m4/ax_gcc_stack_protect.m4


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

dnl
dnl Useful macros for autoconf to check for ssp-patched gcc
dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org>
dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net>
dnl     * Stricter language checking (C or C++)
dnl     * Adds AX_GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary
dnl     * Caches all results
dnl     * Uses macros to ensure correct ouput in quiet/silent mode
dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net>
dnl     * Added AX_GCC_STACK_PROTECTOR macro for simpler (one-line) invocation
dnl     * AX_GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS
dnl h.1 - June 2015 - Michael Wobst <michael@wobst.at>
dnl     * Added support for -fstack-protector-strong which is supported since gcc 4.9
dnl
dnl About ssp:
dnl GCC extension for protecting applications from stack-smashing attacks
dnl http://www.research.ibm.com/trl/projects/security/ssp/
dnl
dnl Usage:
dnl Most people will simply call AX_GCC_STACK_PROTECTOR.
dnl If you only use one of C or C++, you can save time by only calling the
dnl macro appropriate for that language. In that case you should also call
dnl AX_GCC_STACK_PROTECT_LIB first.
dnl
dnl AX_GCC_STACK_PROTECTOR
dnl Tries to turn on stack protection for C and C++ by calling the following
dnl three macros with the right languages.
dnl
dnl AX_GCC_STACK_PROTECT_CC
dnl checks -fstack-protector with the C compiler, if it exists then updates
dnl CFLAGS and defines ENABLE_SSP_CC
dnl
dnl AX_GCC_STACK_PROTECT_CXX
dnl checks -fstack-protector with the C++ compiler, if it exists then updates
dnl CXXFLAGS and defines ENABLE_SSP_CXX
dnl
dnl AX_GCC_STACK_PROTECT_LIB
dnl adds -lssp to LIBS if it is available
dnl ssp is usually provided as part of libc, but was previously a separate lib
dnl It does not hurt to add -lssp even if libc provides SSP - in that case
dnl libssp will simply be ignored.
dnl

AC_DEFUN([AX_GCC_STACK_PROTECT_LIB],[
  AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib,
    [ssp_old_libs="$LIBS"
     LIBS="$LIBS -lssp"
     AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_lib=yes], [ssp_cv_lib=no])
     LIBS="$ssp_old_libs"
    ])
  if test $ssp_cv_lib = yes; then
    LIBS="$LIBS -lssp"
  fi
])

AC_DEFUN([AX_GCC_STACK_PROTECT_CC],[
  AC_LANG_ASSERT(C)
  if test "X$CC" != "X"; then
    AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-strong],
      ssp_cv_cc,
      [ssp_old_cflags="$CFLAGS"
       CFLAGS="$CFLAGS -fstack-protector-strong"
       AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cc=yes], [ssp_cv_cc=no])
       CFLAGS="$ssp_old_cflags"
      ])
    if test $ssp_cv_cc = yes; then
      CFLAGS="$CFLAGS -fstack-protector-strong"
      AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
    else
      unset ssp_cv_cc
      AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
        ssp_cv_cc,
        [ssp_old_cflags="$CFLAGS"
         CFLAGS="$CFLAGS -fstack-protector"
         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cc=yes], [ssp_cv_cc=no])
         CFLAGS="$ssp_old_cflags"
        ])
      if test $ssp_cv_cc = yes; then
        CFLAGS="$CFLAGS -fstack-protector"
        AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
      fi
    fi
  fi
])

AC_DEFUN([AX_GCC_STACK_PROTECT_CXX],[
  AC_LANG_ASSERT(C++)
  if test "X$CXX" != "X"; then
    AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector-strong],
      ssp_cv_cxx,
      [ssp_old_cxxflags="$CXXFLAGS"
       CXXFLAGS="$CXXFLAGS -fstack-protector-strong"
       AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cxx=yes], [ssp_cv_cxx=no])
       CXXFLAGS="$ssp_old_cxxflags"
      ])
    if test $ssp_cv_cxx = yes; then
      CXXFLAGS="$CXXFLAGS -fstack-protector-strong"
      AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
    else
      unset ssp_cv_cxx
      AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector],
        ssp_cv_cxx,
        [ssp_old_cxxflags="$CXXFLAGS"
         CXXFLAGS="$CXXFLAGS -fstack-protector"
         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])], [ssp_cv_cxx=yes], [ssp_cv_cxx=no])
         CXXFLAGS="$ssp_old_cxxflags"
        ])
      if test $ssp_cv_cxx = yes; then
        CXXFLAGS="$CXXFLAGS -fstack-protector"
        AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
      fi
    fi
  fi
])

AC_DEFUN([AX_GCC_STACK_PROTECTOR],[
  AX_GCC_STACK_PROTECT_LIB

  AC_LANG_PUSH([C])
  AX_GCC_STACK_PROTECT_CC
  AC_LANG_POP([C])

  AC_LANG_PUSH([C++])
  AX_GCC_STACK_PROTECT_CXX
  AC_LANG_POP([C++])
])