From 81f25a1848cca07a744f684f95f98cff409ab606 Mon Sep 17 00:00:00 2001 From: Alex Halderman Date: Tue, 20 Aug 2013 12:01:01 -0400 Subject: [PATCH 01/10] Fix unrecognized option errors when building with older versions of GCC (Issue #23). This approach suggested by ppannuto. --- src/Makefile | 6 ++++-- src/zopt_compat.c | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 src/zopt_compat.c diff --git a/src/Makefile b/src/Makefile index 5848a66..14498af 100644 --- a/src/Makefile +++ b/src/Makefile @@ -16,7 +16,7 @@ bindir=$(PREFIX)/sbin GCCWARNINGS = -Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef \ -Wpointer-arith \ -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment \ --Wformat=2 -Wwrite-strings -Wredundant-decls -Wno-unused-but-set-variable \ +-Wformat=2 -Wwrite-strings -Wredundant-decls \ -Wnested-externs -Wbad-function-cast -Winit-self \ -Wmissing-field-initializers \ -Waddress -Wmissing-noreturn -Wnormalized=id \ @@ -33,7 +33,7 @@ LDFLAGS+=$(EXTRALDFLAGS) modules=module_tcp_synscan.o module_icmp_echo.o module_udp.o #ADD YOUR MODULE HERE -objects=constraint.o blacklist.o cyclic.o logger.o send.o recv.o state.o monitor.o zopt.o zmap.o random.o output_modules.o module_simple_file.o module_extended_file.o packet.o probe_modules.o ${modules} validate.o rijndael-alg-fst.o get_gateway.o aesrand.o +objects=constraint.o blacklist.o cyclic.o logger.o send.o recv.o state.o monitor.o zopt_compat.o zmap.o random.o output_modules.o module_simple_file.o module_extended_file.o packet.o probe_modules.o ${modules} validate.o rijndael-alg-fst.o get_gateway.o aesrand.o ifeq ($(REDIS), true) LDLIBS+=-lhiredis @@ -48,6 +48,8 @@ $(TARGETS): zmap: $(objects) +zopt_compat.o: zopt.c + zopt.c zopt.h: zopt.ggo gengetopt -C --no-help --no-version -i $^ -F $* diff --git a/src/zopt_compat.c b/src/zopt_compat.c new file mode 100644 index 0000000..3dfda9d --- /dev/null +++ b/src/zopt_compat.c @@ -0,0 +1,7 @@ +#if __GNUC__ < 4 +#error "gcc version >= 4 is required" +#elif __GNUC_MINOR__ >= 6 +#pragma GCC diagnostic ignored "-Wunused-but-set-variable" +#endif + +#include "zopt.c" From b588a7dbaf551fcf99d25faf3db1727279cd23cc Mon Sep 17 00:00:00 2001 From: Alex Halderman Date: Tue, 20 Aug 2013 12:11:48 -0400 Subject: [PATCH 02/10] Clean up GCC flags Remove some redundant or repeated flags, as noted by ppannuto in Issue #23. --- src/Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Makefile b/src/Makefile index 14498af..c9ba23b 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,6 +1,6 @@ -CFLAGS+=-Wall -pedantic -Wextra -std=gnu99 -I../lib -I./ -Ioutput_modules -O2 -g -LDFLAGS+=-g -pthread -LDLIBS+= -lpcap -lgmp -lm +INCLUDE+=-I../lib -I./ -Ioutput_modules +LDFLAGS+=-pthread +LDLIBS+=-lpcap -lgmp -lm TARGETS=zmap VPATH=../lib:output_modules:probe_modules PREFIX=/usr/local @@ -13,22 +13,22 @@ bindir=$(PREFIX)/sbin # Hardening and warnings for building with gcc #M aybe add -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations #-Wold-style-definition -Wswitch-enum -GCCWARNINGS = -Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef \ +GCCWARNINGS = -Wall -pedantic -fno-strict-aliasing -Wfloat-equal -Wundef \ -Wpointer-arith \ -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment \ -Wformat=2 -Wwrite-strings -Wredundant-decls \ -Wnested-externs -Wbad-function-cast -Winit-self \ -Wmissing-field-initializers \ -Waddress -Wmissing-noreturn -Wnormalized=id \ --Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds \ +-Wstrict-overflow=1 -Wextra \ -Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wno-format-nonliteral -Wno-format-y2k GCCHARDENING=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv -fPIC --param ssp-buffer-size=1 LDHARDENING=-z relro -z now -EXTRACFLAGS=-g -O2 $(EXTRA_CFLAGS) $(GCCHARDENING) $(GCCWARNINGS) -Werror +EXTRACFLAGS=-std=gnu99 -g -O2 $(EXTRA_CFLAGS) $(GCCHARDENING) $(GCCWARNINGS) -Werror EXTRALDFLAGS= $(LDHARDENING) -CFLAGS+=-Wall $(INCLUDE) $(EXTRACFLAGS) +CFLAGS+=$(INCLUDE) $(EXTRACFLAGS) LDFLAGS+=$(EXTRALDFLAGS) modules=module_tcp_synscan.o module_icmp_echo.o module_udp.o #ADD YOUR MODULE HERE From f34343a887ff4a9e5de48e02206554981e936692 Mon Sep 17 00:00:00 2001 From: Alex Halderman Date: Tue, 20 Aug 2013 12:20:53 -0400 Subject: [PATCH 03/10] Clean up Makefile success output --- src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile index c9ba23b..c974eff 100644 --- a/src/Makefile +++ b/src/Makefile @@ -57,7 +57,7 @@ install: zmap $(INSTALL) zmap $(bindir)/zmap test -d /etc/zmap || (mkdir /etc/zmap && $(INSTALLDATA) ../conf/* /etc/zmap/) $(INSTALLDATA) ./zmap.1 $(mandir) - echo "\n\n\n\n**************\nSuccess! ZMap is installed. Try running (as root):\nzmap -p 80 -N 10 -B 1M -o -\n**************" + @echo "\n**************\nSuccess! ZMap is installed. Try running (as root):\nzmap -p 80 -N 10 -B 1M -o -\n**************" clean: -rm -f $(objects) $(TARGETS) From 9200992976f93fe39174208d6829047bfcf0417a Mon Sep 17 00:00:00 2001 From: Alex Halderman Date: Tue, 20 Aug 2013 12:23:12 -0400 Subject: [PATCH 04/10] Remove Redis objects on make clean Resolves Issue #33. --- src/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile index c974eff..9baeba2 100644 --- a/src/Makefile +++ b/src/Makefile @@ -34,10 +34,11 @@ LDFLAGS+=$(EXTRALDFLAGS) modules=module_tcp_synscan.o module_icmp_echo.o module_udp.o #ADD YOUR MODULE HERE objects=constraint.o blacklist.o cyclic.o logger.o send.o recv.o state.o monitor.o zopt_compat.o zmap.o random.o output_modules.o module_simple_file.o module_extended_file.o packet.o probe_modules.o ${modules} validate.o rijndael-alg-fst.o get_gateway.o aesrand.o +redis_objects=module_redis.o redis.o ifeq ($(REDIS), true) LDLIBS+=-lhiredis - objects+=module_redis.o redis.o + objects+=$(redis_objects) CFLAGS+=-DREDIS endif @@ -60,7 +61,7 @@ install: zmap @echo "\n**************\nSuccess! ZMap is installed. Try running (as root):\nzmap -p 80 -N 10 -B 1M -o -\n**************" clean: - -rm -f $(objects) $(TARGETS) + -rm -f $(objects) $(redis_objects) $(TARGETS) .PHONY: install clean From 5e4143973dc71207f087005ee0891b2c86499eae Mon Sep 17 00:00:00 2001 From: Alex Halderman Date: Tue, 20 Aug 2013 13:05:47 -0400 Subject: [PATCH 05/10] Undefine _FORTIFY_SOURCE before defining it, in case it's set by the distro. Fixes Issue #7. --- src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile index 9baeba2..97dd119 100644 --- a/src/Makefile +++ b/src/Makefile @@ -22,7 +22,7 @@ GCCWARNINGS = -Wall -pedantic -fno-strict-aliasing -Wfloat-equal -Wundef \ -Waddress -Wmissing-noreturn -Wnormalized=id \ -Wstrict-overflow=1 -Wextra \ -Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wno-format-nonliteral -Wno-format-y2k -GCCHARDENING=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv -fPIC --param ssp-buffer-size=1 +GCCHARDENING=-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv -fPIC --param ssp-buffer-size=1 LDHARDENING=-z relro -z now EXTRACFLAGS=-std=gnu99 -g -O2 $(EXTRA_CFLAGS) $(GCCHARDENING) $(GCCWARNINGS) -Werror From 853524c2aee808306c6f026d22e55d3f90a57da8 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 20 Aug 2013 19:24:18 -0400 Subject: [PATCH 06/10] remove redundant -Ws from Makefile --- src/Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/Makefile b/src/Makefile index 97dd119..ff65bab 100644 --- a/src/Makefile +++ b/src/Makefile @@ -11,17 +11,15 @@ mandir=/usr/share/man/man1/ bindir=$(PREFIX)/sbin # Hardening and warnings for building with gcc -#M aybe add -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -#-Wold-style-definition -Wswitch-enum -GCCWARNINGS = -Wall -pedantic -fno-strict-aliasing -Wfloat-equal -Wundef \ --Wpointer-arith \ --Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment \ --Wformat=2 -Wwrite-strings -Wredundant-decls \ +# Maybe add -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations +GCCWARNINGS = -Wall -Wformat=2 -Wno-format-nonliteral\ +-pedantic -fno-strict-aliasing \ +-Wextra \ +-Wfloat-equal -Wundef -Wwrite-strings -Wredundant-decls \ -Wnested-externs -Wbad-function-cast -Winit-self \ --Wmissing-field-initializers \ --Waddress -Wmissing-noreturn -Wnormalized=id \ --Wstrict-overflow=1 -Wextra \ --Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wno-format-nonliteral -Wno-format-y2k +-Wmissing-noreturn -Wnormalized=id \ +-Wstack-protector + GCCHARDENING=-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv -fPIC --param ssp-buffer-size=1 LDHARDENING=-z relro -z now From c6fc67288a63d143851171d871ae06fa90baa54f Mon Sep 17 00:00:00 2001 From: Jim Cheetham Date: Tue, 20 Aug 2013 21:53:37 -0400 Subject: [PATCH 07/10] Install man files under $(PREFIX) --- src/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile index ff65bab..3610c73 100644 --- a/src/Makefile +++ b/src/Makefile @@ -7,7 +7,7 @@ PREFIX=/usr/local INSTALL=install INSTALLDATA=install -m 644 -mandir=/usr/share/man/man1/ +mandir=$(PREFIX)/man/man1/ bindir=$(PREFIX)/sbin # Hardening and warnings for building with gcc @@ -55,6 +55,7 @@ zopt.c zopt.h: zopt.ggo install: zmap $(INSTALL) zmap $(bindir)/zmap test -d /etc/zmap || (mkdir /etc/zmap && $(INSTALLDATA) ../conf/* /etc/zmap/) + test -d $(mandir) || mkdir -p $(mandir) $(INSTALLDATA) ./zmap.1 $(mandir) @echo "\n**************\nSuccess! ZMap is installed. Try running (as root):\nzmap -p 80 -N 10 -B 1M -o -\n**************" From 4ec783f74892eed3c02426f0dddfd2b6a0922dda Mon Sep 17 00:00:00 2001 From: Christopher Meng Date: Thu, 22 Aug 2013 13:40:19 +0800 Subject: [PATCH 08/10] $(EXTRA_CFLAGS) FOR RPM %{optflags} We RPM packaging system need to use optflags for secure building, and of course will override the flags you've defined. However the current one is not good, we should leave it to the end of the flags queue. [rpmaker@fab SPECS]$ rpm -E %{optflags} -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables --- src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile index ff65bab..45d7b37 100644 --- a/src/Makefile +++ b/src/Makefile @@ -23,7 +23,7 @@ GCCWARNINGS = -Wall -Wformat=2 -Wno-format-nonliteral\ GCCHARDENING=-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all -fwrapv -fPIC --param ssp-buffer-size=1 LDHARDENING=-z relro -z now -EXTRACFLAGS=-std=gnu99 -g -O2 $(EXTRA_CFLAGS) $(GCCHARDENING) $(GCCWARNINGS) -Werror +EXTRACFLAGS=-std=gnu99 -g -O2 $(GCCHARDENING) $(GCCWARNINGS) $(EXTRA_CFLAGS) -Werror EXTRALDFLAGS= $(LDHARDENING) CFLAGS+=$(INCLUDE) $(EXTRACFLAGS) From 0d3ad52ee04162fb7e68b02ed1ac81c790d1133b Mon Sep 17 00:00:00 2001 From: zakird Date: Mon, 26 Aug 2013 12:26:01 -0400 Subject: [PATCH 09/10] fixing header guards close issue #48 --- src/aesrand.h | 4 ++-- src/cyclic.h | 4 ++-- src/get_gateway.h | 4 ++-- src/monitor.h | 4 ++-- src/output_modules/output_modules.h | 4 ++-- src/probe_modules/packet.h | 4 ++-- src/probe_modules/probe_modules.h | 4 ++-- src/recv.h | 4 ++-- src/send.h | 4 ++-- src/state.h | 4 ++-- src/validate.h | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/aesrand.h b/src/aesrand.h index 2d3dedb..352c14a 100644 --- a/src/aesrand.h +++ b/src/aesrand.h @@ -8,8 +8,8 @@ #include -#ifndef _AESRAND_H -#define _AESRAND_H +#ifndef AESRAND_H +#define AESRAND_H void aesrand_init(uint32_t seed); diff --git a/src/cyclic.h b/src/cyclic.h index f7bb7a2..f7f7387 100644 --- a/src/cyclic.h +++ b/src/cyclic.h @@ -8,8 +8,8 @@ #include -#ifndef _CYCLIC_H -#define _CYCLIC_H +#ifndef CYCLIC_H +#define CYCLIC_H int cyclic_init(uint32_t, uint32_t); diff --git a/src/get_gateway.h b/src/get_gateway.h index 398e3e1..ba5098b 100644 --- a/src/get_gateway.h +++ b/src/get_gateway.h @@ -6,8 +6,8 @@ * of the License at http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef _GET_GATEWAY_H -#define _GET_GATEWAY_H +#ifndef GET_GATEWAY_H +#define GET_GATEWAY_H #include diff --git a/src/monitor.h b/src/monitor.h index c8bd9fb..9dcc673 100644 --- a/src/monitor.h +++ b/src/monitor.h @@ -6,8 +6,8 @@ * of the License at http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef _MONITOR_H -#define _MONITOR_H +#ifndef MONITOR_H +#define MONITOR_H void monitor_run(); diff --git a/src/output_modules/output_modules.h b/src/output_modules/output_modules.h index bfda3f4..9e51927 100644 --- a/src/output_modules/output_modules.h +++ b/src/output_modules/output_modules.h @@ -6,8 +6,8 @@ * of the License at http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef HEADER_OUTPUT_MODULES_H -#define HEADER_OUTPUT_MODULES_H +#ifndef OUTPUT_MODULES_H +#define OUTPUT_MODULES_H #include "../state.h" diff --git a/src/probe_modules/packet.h b/src/probe_modules/packet.h index 20f50c2..cca30b6 100644 --- a/src/probe_modules/packet.h +++ b/src/probe_modules/packet.h @@ -6,8 +6,8 @@ #include #include -#ifndef HEADER_ZMAP_PACKET_H -#define HEADER_ZMAP_PACKET_H +#ifndef PACKET_H +#define PACKET_H #define MAX_PACKET_SIZE 4096 diff --git a/src/probe_modules/probe_modules.h b/src/probe_modules/probe_modules.h index 18f8438..ff23611 100644 --- a/src/probe_modules/probe_modules.h +++ b/src/probe_modules/probe_modules.h @@ -1,7 +1,7 @@ #include "../state.h" -#ifndef HEADER_PROBE_MODULES_H -#define HEADER_PROBE_MODULES_H +#ifndef PROBE_MODULES_H +#define PROBE_MODULES_H typedef struct probe_response_type { const uint8_t is_success; diff --git a/src/recv.h b/src/recv.h index 8befea5..3c6f055 100644 --- a/src/recv.h +++ b/src/recv.h @@ -6,8 +6,8 @@ * of the License at http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef _RECV_H -#define _RECV_H +#ifndef RECV_H +#define RECV_H int