1dnl
2dnl Useful macros for autoconf to check for ssp-patched gcc
3dnl 1.0 - September 2003 - Tiago Sousa <mirage@kaotik.org>
4dnl 1.1 - August 2006 - Ted Percival <ted@midg3t.net>
5dnl     * Stricter language checking (C or C++)
6dnl     * Adds GCC_STACK_PROTECT_LIB to add -lssp to LDFLAGS as necessary
7dnl     * Caches all results
8dnl     * Uses macros to ensure correct ouput in quiet/silent mode
9dnl 1.2 - April 2007 - Ted Percival <ted@midg3t.net>
10dnl     * Added GCC_STACK_PROTECTOR macro for simpler (one-line) invocation
11dnl     * GCC_STACK_PROTECT_LIB now adds -lssp to LIBS rather than LDFLAGS
12dnl
13dnl About ssp:
14dnl GCC extension for protecting applications from stack-smashing attacks
15dnl http://www.research.ibm.com/trl/projects/security/ssp/
16dnl
17dnl Usage:
18dnl Most people will simply call GCC_STACK_PROTECTOR.
19dnl If you only use one of C or C++, you can save time by only calling the
20dnl macro appropriate for that language. In that case you should also call
21dnl GCC_STACK_PROTECT_LIB first.
22dnl
23dnl GCC_STACK_PROTECTOR
24dnl Tries to turn on stack protection for C and C++ by calling the following
25dnl three macros with the right languages.
26dnl
27dnl GCC_STACK_PROTECT_CC
28dnl checks -fstack-protector with the C compiler, if it exists then updates
29dnl CFLAGS and defines ENABLE_SSP_CC
30dnl
31dnl GCC_STACK_PROTECT_CXX
32dnl checks -fstack-protector with the C++ compiler, if it exists then updates
33dnl CXXFLAGS and defines ENABLE_SSP_CXX
34dnl
35dnl GCC_STACK_PROTECT_LIB
36dnl adds -lssp to LIBS if it is available
37dnl ssp is usually provided as part of libc, but was previously a separate lib
38dnl It does not hurt to add -lssp even if libc provides SSP - in that case
39dnl libssp will simply be ignored.
40dnl
41
42AC_DEFUN([GCC_STACK_PROTECT_LIB],[
43  AC_CACHE_CHECK([whether libssp exists], ssp_cv_lib,
44    [ssp_old_libs="$LIBS"
45     LIBS="$LIBS -lssp"
46     AC_TRY_LINK(,, ssp_cv_lib=yes, ssp_cv_lib=no)
47     LIBS="$ssp_old_libs"
48    ])
49  if test $ssp_cv_lib = yes; then
50    LIBS="$LIBS -lssp"
51  fi
52])
53
54AC_DEFUN([GCC_STACK_PROTECT_CC],[
55  AC_LANG_ASSERT(C)
56  if test "X$CC" != "X"; then
57    AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector],
58      ssp_cv_cc,
59      [ssp_old_cflags="$CFLAGS"
60       CFLAGS="$CFLAGS -fstack-protector -Werror"
61       AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no)
62       CFLAGS="$ssp_old_cflags"
63      ])
64    if test $ssp_cv_cc = yes; then
65      CFLAGS="$CFLAGS -fstack-protector"
66      AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.])
67    fi
68  fi
69])
70
71AC_DEFUN([GCC_STACK_PROTECT_CXX],[
72  AC_LANG_ASSERT(C++)
73  if test "X$CXX" != "X"; then
74    AC_CACHE_CHECK([whether ${CXX} accepts -fstack-protector],
75      ssp_cv_cxx,
76      [ssp_old_cxxflags="$CXXFLAGS"
77       CXXFLAGS="$CXXFLAGS -fstack-protector -Werror"
78       AC_TRY_COMPILE(,, ssp_cv_cxx=yes, ssp_cv_cxx=no)
79       CXXFLAGS="$ssp_old_cxxflags"
80      ])
81    if test $ssp_cv_cxx = yes; then
82      CXXFLAGS="$CXXFLAGS -fstack-protector"
83      AC_DEFINE([ENABLE_SSP_CXX], 1, [Define if SSP C++ support is enabled.])
84    fi
85  fi
86])
87
88AC_DEFUN([GCC_STACK_PROTECTOR],[
89  GCC_STACK_PROTECT_LIB
90
91  AC_LANG_PUSH([C])
92  GCC_STACK_PROTECT_CC
93  AC_LANG_POP([C])
94
95  AC_LANG_PUSH([C++])
96  GCC_STACK_PROTECT_CXX
97  AC_LANG_POP([C++])
98])
99
100