Commit ebaaa483 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Make our compiler-hardening checks robust against MinGW

First, specify -Werror when we are testing each option; if it causes
a warning to appear, we shouldn't be adding it.

Second, do not attempt to add these options until after we have
found the libraries we want.  Previously, I would hit a bug where
the linker hardening options worked fine when we weren't linking
anything, but failed completely once we added openssl or libevent.
parent e6dbe693
......@@ -46,7 +46,7 @@ AC_DEFUN([TOR_CHECK_CFLAGS], [
AS_VAR_PUSHDEF([VAR],[tor_cv_cflags_$1])
AC_CACHE_CHECK([whether the compiler accepts $1], VAR, [
tor_saved_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -pedantic $1"
CFLAGS="$CFLAGS -pedantic -Werror $1"
AC_TRY_COMPILE([], [return 0;],
[AS_VAR_SET(VAR,yes)],
[AS_VAR_SET(VAR,no)])
......@@ -59,15 +59,23 @@ AC_DEFUN([TOR_CHECK_CFLAGS], [
])
dnl 1:flags
dnl 2:extra ldflags
dnl 3:extra libraries
AC_DEFUN([TOR_CHECK_LDFLAGS], [
AS_VAR_PUSHDEF([VAR],[tor_cv_ldflags_$1])
AC_CACHE_CHECK([whether the linker accepts $1], VAR, [
tor_saved_CFLAGS="$CFLAGS"
tor_saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -pedantic $1"
tor_saved_LIBS="$LIBS"
CFLAGS="$CFLAGS -pedantic -Werror"
LDFLAGS="$LDFLAGS $2 $1"
LIBS="$LIBS $3"
AC_TRY_LINK([], [return 0;],
[AS_VAR_SET(VAR,yes)],
[AS_VAR_SET(VAR,no)])
CFLAGS="$tor_saved_CFLAGS"
LDFLAGS="$tor_saved_LDFLAGS"
LIBS="$tor_saved_LIBS"
])
if test x$VAR = xyes; then
LDFLAGS="$LDFLAGS $1"
......
......@@ -171,21 +171,6 @@ AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue)
AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue)
AM_PROG_CC_C_O
if test x$enable_gcc_hardening != xno; then
CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
TOR_CHECK_CFLAGS(-Qunused-arguments)
TOR_CHECK_CFLAGS(-fstack-protector-all)
TOR_CHECK_CFLAGS(-Wstack-protector)
TOR_CHECK_CFLAGS(-fwrapv)
TOR_CHECK_CFLAGS(-fPIE)
TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
TOR_CHECK_LDFLAGS(-pie)
fi
if test x$enable_linker_hardening != xno; then
TOR_CHECK_LDFLAGS(-z relro -z now)
fi
ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
AC_C_FLEXIBLE_ARRAY_MEMBER
], [
......@@ -566,8 +551,29 @@ else
fi
AC_SUBST(TOR_ZLIB_LIBS)
dnl Make sure to enable support for large off_t if available.
dnl ---------------------------------------------------------------------
dnl Now that we know about our major libraries, we can check for compiler
dnl and linker hardening options. We need to do this with the libraries known,
dnl since sometimes the linker will like an option but not be willing to
dnl use it with a build of a library.
all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
if test x$enable_gcc_hardening != xno; then
CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
TOR_CHECK_CFLAGS(-Qunused-arguments)
TOR_CHECK_CFLAGS(-fstack-protector-all)
TOR_CHECK_CFLAGS(-Wstack-protector)
TOR_CHECK_CFLAGS(-fwrapv)
TOR_CHECK_CFLAGS(-fPIE)
TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
fi
if test x$enable_linker_hardening != xno; then
TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
fi
dnl ------------------------------------------------------
dnl Where do you live, libnatpmp? And how do we call you?
......@@ -609,6 +615,7 @@ if test "$upnp" = "true"; then
[/usr/lib/])
fi
dnl Make sure to enable support for large off_t if available.
AC_SYS_LARGEFILE
AC_CHECK_HEADERS(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment