Prints the hardening status on global init to the log. Closes #2027. Was #2040.
int hb_global_init()
{
+ /* Print hardening status on global init */
+#ifdef HB_PROJECT_HOST_HARDEN
+ hb_log( "Compile-time hardening features are enabled" );
+#endif
+
int result = 0;
result = hb_platform_init();
<<#>>define HB_PROJECT_HOST_RELEASE "__HOST_release"
<<#>>define HB_PROJECT_HOST_TITLE "__HOST_title"
<<#>>define HB_PROJECT_HOST_ARCH "__HOST_arch"
+<<#>>define HB_PROJECT_HOST_HARDEN __HOST_harden
<<#>>define HB_PROJECT_FEATURE_ASM __FEATURE_asm
<<#>>define HB_PROJECT_FEATURE_FDK_AAC __FEATURE_fdk_aac
#import "HBOutputRedirect.h"
#import "HBOutputFileWriter.h"
#import "HBUtilities.h"
+#import "project.h"
/// Maximum amount of characters that can be shown in the view.
#define TextStorageUpperSizeLimit 125000
NSDictionary *infoDict = [[NSBundle mainBundle] infoDictionary];
NSString *versionStringFull = [NSString stringWithFormat:@"Handbrake Version: %@ (%@)", infoDict[@"CFBundleShortVersionString"], infoDict[@"CFBundleVersion"]];
[HBUtilities writeToActivityLog: "%s", versionStringFull.UTF8String];
+
+ // Lets also report the hardening status to the activity log, if enabled
+#if HB_PROJECT_HOST_HARDEN == 1
+ [HBUtilities writeToActivityLog:"Compile-time hardening features are enabled"];
+#endif
}
return self;
}
## special cases in that powerpc does not match gcc -arch value
## which we like to use; so it has to be removed.
- ## note: we don't know if apple will release Ssnow Leopad/ppc64 yet; just a guess.
+ ## note: we don't know if apple will release Snow Leopard/ppc64 yet; just a guess.
if 'powerpc' in self.mode:
del self.mode['powerpc']
self.mode.mode = 'ppc'
arch.mode.cli_add_argument( grp, '--arch' )
grp.add_argument( '--cross', default=None, action='store', metavar='SPEC',
help='specify GCC cross-compilation spec' )
+ grp.add_argument( '--enable-hardening', dest="enable_host_harden", default=None, action='store_true',
+ help='enable buffer overflow protection' )
cli.add_argument_group( grp )
## add Xcode options
doc.add( 'HOST.cross.prefix', '' )
doc.add( 'HOST.arch', arch.mode.mode )
+ doc.add( 'HOST.harden', int( options.enable_host_harden != None))
doc.addBlank()
doc.add( 'SRC', cfg.src_final )
GCC.args.extra.cpp_o =
GCC.args.extra.dylib++ = $(LDFLAGS)
GCC.args.extra.exe++ = $(LDFLAGS)
+# If hardening is enabled -D_FORTIFY_SOURCE=2 adds compile-time protection and run-time
+# checking against static sized buffer overflow flaws. -fstack-protector-strong enables
+# stack canaries to detect stack buffer overflows (stack overwrites).
+ifeq (1,$(HOST.harden))
+ GCC.args.extra += $(CFLAGS) $(CXXFLAGS) $(CPPFLAGS) -fstack-protector-strong -D_FORTIFY_SOURCE=2
+ GCC.args.extra.exe += -fstack-protector-strong
+endif
###############################################################################
projects / handbrake / commitdiff