[tor-commits] [tor/master] Give a better warning when stack protection breaks linking.

nickm at torproject.org nickm at torproject.org
Mon Oct 21 17:08:57 UTC 2013 

commit 21ac292820da5784cf3c87e77df57b7594071d09
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Oct 21 13:07:47 2013 -0400

    Give a better warning when stack protection breaks linking.
    
    Fix for 9948; patch from Benedikt Gollatz.
---
 acinclude.m4    |    9 +++++++++
 changes/bug9948 |    6 ++++++
 configure.ac    |   11 ++++++++++-
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/acinclude.m4 b/acinclude.m4
index af15051..2943734 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -43,6 +43,8 @@ AC_DEFUN([TOR_DEFINE_CODEPATH],
 ])
 
 dnl 1:flags
+dnl 2:also try to link (yes: non-empty string)
+dnl   will set yes or no in $tor_can_link_$1 (as modified by AS_VAR_PUSHDEF)
 AC_DEFUN([TOR_CHECK_CFLAGS], [
   AS_VAR_PUSHDEF([VAR],[tor_cv_cflags_$1])
   AC_CACHE_CHECK([whether the compiler accepts $1], VAR, [
@@ -51,6 +53,13 @@ AC_DEFUN([TOR_CHECK_CFLAGS], [
     AC_TRY_COMPILE([], [return 0;],
                    [AS_VAR_SET(VAR,yes)],
                    [AS_VAR_SET(VAR,no)])
+    if test x$2 != x; then
+      AS_VAR_PUSHDEF([can_link],[tor_can_link_$1])
+      AC_TRY_LINK([], [return 0;],
+                  [AS_VAR_SET(can_link,yes)],
+                  [AS_VAR_SET(can_link,no)])
+      AS_VAR_POPDEF([can_link])
+    fi
     CFLAGS="$tor_saved_CFLAGS"
   ])
   if test x$VAR = xyes; then
diff --git a/changes/bug9948 b/changes/bug9948
new file mode 100644
index 0000000..6a673c0
--- /dev/null
+++ b/changes/bug9948
@@ -0,0 +1,6 @@
+  o Minor features (build):
+
+    - Check in configure whether we can link an executable when
+      stack protection is enabled so we can warn the user about a
+      potentially missing libssp. Addresses ticket 9948. Patch
+      from Benedikt Gollatz. 
diff --git a/configure.ac b/configure.ac
index 77767c5..f1fa881 100644
--- a/configure.ac
+++ b/configure.ac
@@ -589,7 +589,16 @@ if test x$enable_gcc_hardening != xno; then
     if test x$have_clang = xyes; then
         TOR_CHECK_CFLAGS(-Qunused-arguments)
     fi
-    TOR_CHECK_CFLAGS(-fstack-protector-all)
+    TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
+    AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
+    AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
+    AS_VAR_IF(can_compile, [yes],
+        AS_VAR_IF(can_link, [yes],
+                  [],
+                  AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
+        )
+    AS_VAR_POPDEF([can_link])
+    AS_VAR_POPDEF([can_compile])
     TOR_CHECK_CFLAGS(-Wstack-protector)
     TOR_CHECK_CFLAGS(-fwrapv)
     TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)

More information about the tor-commits mailing list