pass (data, i, SOURCE_FINAL_SCAN, NULL); Only in annobin-9.85/annocheck: hardened.c.orig Only in annobin-9.85/annocheck: hardened.c.rej Only in annobin-9.85: autom4te.cache diff -rup annobin.orig/configure annobin-9.85/configure --- annobin.orig/configure 2021-10-26 17:10:33.391288831 +0100 +++ annobin-9.85/configure 2021-10-26 17:15:05.328273975 +0100 @@ -765,6 +765,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -863,6 +864,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1115,6 +1117,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1252,7 +1263,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1405,6 +1416,7 @@ Fine tuning of the installation director --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] Only in annobin-9.85: configure.orig diff -rup annobin.orig/doc/Makefile.in annobin-9.85/doc/Makefile.in --- annobin.orig/doc/Makefile.in 2021-10-26 17:10:33.392288827 +0100 +++ annobin-9.85/doc/Makefile.in 2021-10-26 17:15:05.328273975 +0100 @@ -329,6 +329,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ Only in annobin-9.85/doc: Makefile.in.orig diff -rup annobin.orig/doc/annobin.info annobin-9.85/doc/annobin.info --- annobin.orig/doc/annobin.info 2021-10-26 17:10:33.392288827 +0100 +++ annobin-9.85/doc/annobin.info 2021-10-26 17:45:01.856580284 +0100 @@ -751,6 +751,7 @@ File: annobin.info, Node: Hardened, Ne [-skip-stack-realign] [-skip-textrel] [-skip-threads] + [-skip-unicode] [-skip-warnings] [-skip-writeable-got] [-test-NAME] @@ -877,6 +878,10 @@ code to support the test. Check that the program was built by a production-ready compiler. Disabled by '--skip-production'. +'Unicode' + This test checks for the presence of multibyte characters in symbol + names, which are unusual and potentially dangerous. + The tool does support a couple of other command line options as well: '--skip-future' @@ -2023,16 +2028,16 @@ Node: The INSTRUMENT Encoding20418 Node: Annocheck21792 Node: Built-By25082 Node: Hardened26612 -Node: Notes33626 -Node: Section-Size34270 -Node: Timing36424 -Node: Configure Options37071 -Node: Legacy Scripts39411 -Node: Who Built Me40186 -Node: ABI Checking42946 -Node: Hardening Checks45060 -Node: Checking Archives49146 -Node: GNU FDL51568 +Node: Notes33790 +Node: Section-Size34434 +Node: Timing36588 +Node: Configure Options37235 +Node: Legacy Scripts39575 +Node: Who Built Me40350 +Node: ABI Checking43110 +Node: Hardening Checks45224 +Node: Checking Archives49310 +Node: GNU FDL51732  End Tag Table Only in annobin-9.85/doc: annobin.info.rej diff -rup annobin.orig/doc/annobin.texi annobin-9.85/doc/annobin.texi --- annobin.orig/doc/annobin.texi 2021-10-26 17:10:33.392288827 +0100 +++ annobin-9.85/doc/annobin.texi 2021-10-26 17:43:47.567864465 +0100 @@ -855,6 +855,7 @@ annocheck [@b{--skip-stack-realign}] [@b{--skip-textrel}] [@b{--skip-threads}] + [@b{--skip-unicode}] [@b{--skip-warnings}] [@b{--skip-writeable-got}] [@b{--test-@var{name}}] @@ -996,6 +997,11 @@ Check that the program makes consistent @item Production Ready Compiler Check that the program was built by a production-ready compiler. Disabled by @option{--skip-production}. + +@item Unicode +This test checks for the presence of multibyte characters in symbol +names, which are unusual and potentially dangerous. + @end table The tool does support a couple of other command line options as well: Only in annobin-9.85/doc: annobin.texi.orig Only in annobin-9.85/doc: annobin.texi.rej diff -rup annobin.orig/gcc-plugin/Makefile.in annobin-9.85/gcc-plugin/Makefile.in --- annobin.orig/gcc-plugin/Makefile.in 2021-10-26 17:10:33.394288820 +0100 +++ annobin-9.85/gcc-plugin/Makefile.in 2021-10-26 17:15:25.800197574 +0100 @@ -333,6 +333,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ Only in annobin-9.85/gcc-plugin: Makefile.in.orig diff -rup annobin.orig/scripts/Makefile.in annobin-9.85/scripts/Makefile.in --- annobin.orig/scripts/Makefile.in 2021-10-26 17:10:33.392288827 +0100 +++ annobin-9.85/scripts/Makefile.in 2021-10-26 17:15:25.801197570 +0100 @@ -284,6 +284,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ Only in annobin-9.85/scripts: Makefile.in.orig diff -rup annobin.orig/tests/Makefile.am annobin-9.85/tests/Makefile.am --- annobin.orig/tests/Makefile.am 2021-10-26 17:10:33.395288816 +0100 +++ annobin-9.85/tests/Makefile.am 2021-10-26 17:44:30.365700747 +0100 @@ -22,6 +22,7 @@ TESTS=compile-test \ missing-notes-test \ active-checks-test \ property-note-test \ + unicode-test \ hardening-fail-test if HAVE_DEBUGINFOD Only in annobin-9.85/tests: Makefile.am.orig Only in annobin-9.85/tests: Makefile.am.rej diff -rup annobin.orig/tests/Makefile.in annobin-9.85/tests/Makefile.in --- annobin.orig/tests/Makefile.in 2021-10-26 17:10:33.395288816 +0100 +++ annobin-9.85/tests/Makefile.in 2021-10-26 17:45:48.673401205 +0100 @@ -459,6 +459,7 @@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -479,7 +480,7 @@ TESTS = compile-test abi-test active-che hardening-test instrumentation-test lto-test \ missing-notes-test objcopy-test section-size-test \ missing-notes-test active-checks-test property-note-test \ - hardening-fail-test $(am__append_1) + unicode-test hardening-fail-test $(am__append_1) all: all-am .SUFFIXES: @@ -764,6 +765,13 @@ property-note-test.log: property-note-te $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +unicode-test.log: unicode-test + @p='unicode-test'; \ + b='unicode-test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) debuginfod-test.log: debuginfod-test @p='debuginfod-test'; \ Only in annobin-9.85/tests: Makefile.in.orig Only in annobin-9.85/tests: Makefile.in.rej Only in annobin-9.85/tests: trick-hello.s Only in annobin-9.85/tests: unicode-test --- /dev/null 2021-10-25 08:23:06.499675237 +0100 +++ annobin-9.85/tests/unicode-test 2021-10-26 17:50:14.620383879 +0100 @@ -0,0 +1,45 @@ +#!/bin/bash + +# Copyright (c) 2021 Red Hat. +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published +# by the Free Software Foundation; either version 3, or (at your +# option) any later version. +# +# It is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +TEST_NAME=unicode +. $srcdir/common.sh + +OPTS="-O2 -g -Wl,-z,now -pie -fpie" + +start_test + +$GCC $OPTS $srcdir/trick-hello.s -o trick-hello.exe +if [ $? != 0 ]; +then + echo "unicode-test: FAIL: Could not compile test source file" + end_test + exit 1 +fi + +# Run annocheck + +OPTS="--ignore-gaps --skip-all --test-unicode" + +$ANNOCHECK trick-hello.exe $OPTS > unicode.out +grep -e "FAIL: unicode" unicode.out +if [ $? != 0 ]; +then + echo "unicode-test: FAIL: annocheck did not detect suspicious symbol names" + $ANNOCHECK trick-hello.exe $OPTS --verbose + end_test + exit 1 +fi + +end_test + --- /dev/null 2021-10-25 08:23:06.499675237 +0100 +++ annobin-9.85/tests/trick-hello.s 2021-10-26 17:15:25.803197562 +0100 @@ -0,0 +1,33 @@ + .file "trick-hello.c" + .text + .section .rodata +.LC0: + .string "hah, gotcha!" + .text + .globl he‮oll‬ + .type he‮oll‬, @function +he‮oll‬: +.LFB0: + nop +.LFE0: + .size he‮oll‬, .-he‮oll‬ + .section .rodata +.LC1: + .string "Hello world" + .text + .globl hello + .type hello, @function +hello: +.LFB1: + nop +.LFE1: + .size hello, .-hello + .globl main + .type main, @function +main: +.LFB2: + nop +.LFE2: + .size main, .-main + .ident "GCC: (GNU) 11.2.1 20210728 (Red Hat 11.2.1-1)" + .section .note.GNU-stack,"",@progbits