From 58e8a24b1731850e8167e19fb0b7fa01ad40b25b Mon Sep 17 00:00:00 2001 From: ulvii Date: Fri, 30 Jun 2017 16:28:04 -0700 Subject: [PATCH] Fixing issues reported by binary analysis - Hardening checks (#460) * Adding compiler and linker options for hardening check * Update config.m4 * Adding fstack protector to compiler options * Detect platform in config.m4 * Removing the newly added linker flag, because its breaking the PDO_SQLSRV load. Creating a backlog item * Update config.m4 * Update config.m4 * Testing with -O3 * Adding optimization flag to windows config files * Update config.w32 --- source/pdo_sqlsrv/config.m4 | 12 +++++++----- source/pdo_sqlsrv/config.w32 | 1 + source/sqlsrv/config.m4 | 16 +++++++++------- source/sqlsrv/config.w32 | 1 + 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/source/pdo_sqlsrv/config.m4 b/source/pdo_sqlsrv/config.m4 index 328bbe6b..dd5cd012 100644 --- a/source/pdo_sqlsrv/config.m4 +++ b/source/pdo_sqlsrv/config.m4 @@ -52,8 +52,14 @@ if test "$PHP_PDO_SQLSRV" != "no"; then fi AC_MSG_RESULT($pdo_sqlsrv_inc_path) - + HOST_OS_ARCH=`uname` + if test "${HOST_OS_ARCH}" = "Darwin"; then + MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion` + fi + CXXFLAGS="$CXXFLAGS -std=c++11" + CXXFLAGS="$CXXFLAGS -D_FORTIFY_SOURCE=2 -O2" + CXXFLAGS="$CXXFLAGS -fstack-protector" PHP_REQUIRE_CXX() PHP_ADD_LIBRARY(stdc++, 1, PDO_SQLSRV_SHARED_LIBADD) PHP_ADD_LIBRARY(odbc, 1, PDO_SQLSRV_SHARED_LIBADD) @@ -66,7 +72,3 @@ if test "$PHP_PDO_SQLSRV" != "no"; then PHP_ADD_BUILD_DIR([$ext_builddir/shared], 1) fi -#if (defined __APPLE__ && defined __MACH__) \ - MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion` \ -#endif - diff --git a/source/pdo_sqlsrv/config.w32 b/source/pdo_sqlsrv/config.w32 index f197d1cb..dea793d4 100644 --- a/source/pdo_sqlsrv/config.w32 +++ b/source/pdo_sqlsrv/config.w32 @@ -34,6 +34,7 @@ if( PHP_PDO_SQLSRV != "no" ) { ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/EHsc" ); ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/GS" ); ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/Zi" ); + ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/O2" ); ADD_FLAG( "CFLAGS_PDO_SQLSRV", "/D ZEND_WIN32_FORCE_INLINE" ); ADD_EXTENSION_DEP('pdo_sqlsrv', 'pdo'); EXTENSION("pdo_sqlsrv", pdo_sqlsrv_src_class, PHP_PDO_SQLSRV_SHARED, "/DZEND_ENABLE_STATIC_TSRMLS_CACHE=1"); diff --git a/source/sqlsrv/config.m4 b/source/sqlsrv/config.m4 index ebf62d7f..00b815ba 100644 --- a/source/sqlsrv/config.m4 +++ b/source/sqlsrv/config.m4 @@ -27,9 +27,16 @@ if test "$PHP_SQLSRV" != "no"; then else AC_MSG_ERROR([Cannot find SQLSRV headers]) fi - AC_MSG_RESULT($sqlsrv_inc_path) - + AC_MSG_RESULT($sqlsrv_inc_path) + + HOST_OS_ARCH=`uname` + if test "${HOST_OS_ARCH}" = "Darwin"; then + MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion` + fi + CXXFLAGS="$CXXFLAGS -std=c++11" + CXXFLAGS="$CXXFLAGS -D_FORTIFY_SOURCE=2 -O2" + CXXFLAGS="$CXXFLAGS -fstack-protector" PHP_REQUIRE_CXX() PHP_ADD_LIBRARY(stdc++, 1, SQLSRV_SHARED_LIBADD) PHP_ADD_LIBRARY(odbc, 1, SQLSRV_SHARED_LIBADD) @@ -40,8 +47,3 @@ if test "$PHP_SQLSRV" != "no"; then PHP_NEW_EXTENSION(sqlsrv, $sqlsrv_src_class $shared_src_class, $ext_shared,,-std=c++11) PHP_ADD_BUILD_DIR([$ext_builddir/shared], 1) fi - -#if (defined __APPLE__ && defined __MACH__) \ - MACOSX_DEPLOYMENT_TARGET=`sw_vers -productVersion` \ -#endif - diff --git a/source/sqlsrv/config.w32 b/source/sqlsrv/config.w32 index 82e306f5..811602fe 100644 --- a/source/sqlsrv/config.w32 +++ b/source/sqlsrv/config.w32 @@ -35,6 +35,7 @@ if( PHP_SQLSRV != "no" ) { ADD_FLAG( "CFLAGS_SQLSRV", "/EHsc" ); ADD_FLAG( "CFLAGS_SQLSRV", "/GS" ); ADD_FLAG( "CFLAGS_SQLSRV", "/Zi" ); + ADD_FLAG( "CFLAGS_SQLSRV", "/O2" ); EXTENSION("sqlsrv", sqlsrv_src_class , PHP_SQLSRV_SHARED, "/DZEND_ENABLE_STATIC_TSRMLS_CACHE=1"); } else { WARNING("sqlsrv not enabled; libraries and headers not found");