From dc22d8d022496483722ed0b9b0365435c0616068 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 5 Sep 2019 09:34:34 -0400 Subject: [PATCH 1/3] Add an input check in psa_its_set --- library/psa_its_file.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 05ca8afc7..0935b2780 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -214,9 +214,12 @@ psa_status_t psa_its_set( psa_storage_uid_t uid, n = fwrite( &header, 1, sizeof( header ), stream ); if( n != sizeof( header ) ) goto exit; - n = fwrite( p_data, 1, data_length, stream ); - if( n != data_length ) - goto exit; + if( data_length != 0 ) + { + n = fwrite( p_data, 1, data_length, stream ); + if( n != data_length ) + goto exit; + } status = PSA_SUCCESS; exit: From 10d42b686ad3e84af6019fae12d9ba010e2d122e Mon Sep 17 00:00:00 2001 From: Unknown Date: Wed, 28 Aug 2019 02:29:20 -0400 Subject: [PATCH 2/3] Unify gcc and clang cmake flags to test with UBsan Previously, not all flags were supported by the gcc version that was used (pre-4.9). Now, since the minimum version gcc version tested is 5.4, the flags can be unified. --- CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 16d71979a..81fa6cb89 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -137,8 +137,8 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") - set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3") - set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ") + set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") + set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_CHECK "-Werror -Os") set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual") endif(CMAKE_COMPILER_IS_GNU) @@ -149,7 +149,7 @@ if(CMAKE_COMPILER_IS_CLANG) set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3") - set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ") + set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls") set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3") set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2") set(CMAKE_C_FLAGS_CHECK "-Werror -Os") From f094b53e8e6dff79cb62aaff532215b3b2f8e092 Mon Sep 17 00:00:00 2001 From: Unknown Date: Tue, 3 Sep 2019 07:52:21 -0400 Subject: [PATCH 3/3] all.sh: disable MEMORY_BUFFER_ALLOC in cmake asan build Enabling MBEDTLS_MEMORY_BUFFER_ALLOC_C bypasses ASan leak checks because system calloc() and free() aren't used. --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 244fdc327..20458af2c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -701,7 +701,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() { # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan" scripts/config.pl full - scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC scripts/config.pl set MBEDTLS_PSA_CRYPTO_C scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO