When checking for stack protector support we need to actually link

the test program.

diff --git a/configure b/configure
index b8b22e5142d87b2464a1a7a46afbe64ae9e9d111..6a27b2f639283290b0cc06a034df4f64e604eb20 100755 (executable)
--- a/configure
+++ b/configure
@@ -23922,11 +23922,17 @@ if ${sudo_cv_var_stack_protector+:} false; then :
   $as_echo_n "(cached) " >&6
 else
 
-           sudo_cv_var_stack_protector=no
+           # Avoid using CFLAGS since the compiler might optimize away our
+           # test.  We don't want LIBS to interfere with the test but keep
+           # LDFLAGS as it may have an rpath needed to find the ssp lib.
            _CFLAGS="$CFLAGS"
            _LDFLAGS="$LDFLAGS"
-           CFLAGS="-fstack-protector-strong"
-           LDFLAGS="$_LDFLAGS -fstack-protector-strong"
+           _LIBS="$LIBS"
+           LIBS=
+
+           sudo_cv_var_stack_protector="-fstack-protector-strong"
+           CFLAGS="$sudo_cv_var_stack_protector"
+           LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
            cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -23940,14 +23946,13 @@ char buf[1024]; buf[1023] = '\0';
 }
 
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-               sudo_cv_var_stack_protector="-fstack-protector-strong"
+if ac_fn_c_try_link "$LINENO"; then :
 
 else
 
-               CFLAGS="-fstack-protector-all"
-               LDFLAGS="$_LDFLAGS -fstack-protector-all"
+               sudo_cv_var_stack_protector="-fstack-protector-all"
+               CFLAGS="$sudo_cv_var_stack_protector"
+               LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
                cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -23961,14 +23966,13 @@ char buf[1024]; buf[1023] = '\0';
 }
 
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
-                   sudo_cv_var_stack_protector="-fstack-protector-all"
+if ac_fn_c_try_link "$LINENO"; then :
 
 else
 
-                   CFLAGS="-fstack-protector"
-                   LDFLAGS="$_LDFLAGS -fstack-protector"
+                   sudo_cv_var_stack_protector="-fstack-protector"
+                   CFLAGS="$sudo_cv_var_stack_protector"
+                   LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
                    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -23982,20 +23986,26 @@ char buf[1024]; buf[1023] = '\0';
 }
 
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
+
+else
 
-                       sudo_cv_var_stack_protector="-fstack-protector"
+                       sudo_cv_var_stack_protector=no
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
            CFLAGS="$_CFLAGS"
            LDFLAGS="$_LDFLAGS"
+           LIBS="$_LIBS"
 
 
 fi

diff --git a/configure.ac b/configure.ac
index 958b5724384758fcc4555278ca00aecd71326cf7..97253eed1146a6187f339e66655a0000dc07dc81 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -3981,37 +3981,42 @@ if test "$enable_hardening" != "no"; then
     AC_CACHE_CHECK([for compiler stack protector support],
        [sudo_cv_var_stack_protector],
        [
-           sudo_cv_var_stack_protector=no
+           # Avoid using CFLAGS since the compiler might optimize away our
+           # test.  We don't want LIBS to interfere with the test but keep
+           # LDFLAGS as it may have an rpath needed to find the ssp lib.
            _CFLAGS="$CFLAGS"
            _LDFLAGS="$LDFLAGS"
-           CFLAGS="-fstack-protector-strong"
-           LDFLAGS="$_LDFLAGS -fstack-protector-strong"
-           AC_COMPILE_IFELSE([
+           _LIBS="$LIBS"
+           LIBS=
+
+           sudo_cv_var_stack_protector="-fstack-protector-strong"
+           CFLAGS="$sudo_cv_var_stack_protector"
+           LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
+           AC_LINK_IFELSE([
                AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
                [[char buf[1024]; buf[1023] = '\0';]])
-           ], [
-               sudo_cv_var_stack_protector="-fstack-protector-strong"
-           ], [
-               CFLAGS="-fstack-protector-all"
-               LDFLAGS="$_LDFLAGS -fstack-protector-all"
-               AC_COMPILE_IFELSE([
+           ], [], [
+               sudo_cv_var_stack_protector="-fstack-protector-all"
+               CFLAGS="$sudo_cv_var_stack_protector"
+               LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
+               AC_LINK_IFELSE([
                    AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
                    [[char buf[1024]; buf[1023] = '\0';]])
-               ], [
-                   sudo_cv_var_stack_protector="-fstack-protector-all"
-               ], [
-                   CFLAGS="-fstack-protector"
-                   LDFLAGS="$_LDFLAGS -fstack-protector"
-                   AC_COMPILE_IFELSE([
+               ], [], [
+                   sudo_cv_var_stack_protector="-fstack-protector"
+                   CFLAGS="$sudo_cv_var_stack_protector"
+                   LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector"
+                   AC_LINK_IFELSE([
                        AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT],
                        [[char buf[1024]; buf[1023] = '\0';]])
-                   ], [
-                       sudo_cv_var_stack_protector="-fstack-protector"
-                   ], [])
+                   ], [], [
+                       sudo_cv_var_stack_protector=no
+                   ])
                ])
            ])
            CFLAGS="$_CFLAGS"
            LDFLAGS="$_LDFLAGS"
+           LIBS="$_LIBS"
        ]
     )
     if test X"$sudo_cv_var_stack_protector" != X"no"; then