recv_update_pcap_stats(void); int recv_run(pthread_mutex_t *recv_ready_mutex); diff --git a/src/send.h b/src/send.h index 5116e45..1b96120 100644 --- a/src/send.h +++ b/src/send.h @@ -6,8 +6,8 @@ * of the License at http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef _SEND_H -#define _SEND_H +#ifndef SEND_H +#define SEND_H int send_init(void); int send_run(void); diff --git a/src/state.h b/src/state.h index f1c967e..8c14288 100644 --- a/src/state.h +++ b/src/state.h @@ -13,8 +13,8 @@ #include #include -#ifndef _STATE_H -#define _STATE_H +#ifndef STATE_H +#define STATE_H #define MAX_PACKET_SIZE 4096 diff --git a/src/validate.h b/src/validate.h index e1b0230..4eb6362 100644 --- a/src/validate.h +++ b/src/validate.h @@ -6,8 +6,8 @@ * of the License at http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef _VALIDATE_H -#define _VALIDATE_H +#ifndef VALIDATE_H +#define VALIDATE_H #define VALIDATE_BYTES 16 From 0d125d18e383c6bf983fd39678c661cf11fdc618 Mon Sep 17 00:00:00 2001 From: zakird Date: Mon, 26 Aug 2013 14:30:02 -0400 Subject: [PATCH 10/10] fixing .h protectors in lib/* --- lib/blacklist.h | 4 ++-- lib/constraint.h | 4 ++-- lib/logger.h | 4 ++-- lib/random.h | 4 ++-- lib/redis.h | 4 ++-- lib/rijndael-alg-fst.h | 6 +++--- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/blacklist.h b/lib/blacklist.h index 5604171..80a44fc 100644 --- a/lib/blacklist.h +++ b/lib/blacklist.h @@ -1,7 +1,7 @@ #include -#ifndef _BLACKLIST_H -#define _BLACKLIST_H +#ifndef BLACKLIST_H +#define BLACKLIST_H int blacklist_is_allowed(uint32_t s_addr); void blacklist_prefix(char *ip, int prefix_len); diff --git a/lib/constraint.h b/lib/constraint.h index 3e914a3..2170f8f 100644 --- a/lib/constraint.h +++ b/lib/constraint.h @@ -1,5 +1,5 @@ -#ifndef _CONSTRAINT_H -#define _CONSTRAINT_H +#ifndef CONSTRAINT_H +#define CONSTRAINT_H typedef struct _constraint constraint_t; typedef int value_t; diff --git a/lib/logger.h b/lib/logger.h index 8cf2a9f..a961ac3 100644 --- a/lib/logger.h +++ b/lib/logger.h @@ -1,8 +1,8 @@ #include #include -#ifndef _LOGGER_H -#define _LOGGER_H +#ifndef LOGGER_H +#define LOGGER_H enum LogLevel { LOG_FATAL, LOG_ERROR, LOG_WARN, LOG_INFO, LOG_DEBUG, LOG_TRACE, NUM_LOGLEVELS }; diff --git a/lib/random.h b/lib/random.h index d83b14d..b05a5d6 100644 --- a/lib/random.h +++ b/lib/random.h @@ -1,8 +1,8 @@ #include #include -#ifndef _RANDOM_H -#define _RANDOM_H +#ifndef RANDOM_H +#define RANDOM_H int random_bytes(void *dst, size_t n); diff --git a/lib/redis.h b/lib/redis.h index 51a1a7f..229136c 100644 --- a/lib/redis.h +++ b/lib/redis.h @@ -2,8 +2,8 @@ #include #include -#ifndef _REDIS_ZHELPERS_H -#define _REDIS_ZHELPERS_H +#ifndef REDIS_ZHELPERS_H +#define REDIS_ZHELPERS_H int redis_init(void); diff --git a/lib/rijndael-alg-fst.h b/lib/rijndael-alg-fst.h index 2c3396e..4a8bd5a 100644 --- a/lib/rijndael-alg-fst.h +++ b/lib/rijndael-alg-fst.h @@ -23,8 +23,8 @@ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef __RIJNDAEL_ALG_FST_H -#define __RIJNDAEL_ALG_FST_H +#ifndef RIJNDAEL_ALG_FST_H +#define RIJNDAEL_ALG_FST_H #define MAXKC (256/32) #define MAXKB (256/8) @@ -44,4 +44,4 @@ void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], in void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds); #endif /* INTERMEDIATE_VALUE_KAT */ -#endif /* __RIJNDAEL_ALG_FST_H */ +#endif /* RIJNDAEL_ALG_FST_H */